What is our primary use case?
We generally use Imperva as a database firewall and for activity monitoring.
The solution has to fit the organization first. Once we know the product is a fit, we support in the creation of reports. We look at the core users (administrators, auditors, accountants, etc.) who need to get information and we look at the responsibility matrix. Our responsibility is the database and we try to implement the total solution for an organization. This means reports are created for the specific needs of, say, IT security administrators, top management, IT guys, etc. This shows each group or individual what they need to know. We try to make it so database administrators do not have to directly interface with the solution by creating report editors and report creators based on the unique assessment of the organization.
Imperva is a high-end product and it doesn't come cheap. Most government agencies don't use it because of its expense. But those who use it, like it and it's on the wishlist of many organizations.
How has it helped my organization?
The ability to automate reports simplifies what an organization has to do. Even the in-built reports are quite useful. But customization can make the product experience very specific and efficient.
But besides that, clients like to compare industry benchmarks and establish best practices. Report analysis can help with that.
What is most valuable?
The reporting ends up being the most visible feature even though the protection and automated blocking are as valuable. The reporting is very flexible, and users can create any type of reports they want. It gives them insight into the information they need to be effective at what they are responsible for.
What needs improvement?
I think the support needs more improvement than the product. The support we get struggles a bit to provide solutions. They take additional time to respond to support requests.
The core of Imperva can sometimes be very slow. This mostly happens when you turn on many alerts, if a lot of people log-in, or if you turn on auditing. It can get noticeably slow. Performance under a heavy load is noticeably reduced.
That could be because of scalability, but most of my major issues have to do with performance. I think it's because they run an Oracle database at the backend. If they allowed the administrators to tune the back end database it might solve the issue. If the backend database is having trouble you have to call support and that takes time. It is not efficient.
Finally, they might consider reducing the licensing fee. It's a bit high compared to the competition.
For how long have I used the solution?
We have been reselling this product for five years.
What do I think about the stability of the solution?
Imperva is very stable. I think because of the core on which it is built.
What do I think about the scalability of the solution?
The Imperva solution is quite scalable. You can start by adding it to one device and then scale it to the whole organization.
We've had instances where we added a gateway and the end user didn't notice. It scales fluidly.
How are customer service and technical support?
There are different levels of support that you can contract for and it is supposed to be based on priority. In our region, the level of support — whether you have paid for premium or expanded support — you get the same level of support. There are no options for same day support or one hour support. You may still get a response within an hour no matter what level you pay for. That said, we normally pay for premium support and we have been satisfied with the service when we do that.
Which solution did I use previously and why did I switch?
Most of the time, the customers I deal with pick products which have a particular reputation. That may lead to their decision to go with Imperva.
How was the initial setup?
The initial setup was straightforward. We normally use Imperva's professional services, so that makes it very easy to deploy. We build on the knowledge gained in previous deployments, which makes it easier still.
In the deployment, we want to get up as soon as possible. We know that for a typical deployment that it is usually two weeks.
What about the implementation team?
We use Imperva's professional services for most of our deployments, but we work through a distributor data group. The services are always really good. They know the company, they know the market, they know the region where we operate from, and they know the language and the culture. The knowledge of the local environment makes everything easier in completing a proper implementation.
What was our ROI?
We don't do actual studies on return on investment. The key thing is for the product to do its job. The value of good security is practically limitless and it would be hard to define in hard dollar value.
What's my experience with pricing, setup cost, and licensing?
Licenses are yearly. We normally try to negotiate a perpetual license but separate annual support and maintenance.
The pricing over-all depends on the entry level. For example, if support and maintenance are about $20,000 - $25,000, the initial cost can be five times more. It is less expensive for the company to maintain the client than to make the deployment.
There are some additional costs for add-ons and scaling.
Which other solutions did I evaluate?
Normally, in this region, clients look at McAfee and Oracle security solutions first because of recognition. Our suggestions are normally to compare Imperva and Oracle. Clients like the reputation of Oracle because it has a large footprint and is proven in areas like databases and applications. Sometimes clients try to build database security strictly around Oracle Technology without considering other options. They are often surprised what Imperva has to offer as the name is less familiar.
What other advice do I have?
Imperva is a good product if you look at its core functionality and the way it's built. It's a newer product and very consistent. Oracle has been around a long time and may suffer from that legacy a little. If clients want a product which covers all database management systems, then Imperva can work out of the box. Ideally, you can deploy within a day or two of signing a contract. Implementation time with Imperva is much shorter than with Oracle.
I think I would rate Imperva a nine out of ten, despite the occasional performance issues. It delivers on the core functionality. If it's running well you are assured you will get the value out of it in terms of the security assurance.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.