Best Database Security Solutions, Companies & Vendors 2018
To help you find the best database security solutions, IT Central Station ranked them based on hundreds of real user reviews, from our esteemed community of enterprise technology professionals. You'll find comparisons of pricing, performance, features, stability and many other criteria. Read below to find out what your peers have to say database security products such as IBM Guardium, Imperva SecureSphere, Oracle Audit Vault and others.
The total ranking of a product, represented by the bar length, is based on a weighted aggregate score.
The score is calculated as follows: The product with the highest count in each area gets the highest available score.
(20 points for Reviews; 16 points for Views, Comparisons, and Followers.)
Every other product gets assigned points based on its total in proportion to the #1 product in
that area. For example, if a product has 80% of the number of reviews compared to the product
with the most reviews then the product's score for reviews would be 20% (weighting factor) *
80% = 16. For Average Rating, the maximum score is 32 points awarded linearly based on our
rating scale of 1-10. If a product has fewer than ten reviews, the point contribution
for Average Rating is reduced (one-third reduction in points for products with 5-9 reviews;
two-thirds reduction for products with fewer than five reviews). Reviews that are more than 24 months old,
as well as those written by resellers, are completely excluded from the ranking algorithm.
The most valuable is the GUI, the interface. It also interfaces well with REST API, if you want to automate some of the commands. Inside the GUI they've really done a lot, especially from version 9 to version 10, in how they lay it out and... more»
It has really helped identify areas that we need to fix. It also identifies, from a compliance standpoint, records we can provide. It shows us just how secure we are overall, as a company, rather than just trying to do things here and there.... more»
I'd like to see a smoother GUI interface for the CAS agent - CAS does configurations on the database - to interface better with the vulnerability assessments. I'd also like to make sure that the data sources can be more easily managed,... more»
WAF is a great security layer to protect an organization from a wide spectrum of application attacks residing in OSI layer 7. The Imperva device relies on signature-based policies, as well as on a web correlation engine. In addition, the... more»
Imperva helps you comply with data regulations such as SOX or PCI. It helps SOC analysts to enlarge the scope analysis, significantly providing great procedures to drill down into the audit or a customizable enrichment fed by several types of... more»
To have the mind at ease with a security solution has been always a chimera. Even SecureSphere suffers from some limitations, which I believe will be handled in the near future. I see two main things to improve at this point: * SSL tunnel... more»
It's another layer to help us identify, especially from audit perspectives. It's allowing us to be more proactive than reactive on alerts and access rights and types of resources that are being hit. Before, there were a lot of different... more»
The following features of the product provide additional benefits for the user: * If it's from an Oracle family, we can get quick support from Oracle support. * Reporting screens are more useful, we can get many summary reports very quickly.... more»
Before this product was used in the company, the tables with some critical presets were checked with the triggers on them. The old and new versions of the changing records were written to another table. These triggers caused the database... more»
We were using Audit Vault 10.3 before and could not migrate to the new version (AVDF 12.1 and 12.2) (because Oracle support said it was not possible) and we continued to get old Audit Vault databases when we needed old audit records, and we... more»
The most valuable feature is using the capture operation mode “S-TAP/K-TAP agent”, because all activities in the database are captured, including direct access to the database server by privileged users. This is useful because, even if the... more»
Satisfies audit requests, to give us an idea if anybody is accessing our privileged user IDs without our knowledge. We don't use any of the advanced features. Regarding other features we would like to implement, I don't deal with the actual... more»
It's more secure. The big issue is satisfying audit requirements, that is really big in our company right now. We also use Guardium to support security initiatives and compliance policies within our organization. For what we do, we need to... more»
* Our ability to see when users are accessing sensitive data. * The front-end works very well. * Gathering the data works very well. We are using quite a few of the advanced features. Some of those include some scripting for integration with... more»
One of the greatest benefits for using Guardium is our ability to monitor sensitive data. With current policy and GDPR for international, then audited compliance for monitoring access to sensitive data, it is very critical for our industry in... more»
One of the limitations that everyone who uses Guardium knows is its ability for back-end reporting. Guardium in and of itself is a big data platform. It creates big data all by itself. The ability to collect it sometimes is easier than the... more»
Some of its reporting capabilities. Guardium does a great job of capturing data and having the ability of trying to pull it out and make sense of it. Using it for business applications is its biggest capability. We use many of the advanced... more»
It has improved the way our organization functions. It has automated a bunch of manual tasks, giving us insights into activities that we would not otherwise be able to capture. We use it to support our top two security initiatives. We have... more»
Overall testing and quality need improvement. It is fairly buggy at times, so it feels like it could use additional staff on the product, testing and trying it out. I would like to see a lot of additional reporting and analytics features.... more»
I think we have a better handle on who is accessing our data. We use Guardium to support security initiatives and compliance policies within our organization. Our internal audit is keeping an eye out, and making sure that we're in compliance.... more»
The one thing that I would like to see improved, but I don't think it's going to be in the next release, is its reporting capabilities. I think that's been offloaded to another third-party product that I think IBM actually endorses for that.... more»
In terms of advanced features, we are using the Database Activity Monitoring and the Vulnerability Assessment as well. Now we are thinking of using the GDPR because that's going to be a compliance as well. So some but not all of them.
