Imperva SecureSphere Database Security Reviews

Most of the configuration is out-of-the-box and it offers very granular security policies. Deployment and configuration is very easy. Once initial setup has been configured, all the rules and polices are applied automatically and we can start viewing the logs.

We are able to prevent and protect external and internal threats by using Imperva’s complete product line.

I would like to see some more granular audit logs for database activities.

I have been using it for 5-6 years.

I have not encountered any issues with deployment, stability or scalability issues. Deployment is very easy, and it offers more stability and scalability.

There are delays in responses from technical support, but you do get a response per SLA.

Initial setup was pretty straightforward.

Anyone can implement this solution if you study the guides.

It is worth the investment for retail, banking, government and IT organizations.

It is the best product for cyber security & forensic investigation for external and internal threat identification and prevention.

• Easy agent setup
• Big data
• SIEM tool integration

SecureSphere covers the legal obligations for Turkish banks. According to Turkish banking regulations, database activities (especially admins' activities) should be monitored and alerted.

Syslog size for transferring data should be increased.

I used it from September 2015-May 2016.

I remember that SecureSphere stores limited data according to the number of the data structure type that is defined in the server configuration files. If a customer does not realize this, data taken with the policy that has a max data structure type is interrupted.

The vendor’s local partners, NGN Company and Bulent Daldal, were very supportive whenever my company needed their help.

I supported NGN when SecureSphere was set up. Although I only experienced this setup process once, I can now setup SecureSphere DAM and agents on my own. I mean, it was easy and feasible with guidance.

A vendor team implemented it.

I did not evaluate other solutions, but I have heard from my clients (Deloitte clients) who have used Guardium before that SecureSphere is better.

SecureSphere fulfills so many requirements for our clients. Additionally, if they want to evaluate and correlate data more comprehensively, they can use this product with SIEM tools such as ArcSight or Splunk.

There are many features that are valuable, it depends on the purpose. If the purpose is compliance or auditing, the most valuable feature are the audit log system, as it helps you to secure an audit trail and from user to action even if the user are privileged and even if the user logs in on the physical server. If the purpose is security the most valuable feature are the way it can drop and prevent the access of sensitive table/data set by rules and policies. Lastly, if the purpose is availability, the most valuable feature is the way it can drop connections set by rules and policies.

If the purpose is compliance or auditing, ex PCI-DSS you need a system like this to pass part of the compliance. As I help customers with compliance, this is a great tool to make it all "simple" and the report part makes the lives easier for the users/auditors.

If it's used for security, this, or systems like this, are the last line of defence, and you will prevent incursions, or at least know what happened, and what was stolen.

If it is to be used to monitor availability, you will only know the real ROI if you are a victim of a large attack, then you can pat yourself on the back and say "Yay! We prevented that". This cannot be achieved solely on the Imperva system and you need the full suite of WAF.

This product needs a good team of UX people, because it's not always that understandable, and sometimes it's straight up confusing.

They did have some issues with HA and Clustered environments, but it is supposed to be fixed in v12, which I have not tested.

No issues encountered.

There are issues, but it is supposed to be fixed in v12, which I have not tested.

It's good, but it's a big company, so you need to know the paths to get the most out of it.

It's very good.

This is a complex system, and all other in the same league are just as complex. There are no workarounds to simplify it.

It's expensive, and their licensing is kind of strange, but it is what it is.

We also looked at IBM InfoSphere Guardium.

• Database activity monitoring
• Web application firewall

This product has limited attacks to the core tax collection application. It also provides audit logs for changes to the database and gives user account details.

None so far.

I've used it for over two years.

I was not around during the implementation, but reports do not show any issues noted.

None so far.

None so far. Our solution has not had bottlenecks so far

Customer service has always been available.

Technical support is rated highly.

Only a firewall was in place before. WAF was needed for web application specific protection as firewalls are not the best solution.

No issues noted in the implementation reports.

A third party vendor was used to implement the product and to get the IT security staff trained.

We have had a high ROI with this product.

Budget for licenses in synch with your financial years, and it's best to have licenses covering over a year so that planning for procurement of new licenses is done earlier. Of course, if you operate in AWS cloud, its much easier to justify as you can pay for three or more years at once.

I am not privy to procurement details, but we use Gartner as a source. Imperva is the sole leader in its field.

Implement this product across all systems running applications as access to one unprotected system can be elevated to a protected one. Also, have reports produced frequently using the tools available in the system and analyze them to know and investigate the sources of attacks the WAF has blocked. That's because they could be internal indicating a compromise or a malicious user within. Ensure that your SharePoint environment is also protected as though it may be internal, attacks can be directed at it.

The database activity monitoring module used for real time database monitoring and integrated into the security event and incident monitoring solution. Most importantly for our critical legacy databases that cannot be encrypted and require real time a activity monitoring.

It provides a more granular monitoring of database activity at the column and row level as opposed to high level database management system logs.

The professional services and customer training aspect needs to be improved.

I've used it for four years.

