IT Central Station is now PeerSpot: Here's why

Trustwave DbProtect OverviewUNIXBusinessApplication

Trustwave DbProtect is #6 ranked solution in top Database Security tools. PeerSpot users give Trustwave DbProtect an average rating of 8.0 out of 10. Trustwave DbProtect is most commonly compared to Oracle Audit Vault: Trustwave DbProtect vs Oracle Audit Vault. Trustwave DbProtect is popular among the large enterprise segment, accounting for 73% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 29% of all views.
What is Trustwave DbProtect?

Trustwave DbProtect is a security platform designed for consistent monitoring and management of enterprise databases within the data center.

Built on a centrally managed and distributed architecture, DbProtect uncovers database weaknesses. This includes configuration mistakes, identification and access control issues, missing patches, or any toxic combination of settings that could lead to escalation of privileges attacks, data leakage, denial-of-service (DoS), or unauthorized modification of data held within data stores – both relational databases and big data stores.

Trustwave DbProtect was previously known as Application Security DbProtect.

Trustwave DbProtect Customers

Pax World Investments, Crest Savings Bank, Magnolia Hotels

Trustwave DbProtect Video

Archived Trustwave DbProtect Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Rashid Alsalmi - PeerSpot reviewer
Consultant at a tech services company
Reseller
An agent-based solution that provides comprehensive security and is easy to configure
Pros and Cons
  • "This solution helps our clients to monitor their database use, and detect violations of the policy."
  • "We have not been able to integrate this product with a lot of standard incident response solutions, so an open API would help in this regard."

What is our primary use case?

We are a reseller of this solution and provide it to our customers. Some of our customers are the banks.

How has it helped my organization?

This solution helps our clients to monitor their database use, and detect violations of the policy. There are three layers in the software and they are all useful. They are:

  • Vulnerability management
  • User management
  • Privileged access management

There are many filters that you can put in place to avoid any data leakage or abuse of your database. All of the features in this solution are really good.

What is most valuable?

The competitive edge is that this is an agent-based solution. We usually provide network-level solutions, but if the server is misplaced or removed then the control is gone. Since this is installed on the server itself, it is safer to use and there is more control over the database.

What needs improvement?

I think that they can do a lot more in terms of being able to control, or enforce policy, on a database. Right now they are really amazing when it comes to monitoring, but for control it is limited. I can see exactly what is going on, but I can't take action. This is true for the competition, as well.

I would like to see more coordination for incident response. We have not been able to integrate this product with a lot of standard incident response solutions, so an open API would help in this regard. Today we have to be able to take action within seconds, and this has to be done through talking to other solutions.

I think that it would also be good if they had a network-based solution because what they have right now is an endpoint-based solution. Adding this would allow them to compete better.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

The stability is good.

What do I think about the scalability of the solution?

We have only worked on smaller projects, and we have never been asked to scale up.

This solution normally has three or four users. We typically give access to the information security department, and they manage it internally. They assign credentials to OPSEC or the application security team, themselves, so we do not deal with more than one department. The customers normally ask for three or four licenses.

How are customer service and support?

We rarely have problems with this solution, but when we do then the technical support is great.

Which solution did I use previously and why did I switch?

We have had only one customer that switched to this solution after using IBM Guardium. They made the change because of the complexity. I did not have direct experience with their environment, but the customer claimed that after purchase it took months just to complete the configuration. In the end, it was simply too complicated so they abandoned it.

My experience with IBM products is that they provide a lot of flexibility to the customer, which makes them more complex. This might be good for some people in very large organizations, but for smaller banks, they find that complexity unnecessary.

How was the initial setup?

The initial setup for this solution is amazingly straightforward and simple.

We implement database protection as an isolated requirement for the customer, as opposed to providing it as part of a larger offering. In this context, the average implementation takes a week to two weeks. 

From our side, we only need one certified engineer to attend the site. This person takes cares of the whole project. On the customer's side, we usually need the cooperation of the database team, as well as the information security department. The security officer gives us the credentials required, and the database admin supports the project. Without the support of these roles, the project will fail.

What about the implementation team?

We normally do the installation with the help of a distributor in Dubai. We coordinate with them whenever we need additional engineers. We do have certified people for the product, but just to be on the safe side, we engage the distributor as well as Trustwave. Trustwave has an office in Jordan, which is the closest one.

Generally, we handle the entire installation ourselves, but we do seek help if there are issues at any point. When we have requested help from the distributor or from Trustwave, we have been very happy with them. They are quite dedicated, and we are doing a good job together.

What was our ROI?

I have not discussed ROI with my customers, but they normally renew their licenses so it seems like they are happy with the pricing.

What's my experience with pricing, setup cost, and licensing?

The licensing fees, including support, are approximately $5,000 USD per database, per year. Without support, the licensing fees are half of that, at $2,500 USD per year.

Which other solutions did I evaluate?

We evaluated IBM Guardium, and we chose this solution because it is agent-based, and you don't have to install it at the network level. You can just look at one machine, which provides for better control. Our customers have not been very responsive to it yet.