We use Guardium to support security initiatives and compliance policies within the organization. For example, an audit comes in once every three months or six months. In that case they ask specific questions and they say, "Hey, just check the... more»
Initially it did not have support external applications like, say, Tableau, ServiceNow, Remedy, and the like. They have started growing into it, but I would like to have more and more integration with outside applications. So that, let's say... more»
The two most valuable features of this product are: * Database access control * Auditing of users First of all, it is very easy to configure users and their appropriate roles and permissions on a database. The product allows us to set rules... more»
Information technology outsourcing: Audit Vault and Database Firewall has helped us in many ways; specifically, to restrict and control access to data. It also has helped us identify/recover from many accidental transactions. The product has... more»
According to Oracle, the best practice is that Audit Vault Server and DB Firewall should be deployed on different boxes (servers). There is no option to co-locate them together. If you wish to deploy AV server and Database Firewall, you will... more»
Reports and alerts are most valuable to us. Management wanted complete traceability of non-DBAs accessing databases using a database power user account. With the help of Audit Vault custom alerts, we were able to control this with 100%... more»
Some major improvements in organizational operations: * Our organization has a complete alert and control mechanism to identify unauthorized access of PROD databases. * Compliance with United States government security and audit standards. *... more»
Large scope of improvements: * A method to group targets (databases generating audit files) logically is missing; for example, PROD, QA, UAT & DEV targets. * An alert mechanism based on logical grouping is missing. * A simplified graphic... more»
Oracle Database Firewall, Database Vault and Data hiding tools present a layered security approach to protecting, controlling, auditing and hiding sensitive data and access to sensitive data. The following key features make this product a... more»
Oracle Audit Vault and Database Firewall expands protection beyond Oracle and third party databases with support for auditing the operating system, directories and custom sources. Our client needed a product which can provide a holistic... more»
Although Oracle Audit Vault and Database Firewall serves as a critical detective and preventive control to protect against the abuse of legitimate access to databases responsible for almost all data breaches and cyber attacks, using Database... more»
It was instrumental in scanning a large inventory of databases to identify sensitive data. Using Imperva Assessment scans, we were able to identify SHR, PII & confidential data sources in a large inventory of database systems. This helped... more»
I would like to see a better web management console; the UI is not very intuitive, unless you really know what you’re doing. And scan error details should be readable from the web console, instead of running Unix commands on the backend... more»
It makes the auditors happy. It does not require our involvement to run it. It runs in the background and the people that do the reporting do so. The reports go to the directors who are in charge of the various data areas. It's pretty clean.... more»
We used to use cobbled-together scripts, different products and different pieces on different platforms. This is one consolidated tool so one report comes out for each director and it's clean and easy. There is some scripting involved to tell... more»
Idera SQL Secure provides printable reports along with advice on how security settings should be configured. That in itself allows for more clear and detailed discussions with the organization’s auditing/compliance, as you move towards... more»
We were about to receive a group level audit when we deployed Idera SQL Secure. In a previous audit, we had received some bad ratings and advice on security for our SQL Server instances. Idera SQL Secure comes bundled with the best practices... more»
Before SecureSphere was used, the native auditing tools were used, and now there is a segregation of duties when managing audit data from DBAs and DBS teams. It is a much more secure way to have audit data from databases and to monitor... more»
All areas of this product have room for improvement. There are a lot of things that can be improved if you want this to run in a corporate environment with thousands of database servers. If your database server count is low, it is a fine... more»
The most valuable features of this product are auditing the old and new values after each change in the database, REDO_COLL and capturing application context functionalities. REDO_COLL is a function provided by Oracle Audit Vault where the... more»
Auditing as an imperative function of any Enterprise company. We require the audit logs for compliance needs and for tighter control of the infrastructure. Being in the Health Insurance industry and handling PHI & PII data, there are... more»
The price factor makes it “out of reach" for small players in the IT industry. Even the SaaS model is very expensive. SaaS is an alternative hosting model where Oracle hosts the audit vault in their data center and installs audit collection... more»
Heterogeneous support for data activity monitoring. I have not been able to find any other product that can monitor as many platforms from one application. Guardium can monitor Windows servers, Linux, Unix, mainframe, and big data... more»
We now have one go-to application for all data monitoring. This has decreased the number of skills needed and enabled a faster route to compliance. Reporting is automated and activity alerts are routed to the appropriate responders.
While Guardium is great at structured monitoring (DAM), the product is lacking features on the file activity side (FAM). We would also like to see tighter integration with Active Directory and Exchange monitoring.
* Quick search * Ability to define reports based on SQL query, especially when you have complex report criteria. * Stream audit data to 2 collectors simultaneously. * GIM passive install. You can connect GIM from Colletor or CM when GIM is... more»
* First of all. GUI and user experience needs to be reworked from scratch. Product management console look like from 90's. * Deployment process is very complicated as you need to now all advanced parameters. Almost not possible to figure out... more»
I am a Security person and have titles like Security Officer, Security Manager, Säkerhetschef and Säkerhetsskyddschef, these are only titles and not limitations.
My last twenty years has been a road that started with Novell and now i live in the Cloud.
Security in all forms have always been... more>>
My focus is on everything related to Database and *nix System Administration and around this topic:
- Implementing Oracle database environments of any complexity
- Database operations and keep system running
- Database and SQL performance tuning
- Database troubleshooting
- Database... more>>
Assist certain government agencies in areas of data loss management prevention and recovery
Champion the cause of identification management best practices in relation to IT security and open place security in West Africa
High network partnerships with internationally... more>>