What is most valuable?
We utilise the following components:
- Database activity monitoring of Oracle/SQL/Sybase databases - we did have UDB running, but that was decommissioned
- Assessment scans using mostly custom checks to check for security settings - we did expand this at one point to check for best practise, but this was discontinued
How has it helped my organization?
It hasn't really improved the way we function, but it has allowed us to meet several audit issues that were outstanding for many years. We tried another product, but we found it did not meet our requirements.
What needs improvement?
- Capacity management of application needs significant improvement
- Task management functionality is pretty basic, with not a lot of functionality
- I would also like to be able to replace IP addresses with DNS names for easier recognition of host machines
- The SOM feature could also be dramatically improved to allow central management of the entire feature set
- The ability to manage lifecycle of agents could be improved via central deployment of upgraded agents
For how long have I used the solution?
I started using the database auditing/risk areas of the product in mid-2011. We use agents for monitoring database activity. We do not use the gateways for collecting data via the network.
What was my experience with deployment of the solution?
We had several performance issues on high throughput applications due to outdated, old hardware/non-ideal settings in the agents. These were mostly on our end.
What do I think about the stability of the solution?
We had a few minor issues with stability, but it has not impacted our service. We did have an agent cause a reboot of a host server, but this was quickly fixed via an upgrade of the agent.
What do I think about the scalability of the solution?
Capacity management is a major issue with the application. There is no easy way to identify when new hardware is required, or if a modification to the configuration could solve the issue. This may have been due to our method of deployment though.
How are customer service and technical support?
We had a service provider in-between Imperva and our organisation. It did not make things easy. When dealing directly with Imperva I had good experiences with the vendor, and real issues were escalated quickly and getting access to the relevant engineering sections of the vendor was possible. Technical Support
Technical support was hit and miss. Sometimes we received excellent support, and other times it was not so good. Sometimes convincing the engineering team that there was a real problem in the software was a bit harder than it should have been. Overall, compared to other vendors, support was good.
Which solution did I use previously and why did I switch?
We previously used another solution, and that product was different depending on the DBMS that was being monitored. Technical expertise in DBMS technology with that vendor was poor, so we switched..
How was the initial setup?
The initial setup was easy, but some of the specific requirements we had required some work. Deploying the hardware during the initial setup did not require and specific customisation for our organisation. The audit policies and assessments obviously did require customisation, but it was relatively simple. Later on, we did find some issues that were due to the setup of the site hierarchy that was not brought to our attention until one to two years later.
What about the implementation team?
We used on-site vendor engineers to support the internal implementation. Their level of expertise was excellent.
What was our ROI?
This is not relevant to the production selection, as we were required to close off auditing items.
Which other solutions did I evaluate?
We compared IBM Guardium and Imperva SecureSphere via a POC process. We did a paper evaluation of other products to choose two products for the POC.
What other advice do I have?
Go through the POC process and test all ITIL processes to ensure you understand what will be required for the entire lifecycle of implementation/support. Engage with DBA teams to provide DBA support and knowledge. If it's possible, ensure there are people who understand databases on the SecureSphere support team.