What is most valuable?
The database activity monitoring module used for real time database monitoring and integrated into the security event and incident monitoring solution. Most importantly for our critical legacy databases that cannot be encrypted and require real time a activity monitoring.
How has it helped my organization?
It provides a more granular monitoring of database activity at the column and row level as opposed to high level database management system logs.
What needs improvement?
The professional services and customer training aspect needs to be improved.
For how long have I used the solution?
I've used it for four years.
What was my experience with deployment of the solution?
The first implementation was not tailored to our specific requirements and the system was basically an expensive log collector until the vendors came to capture our requirements and then made modifications. This was then followed up with training.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
How are customer service and technical support?
It's moderate. Technical Support
Which solution did I use previously and why did I switch?
I used a different solution with a former employer.
How was the initial setup?
We are a large organization with about 100 critical heterogeneous database servers. This means that one configuration does not fit all, and that made the implementation very complex. Combined with protection of sensitive information that could be logged by the solution.
What about the implementation team?
We used a vendor and their level of expertise was between moderate and high.
What was our ROI?
The ROI based on the number of prevented, and detected, information security incidents can be classified as high.
Which other solutions did I evaluate?
We also looked at Sentrigo Hedgehog by McAfee.
What other advice do I have?
Ensure the vendor clearly captures your specific database monitoring requirements and that might include importing the metadata of the database for proper monitoring. Training should be included in the implementation budget as this is a very complex solution with a wide range of capabilities.