There are two or three competing products that are active in this region, and Fortinet FortiDB is another one of them that is doing quite well.

What other advice do I have?

The market here is very limited for database protection. For the past five years, we have been pushing it as a "good to have" or "nice to have" solution. However, it is now becoming an essential requirement for protecting our customers' databases.

Our customers have identified the need for database protection, but in our part of the world, it is not yet getting the attention, or budgets, that it requires. In the middle of threats and attacks on the network, people rarely look at the backend solution. They do not see the database as a "threatened" component.

We are happy with the product overall, including its features and support. Unfortunately, our market here is not quite ready for it, but we are looking for it to pick up in the near future.

Trustwave is not as visible in this region as IBM or other competing products, which is one of the issues that we have in selling the solution. At the same time, it is a good product and it is still a market leader. Overall, we don't see many problems.

My advice for anybody interested in implementing this solution is to do a POC. It is easy and not risky. Since it is something that is installed on the database server itself, it may be necessary to use a test server. In our experience, however, it is generally safe and we haven't seen any issues with it.

Overall, I'm happy with the product but it is not yet perfect.

I would rate this solution an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
it_user635430 - PeerSpot reviewer
Regional Database Administrator / Information Security Analyst at a non-profit with 5,001-10,000 employees
Vendor
I value the database activity monitoring. I would like to see better asset management, analytics, and reporting.

What is most valuable?

Database activity monitoring. The reason why this is valuable is because it helps monitor and identify any fraudulent or suspicious activities that are executed on the database.

How has it helped my organization?

With improved vulnerability analysis, critical assets are now patched in time.

What needs improvement?

Asset Management, Analytics, and Reporting. The reason why these need room for improvement is that some assets in the report sometimes report the wrong operating system names. Therefore, they give slightly inaccurate results.

For how long have I used the solution?

We have been using the solution for three years.

What do I think about the stability of the solution?

We encountered issues with stability, especially during database upgrades and migration.

What do I think about the scalability of the solution?

We didn't encounter any issues with scalability.

How are customer service and technical support?

The technical support isn't entirely the best. I would give them a rating of 6/10.

Which solution did I use previously and why did I switch?

We didn't use any previous solution.

How was the initial setup?

The initial setup was straightforward.

What's my experience with pricing, setup cost, and licensing?

For the level of product availability, it is rather costly.

Which other solutions did I evaluate?

We didn't evaluate any other products.

What other advice do I have?

I would first advise them to perform a thorough evaluation before purchasing the product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Patrick Essien - PeerSpot reviewer
Consultant Member at a financial services firm
Consultant
Provides automation functionality and ease of use.

What is most valuable?

Its automation functionality and ease of use.

How has it helped my organization?

An everyday staff member in the IT unit can use this service without having to be an expert in DB management.

What needs improvement?

Its improvement levels are not technically related, but rather marketing related.

They need a better study of the needs of other markets with respect to DbProtect. They can't just hope that a DbProtect suite made for US markets will also fit into an African market. The market indices are not always the same.

For how long have I used the solution?

I used it for two years, before termination of service with the same firm.

What do I think about the stability of the solution?

Regarding stability, I would give it a rating of 3.5/5.

What do I think about the scalability of the solution?

We almost never had scalability issues.

How are customer service and technical support?

I would give technical support a rating of 3/5.

Which solution did I use previously and why did I switch?

We did not have a previous solution.

How was the initial setup?

The setup was straightforward. In some stages, it was difficult to continue, but generally it was straightforward.

Which other solutions did I evaluate?

Our evaluation was based on the service attached to the package and customer reviews.

What other advice do I have?

Make sure the service will meet your tailored needs and your organizational expectations.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user554145 - PeerSpot reviewer
Cyber Security Engineer at a tech services company with 10,001+ employees
MSP
We have control over small databases that spring up and introduce security issues.

What is most valuable?

Scanning for databases is the most valuable feature of this solution. This is because most of the security breaches that you hear about, require some sort of insecure database within the enterprise in order to enable the data to be sent somewhere else.

How has it helped my organization?

It provided us with better control over the small databases that might spring up and introduce security issues.

What needs improvement?

A better interface to understand what network is going to be scanned.

Also, when we had two instances where we thought that the scheduled scanning was turned off and it went active, causing some network issues.

For how long have I used the solution?

I have used this solution for around two years.

What do I think about the stability of the solution?

The system that is running scans can become slow to respond. Thus, you should be able to say, don't consume more than a particular amount of resources when scanning.

What do I think about the scalability of the solution?

The interface to manage multiple systems was okay but we did not have a chance to scale the system truly to the enterprise levels, i.e., not beyond instance numbers with value greater than 10.

How are customer service and technical support?

We did not interact much with the technical support but they were helpful when needed.

Which solution did I use previously and why did I switch?

We were not using any other solution.

How was the initial setup?

The initial setup was straightforward.

Which other solutions did I evaluate?

Someone else did the bake-off; I handled the technical implementation part.

What other advice do I have?

You should go for it. Knowing what is in your enterprise and its vulnerabilities can save you from being the next headline.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user