We utilise the following components:
- Database activity monitoring of Oracle/SQL/Sybase databases - we did have UDB running, but that was decommissioned
- Assessment scans using mostly custom checks to check for security settings - we did expand this at one point to check for best practise, but this was discontinued
Improvements to My Organization
It hasn't really improved the way we function, but it has allowed us to meet several audit issues that were outstanding for many years. We tried another product, but we found it did not meet our requirements.
Room for Improvement
- Capacity management of application needs significant improvement
- Task management functionality is pretty basic, with not a lot of functionality
- I would also like to be able to replace IP addresses with DNS names for easier recognition of host machines
- The SOM feature could also be dramatically improved to allow central management of the entire feature set
- The ability to manage lifecycle of agents could be improved via central deployment of upgraded agents
Use of Solution
I started using the database auditing/risk areas of the product in mid-2011. We use agents for monitoring database activity. We do not use the gateways for collecting data via the network.
We had several performance issues on high throughput applications due to outdated, old hardware/non-ideal settings in the agents. These were mostly on our end.
We had a few minor issues with stability, but it has not impacted our service. We did have an agent cause a reboot of a host server, but this was quickly fixed via an upgrade of the agent.
Capacity management is a major issue with the application. There is no easy way to identify when new hardware is required, or if a modification to the configuration could solve the issue. This may have been due to our method of deployment though.
Customer Service and Technical Support
We had a service provider in-between Imperva and our organisation. It did not make things easy. When dealing directly with Imperva I had good experiences with the vendor, and real issues were escalated quickly and getting access to the relevant engineering sections of the vendor was possible. Technical Support
Technical support was hit and miss. Sometimes we received excellent support, and other times it was not so good. Sometimes convincing the engineering team that there was a real problem in the software was a bit harder than it should have been. Overall, compared to other vendors, support was good.
We previously used another solution, and that product was different depending on the DBMS that was being monitored. Technical expertise in DBMS technology with that vendor was poor, so we switched..
The initial setup was easy, but some of the specific requirements we had required some work. Deploying the hardware during the initial setup did not require and specific customisation for our organisation. The audit policies and assessments obviously did require customisation, but it was relatively simple. Later on, we did find some issues that were due to the setup of the site hierarchy that was not brought to our attention until one to two years later.
We used on-site vendor engineers to support the internal implementation. Their level of expertise was excellent.
This is not relevant to the production selection, as we were required to close off auditing items.
Other Solutions Considered
We compared IBM Guardium and Imperva SecureSphere via a POC process. We did a paper evaluation of other products to choose two products for the POC.
Go through the POC process and test all ITIL processes to ensure you understand what will be required for the entire lifecycle of implementation/support. Engage with DBA teams to provide DBA support and knowledge. If it's possible, ensure there are people who understand databases on the SecureSphere support team.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
May 26 2015