Database Security Forum

Database Expert
Which solution is better for database security? IBM Guardium or Imperva SecureSphere Database Security? If we look at the technical aspects which one should we choose?
Ismail IsoImperva's focus is on Web Application Security, Database Security, File Security and etc.. As for the Database Security, the big difference between IBM and Imperva, Imperva is working like IPS and it has many signatures that you can protect against attacks such as database protocol attacks and SQL Injection attacks even you work with Agent or Inline/Sniff mode. Sometimes I used to write some specific signature based on database flow to block anomalies and also correlate them with custom policies. The last thing is the infrastructure. Imperva has a compact solution. 1 gateway and 1 management is more than enough to handle all traffic. But when you try to implement IBM Guardium, you need to distribute collectors for almost every 4-5 databases (depends on the transaction size). I did not use Guardium but seen some on field and I must say that I would definetely choose Imperva.
Michael-WangIMPERVA is a better choice. Because IMPERVA 1. Has more implement types. 2. Agent is an option, you need to install IMPERVA agent on DB server only if you allow local access and you want to audit such behavior. You can also config the percentage of CPU resources that IMPERVA agent can use, to prevent database crash. 3. GUI is more friendly. Guardium’s GUI is more like a design for a tech guy, and you might be better familiar with a database so that you can use the GUI well. 4. Support cloud platform such as Microsoft Azure or Amazon AWS. 5. If you have many database servers, IMPERVA might have a better price than IBM. 6. Management and Gateway both support VM, you can control VM resources as you need. VM is also easier to backup and restore. 7. Many compliance report template and policy, and maintained by IMPERVA. 8. IMPERVA also has WAF function, you can purchase it once you need. And WAF can share the same management interface. 9. Not only log behaviors, IMPERVA can provide real-time security alerts once someone trying to hack your database, perform privilege commands, access by unauthorized sources…etc. 10. You might search audit logs in real-time, and raw data stored in IMPERVA is been encrypted.
Arūnas VaitekūnasI have done assessment for both products. Performance wise both product are equal, there is no difference. However when looking into infrastructure setup, licencing and management there is a huge difference. Imperva Pros & Cons: PROS: - Simple initial setup. Works quite well out of the box. - Have rich set of predefined policies and reporting. Easy to start digging into audit data - Easy dataset management - Cost efficient appliances. Good optimizations. - Excellent health monitoring for large deployments. SOM + 10 or more MXs - Global configuration management via SOM - Alert suppression via ticket submission (flag session with valid change ref ticket) - Automatic configuration change synchronization - All configuration, including advanced configuration is done remotely without need to touch OS platform (applicable only for AGENTS) - Fairly easy troubleshooting - Modern user friendly GUI - Automatic agent load balancing within gateway cluster (v12 and up) CONS: - Reporting issues when audit policy data is higher than 50GB (New EX system can solve this problem). - Central reporting is limited and very restrictive in size (New EX system can resolve this problem). - Advanced reporting can only be done via EX system. - BUG fixing takes lot of time - Monitoring limitations in some scenarios (like Oracle Shared Server and ASO Encryption) Guardium Pros & Cons: PROS: - Ability to define any king of reports, but required knowledge of SQL language - Scheduled audit data off-shipping to central reporting console. - Central reporting is based on BigData - Agent deployment in listener mode CONS: - Extremely complicated and difficult initial setup. Impossible to do it without Guardium SME onsite. - No predefined set of audit report policies. you have to create your own. - Very complicated agent registration process - Some agent configurations needs to be done only locally via shell. - Inefficient appliances. Requires lots of RAM due to RDBMS is used for data collection. Example (Imperva needs 8GB RAM vs Guardium 32GB. this is just to service same amount of monitored DB hosts) - Global configuration management is not possible via single location. Policies and configurations are tuned either in manager of collector. - Very difficult to scale - While resiliency is possible, session persistence is not available (at least in v10.1). - Data Interface Discovery has lots of bugs (should be fixed in v10.2 and up). - Security/Audit Policy changes not synchronized automatically unless you make a workaround by building scheduled job. - Global infrastructure reporting is not possible unless you have central reporting console. Still data delay is more than 5 min. and you have to define which fields you want to feed. - Alert/Violation suppression via ticket submission is not possible, at least in v10.1 - Dynamic dataset from external source is possible, but very difficult to implement. - Multi dataset match is not possible, building dataset from multiple datasets kind of possible. but involves building tens of additional processes. if something goes wrong will be very hard to identify where is the issue. - very difficult to scale - expensive licenses - GUI is not user friendly and very difficult to navigate. Design drops back into 1995. Menu navigation, in most cases, is done via search to find what you need until you memorize the path. SUMMARY: Both products have own strengths and weaknesses. But my prize goes to Imperva for more furnished and completeness of the DAM solution.
Ariel Lindenfeld
Sr. Director of Community
IT Central Station

Sign Up with Email