The first implementation was not tailored to our specific requirements and the system was basically an expensive log collector until the vendors came to capture our requirements and then made modifications. This was then followed up with training.

No issues encountered.

No issues encountered.

It's moderate.

It's moderate.

I used a different solution with a former employer.

We are a large organization with about 100 critical heterogeneous database servers. This means that one configuration does not fit all, and that made the implementation very complex. Combined with protection of sensitive information that could be logged by the solution.

We used a vendor and their level of expertise was between moderate and high.

The ROI based on the number of prevented, and detected, information security incidents can be classified as high.

We also looked at Sentrigo Hedgehog by McAfee.

Ensure the vendor clearly captures your specific database monitoring requirements and that might include importing the metadata of the database for proper monitoring. Training should be included in the implementation budget as this is a very complex solution with a wide range of capabilities.

The alerts on threats and system statuses.

I can drill down/troubleshoot errors much quicker.

Design/ease of the learning mode feature.

I have used the product for about a year.

No, the engineer did a very smooth job at deployment.

No I have not.

No I have not.

8/10.

I haven’t had an issue in the year I have used the product.

I did, and I switched because of the poor level of customer service and the solution wasn’t meeting my expectations.

The setup was pretty straightforward as right away, I was very familiar with the architecture.

Their rep did the initial setup and I shadowed him.

If I calculated the man hours trying to figure out the alerts I would say a few thousand hours a month have been saved

I did evaluate about four other similar products –

• Gardium
• Application Security
• Sentrigo
• Veracode

It's a decent product.

We utilise the following components:

1. Database activity monitoring of Oracle/SQL/Sybase databases - we did have UDB running, but that was decommissioned
2. Assessment scans using mostly custom checks to check for security settings - we did expand this at one point to check for best practise, but this was discontinued

It hasn't really improved the way we function, but it has allowed us to meet several audit issues that were outstanding for many years. We tried another product, but we found it did not meet our requirements.

• Capacity management of application needs significant improvement
• Task management functionality is pretty basic, with not a lot of functionality
• I would also like to be able to replace IP addresses with DNS names for easier recognition of host machines
• The SOM feature could also be dramatically improved to allow central management of the entire feature set
• The ability to manage lifecycle of agents could be improved via central deployment of upgraded agents

I started using the database auditing/risk areas of the product in mid-2011. We use agents for monitoring database activity. We do not use the gateways for collecting data via the network.

We had several performance issues on high throughput applications due to outdated, old hardware/non-ideal settings in the agents. These were mostly on our end.

We had a few minor issues with stability, but it has not impacted our service. We did have an agent cause a reboot of a host server, but this was quickly fixed via an upgrade of the agent.

Capacity management is a major issue with the application. There is no easy way to identify when new hardware is required, or if a modification to the configuration could solve the issue. This may have been due to our method of deployment though.

We had a service provider in-between Imperva and our organisation. It did not make things easy. When dealing directly with Imperva I had good experiences with the vendor, and real issues were escalated quickly and getting access to the relevant engineering sections of the vendor was possible.

Technical support was hit and miss. Sometimes we received excellent support, and other times it was not so good. Sometimes convincing the engineering team that there was a real problem in the software was a bit harder than it should have been. Overall, compared to other vendors, support was good.

We previously used another solution, and that product was different depending on the DBMS that was being monitored. Technical expertise in DBMS technology with that vendor was poor, so we switched..

The initial setup was easy, but some of the specific requirements we had required some work. Deploying the hardware during the initial setup did not require and specific customisation for our organisation. The audit policies and assessments obviously did require customisation, but it was relatively simple. Later on, we did find some issues that were due to the setup of the site hierarchy that was not brought to our attention until one to two years later.

We used on-site vendor engineers to support the internal implementation. Their level of expertise was excellent.

This is not relevant to the production selection, as we were required to close off auditing items.

We compared IBM Guardium and Imperva SecureSphere via a POC process. We did a paper evaluation of other products to choose two products for the POC.

Go through the POC process and test all ITIL processes to ensure you understand what will be required for the entire lifecycle of implementation/support. Engage with DBA teams to provide DBA support and knowledge. If it's possible, ensure there are people who understand databases on the SecureSphere support team.

The solution helps us with monitoring the databases, servers, and activities.

Using the product is a good experience. Database reporting features are valuable to us.

The GUI is bad. The product must focus on improving its reporting features and the dashboard.

I have been using the solution for nine months.

I rate the tool’s stability a five or six out of ten. The glitches and errors have recently been quite high because they allow connection to databases without verifying or discovering the database. We have to keep in mind that we must monitor all the time.

The scalability is pretty good. I rate it a seven out of ten.

The setup can be a little complicated.

For the pricing that the solution provides, the return on investment is good for large companies. It's quite expensive for small to medium businesses.

Overheads like physical databases and servers can be a little bit expensive. The setup and license are quite expensive.

I would not recommend the product to small and medium businesses. Overall, I rate the tool a seven out of ten.