Imperva SecureSphere Database Security Reviews

My team and I deploy this solution for customers. In Israel, I'm the team leader of the whole Application Security Division.

The most valuable feature of this solution is the database security policy.

Technical support for this solution needs improvement.

The stability of this solution depends on the version of the operating system, itself. Often, when a new version of the OS comes out, it is not stable by nature. Once the new patch comes out then it is fixed.

The scalability is dependent on the deployment surface. If you plan for scalability then you will have it. If you are going to a single, or one box solution, then you don't have scalability.

Technical support for this solution is insufficient. If you have a professional then you can handle it, but if you are a regular customer then it is difficult.

We have different solutions in our portfolio, including IBM Guardium and McAfee Sentrigo.

The initial setup of this solution is complex. However, I understand the complexity.

The length of the time it takes for deployment depends on the customer and their environment. It can take up to three months.

We have a team that handles the implementation and deployment of this solution for our customers. I am the team leader.

My advice for anybody implementing this solution is to know what you are doing before deploying. You need to learn the security concept of this product. You need to know what you want to protect, and then learn how to protect it. You cannot just deploy this solution and leave it like that. You need to know how to maintain this product.

Things are being constantly improved in this solution, but there is no such thing as perfect.

I would rate this solution eight out of ten.

I am using Imperva in different projects for application defense.

This solution provides analytics using rules in the application. For example, it can report who most often uses certain queries.

The most valuable feature is the protection from Botnets. The DDoS attack is one of the things that it protects against.

The functionality is very useable and easy to understand. It is also easy to update if you follow the instructions.

It would be better to update the solution by using a GUI that guides me, rather than through a CLI. It would be best if it were simply updated automatically from an admin page.

I think that the stability is fine, although sometimes the server is down.

It is easy to scale. I use only universal appliances and I know exactly how they work.

Three people use this solution on a single server for a few services.

We have contacted technical support a few times, and the experience was ok.

We did not use another solution prior to this one.

The initial setup for this solution is very easy. Just start it up, log in, and the instructions are there. It is launched from an FTP server and takes four or five hours.

We handled the implementation in-house.

It is difficult to say because it has stopped some attacks, but I have nothing to compare against when the solution was not being used. It can protect against attacks, but I cannot say how much money it has saved.

Licensing fees are on a yearly basis, and it is a good value for the money.

I was not involved in the selection of the solution.

There are many functions in this solution that I do not use at this time.

This is a fine product, and one of the best. We needed it for DDoS protection and for Botnet protection, and all of this works fine.

I would rate this solution an eight out of ten.

I use this solution to discover missing data, and to find weaknesses or miscalculations in my database standards.

One example of how this has improved my organization is with respect to security. We previously had a default passcode in place, and this is discouraged by our password policy. I was able to find this problem and solve it.

The best feature of this solution is the integration between components. It has a lot of different components that cover the needs of our customers.

The pricing for support could be improved.

Integration with other databases or third-party products would be useful.

It is a stable solution.

I think that the product is scalable.

There are five users for this solution.

I have no experience with their technical support.

I did use other tools for a short span of time.

The initial setup for this solution is straightforward.

I am not using the entire solution, so the deployment time was very short. There were five people involved in the installation.

The cost of support for this solution is very expensive.

There are no costs in addition to the standard licensing fees.

I looked at several websites and read reviews. All of them said that Imperva is the best product in this area.

My advice is to do a POC before implementing this solution.

I would rate this solution an eight out of ten.

The primary use case is specific to database security through log auditing, to identify the actions performed by various users. That gets logged. Then policies are used to see whether any action performed by a database user is below a threshold or above a threshold; whether there should there be an alert because of it.

It is used by specific teams within our organization to monitor activity, to see whether there is any malicious activity or a user who's not supposed to be performing a certain action.

It helps us look into who's doing what, particularly on databases related to critical applications. That's the way we see it as useful. We've been using it for four or five years now, and it has been bringing in the value that we expected it to.

The tool happens to be very intelligent when it comes to processing policies and sounding alerts. It allows us to implement policies and measure actions against them, raising alerts accordingly. That is the best feature.

Comparing it with other products in the market, we definitely see that Imperva SecureSphere is head-to-head with the likes of McAfee, IBM Guardium, and others. It's definitely good. The only challenge I see is that SecureSphere is deployed on servers or databases which are held on physical infrastructure. However, there are databases which are hosted on cloud platforms and Imperva has a separate tool altogether for that, not SecureSphere. If an organization is monitoring databases which are on physical as well as virtual infrastructure, running two different tools can become a problem. If that could be merged together it would be an improvement.

Having read about Imperva, I couldn't get much detail as to what their roadmap is for the future, whether they would want to merge them or not. But as a customer, if I can have one tool for various landscapes, like the databases hosted on a physical landscape as well as the virtual ones, that makes it a lot easier.

The stability has been good. In our case, we've been using it through one of our suppliers so we don't directly manage it. It's our supplier who manages it for us. The supplier happens to manage the infrastructure on which the database application or databases are hosted as well.

We don't deal with it but, getting the reports that we have been getting from our supplier, it looks pretty good as far as stability is concerned. We haven't experienced many issues. Even if there were any, it would be our supplier's responsibility to make sure that they got resolved very quickly, so they rarely come to our notice.

When it comes to scalability, as I noted, there are two different tools, one for physical infrastructure and another for virtual infrastructure.

