Imperva SecureSphere Database Security Review
The level of detail allows resources managing devices to determine whether activity is a legitimate concern. In the current environment, rebranding exported PDF files is a pain.
What is most valuable?
As the member of an MSSP SOC team, we monitor dozens of appliances from multiple vendors. SecureSphere is one of the many tools that feeds our SIEM with relevant alerts regarding client activity of concern. Once we receive this, we use the alert monitor to delve into the details about what took place, when and where.
The level of detail provided is excellent, allowing the resources that manage the actual devices to determine whether or not, the activity is a legitimate concern and to rectify the activity in a timely manner.
What needs improvement?
We currently export PDF files to provide to the client. Rebranding this is a pain in the current environment. Having multiple and flexible export options would be better. Exporting to CSV or other formats and allowing the simple application of corporate logos to the reports, instead of vendor logos would be helpful.
In our environment, we use the SIEM to monitor the alerts, then log into SecureSphere to examine the activity in its alert monitor. Once we know that, if our level 1 analysts cannot determine whether or not the activity is false-positive, then we will export the activity and send it to the DBAs for them to examine closer.
For how long have I used the solution?
I have used this solution for five years.
What was my experience with deployment of the solution?
I don’t deploy, only monitor.
How is customer service and technical support?
I’ve never had to contact them.