If I want to scale it up from a physical to a virtual platform, that's certainly not a feature at this point of time. That can be a drawback. You have to look for a separate tool from the same vendor because you already have an existing tool from that vendor which is doing well. And you cannot have tools from two different vendors running on two different platforms.

We have not used technical support. Our supplier manages the tool, so we don't get in touch with Imperva if there are any issues. Our supplier does that for us.

My advice is to go to IT CentralStation and download the report on database security tools.

In general, it's all about the policies that you put into the tool to get the output. The tool itself is pretty smart. As someone who is designing the policies or the outputs or the queries, it is like putting a query into a SQL database to get the results. The better or more optimized the query is, the better output you will receive, and so it goes with this solution.

When selecting a vendor, pricing, of course, is the most important thing to look at. Then, you look at the scalability options, at how good the tool is, that it suffices your functionality requirements, and that it provides interoperability.

I rate Imperva at eight out of ten across the various areas that I just mentioned, be it interoperability, scalability, cost, or ease of installation and setup. Measuring it on each of these aspects is how I came up with my rating.

I like Imperva SecureSphere platform forms. Imperva SecureSphere is the foundation for SecureSphere data, file and web application solutions. Imperva SecureSphere is designed to work together, however can be independently deployed.

Imperva SecureSphere allows people to secure data, while seamlessly allowing the distribution of that data in an effortless manner.

SecureSphere activity log can be used with Imperva CounterBreach in an effort to protect enterprise data from theft and loss caused. Since such is core to its function, I would like to see future versions to integrate such options.

Imperva SecureSphere allows the company to adhere to data compliance requirements, and at the same time to effectively protect data from theft.

No.

No. After using Imperva SecureSphere the first few days, implementing it was second nature.

No.

Very good customer service was responsive to needs to get Imperva SecureSphere operational.

Imperva SecureSphere did not require very much tech support, but with the few issues we had, they were cured very quickly by tech support.

No.

Setting up Imperva SecureSphere was very simple, and configuration was easy.

We used in-house.

It was well worth implementing Imperva SecureSphere and found the rate of productivity increased by using it.

Compare other similar products and definitely use the free trial. I truly enjoyed using it, and recommend Imperva SecureSphere to any one who has similar needs.

No we did not.

Imperva SecureSphere provides great options to secure data and would not hesitate to use it.

• Flexibility
• Provides the option of deployment architectures

• Easy monitoring
• Protection of internet banking applications

I was working for Crescendo International, which is a small company in Romania. My primary role was in network solution integration. I was the only person in the country with experience of three deployments of Imperva products at two major banks.

• The upgrade procedure is not clear
• There is no easy rollback
• There is no possibility to select different ways for two different types of cipher suit negotiation in two arm deployments. Most of the banks now use ECDHE for PFSC.
• No SNI support

We have been using the solution for two years.

There were many stability issues with the upgrade procedure. The technical support team didn't know how to handle them.

We encountered some stability issues.

The level of technical support is bad.

We did not use a previous solution.

The initial setup was straightforward.

Please be more transparent about licensing on subscriptions such as for ThreatRadar.

We evaluated F5 Networks.

We recommend implementing it.

• Flexible deployment modes
• Custom policy creation
• Complex vision of web apps
• DB security
• Intuitive logs

We have seen our security risk decreased due to customization and meeting all the security needs for every application.

I would like to see more parameters configurable for the kernel reverse proxy.

I have used this product for eight years, on both sides; from deployment to customers and administration of the existing infrastructure.

The stabillity issues we encountered were fluently fixed.

We did not encounter any scalability issues.

Technical support was very professional and elastic.

We used to deploy a different solution. We switched due to the valuable features mentioned.

Initial setup was straighforward.

It is a good idea to invest in threat detection licenses.

We evaluated:

• WAF: F5 and Radware
• DAM: IBM Guardium

For DAM, I recommend that you invest proper resources in the business part of the project. It is very important to set expectations properly.

The most valuable features are:

• DAM Module
• Third-party data source integration: Feeds automation
• Data enrichment: Provides better data quality and session handling
• API: Used for process automation

The solution has improved our organization as follows:

• Better agent performance compared to v9.5
• Gateways are much more stable
• Gateway cluster improves resource utilization and provides better resiliency
• Offers the option to manage cluster capacity without touching the agent configuration

BUGs, BUGs, BUGs. The product is under high development and the amount of bugs is bit disappointing. The product has lots of limitations which are not clearly documented. You can only find out the limitations by engaging the support

By using this product you can have only one type of date and time format which is US format. I’m EU citizen and I prefer different date format, same for time format. I would prefer 24Hour clock instead of AM/PM.

We have been used this solution for over three years.

There were stability issues in v9.5. There are no major stability issues in v10.5.

Stability is dependent on the infrastructure. If you use hypervisor, then you need to make sure to use resources and I/O settings that are optimal for SecureSphere. Otherwise, you will end up with stability and performance issues.

There are some scalability issues. There was a hardcoded limitation in the number of MXs you can connect to SOM. In addition, the bigger the infrastructure, the bigger challenge there is to create a single audit report file.

The technical support is OK. But they have big potential to do things better.

We had a previous solution. We switched because the new requirements couldn’t be accomplished with the old solution.

The installation was quite complex. We had to integrated lots of external systems in order to make it work right.

Give it a try. Write down your requirements as detailed as possible, and perform a PoC using this list. If you find gaps that require additional development, it could take some time until you actually get it.