Imperva SecureSphere Database Security Review

Assesses the vulnerability of the database while it is running


What is our primary use case?

The primary use for our company is to enable the auditing on the DB level. The main target is to track the activities happening and by whom on critical tables. Based on that requirement, we purchased this database auditing solution because it was specific to Oracle for auditing purposes.

How has it helped my organization?

It addresses our needs and our clients' needs for Oracle DB reporting.

What is most valuable?

The features which are most valuable are from the security perspective. We do not have other specific tools for vulnerability assessment. The package allows user activity monitoring. The second thing is for assessing the vulnerability of the database while it is running. 

What needs improvement?

The GUI needs to be improved and made more user-friendly. This solution is a little complicated compared with other solutions for database auditing because of the GUI interface. It will be much more competitive if the interface meets the standards of the other vendors in the market.

For example, the price of the IBM Guardium is very high, but it's user-friendly. On the other hand, the Imperva GUI is complicated. It is harder for us to generate reports. That's why we face some hurdles in operations.

For security, the main point is to report on any violation of compliance. The administrator is required to generate reports. The GUI is set by the operator and not the admin of the device. Every time they need to make changes, it requires a lot of configuration to generate a new report. For any urgent report, the administrator has to be involved. It should not be necessary.

The agent should be installed at the box itself instead of going on the bridging system and doing the installation. Whenever any dependency is required, the activity becomes harder. If the dependency is not required then the activity can be handled from the box itself. It should be very easy to execute the administration and operations of the device. Comparing to Cisco devices, which are very user-friendly, other product manufacturers can take a lesson and make an effort to make the operational and administrative tasks easy.

It should be possible to execute by the team without writing custom lock sources. 

For how long have I used the solution?

We have been using this solution for about seven months.

What do I think about the stability of the solution?

Everything is working fine, so it is stable.

What do I think about the scalability of the solution?

As we are able to change our licensing to expand resources and features, it is scalable. We have not yet actually implemented the scalability.

How are customer service and technical support?

Till now we have not had any open cases with the technical support, so I cannot comment on that.

If you previously used a different solution, which one did you use and why did you switch?

Before Imperva, we used IBM Guardium. We switched because of the price. With IBM Guardium we were charged for features we never needed to use. We were using it only for auditing purposes. That is the same thing we are using Imperva for. As we did not have any need for the other features in Guardium we were paying extra for nothing. Some of the higher level features we now use in Imperva were available in Guardium, but we didn't use them at that time. 

How was the initial setup?

The initial setup was straightforward. At first, we were unable to find the application user tracking and our main target was to track specific user privileges, activity and who was making changes inside the database from the console. It was a minor setback.

There are two types of deployment. The first one is for the solution to integrate the database which took about three days. For the usage, identifying the queries and creating rules, it took longer. The whole was complete within 15 days or 20 days, I think.

We have three operators and two administrators. The administrator role is to make the policies, install the agent, do the integration with the gateway and enable the auditing on the specific tables and the specific columns.

The operator generates reports on users and activity based on the areas we need to monitor. If a user is doing any activity outside of the normal time, the operator's responsibility is to report users to the DVR admin and the security feed.

One guy was enough for the deployment. We have only integrated one database, so in our environment is simple.

Another thing I want to highlight is that you can adjust the permissions from anywhere.

What about the implementation team?

The deployment was done by the Imperva partner.

What was our ROI?

The immediate return is that we are saving money by having a lower cost for the same functionality. The new solution has satisfied management. I couldn't tell you the exact return. The only real additional cost was retraining staff. That was minimal.

What's my experience with pricing, setup cost, and licensing?

I don't know the exact prices because that is a function of accounting, but I know service is contracted on a yearly basis. We purchased the minimal license for Imperva initially even though we have a lot of databases, but the license covered our needs. The company has recommended increasing the licensing. 

There are additional costs depending on the features. For example, if we want to prevent something on the DV level we can't because we didn't purchase that license. If we want it, we can add it. Our main goal right now is to enhance the license for the TPS license (transaction process system). It is easy to enhance functionality by adding other features licenses.

Which other solutions did I evaluate?

We did a comparison between Imperva and IBM Guardium before making the switch. The comparison was based on two things: auditing the databases and monitoring user privileges. These two features were offered by both solutions, so we were just left to evaluate based on the difference in prices. 

What other advice do I have?

I would give Imperva an eight out of ten as a solution. It meets our requirements equally to what we got from IBM Guardium which we went with based on little more than their name.

In a later review, we considered Imperva and realized that both products had almost the same features. If the same functionality is provided by both, it is hard to justify the more expensive product. Now we will save the extra money.

At that time, the administrator was not comfortable with the change to Imperva but we provided official training from Imperva. He had experience with other solutions for database auditing systems, so he was able to make the adjustment.

We are working with the minimal license so currently, the resources are lower compared to our IBM Guardium license. Even with a shortage of resources, everything is equal to the IBM Guadium solution and we can correct that resource shortage while still saving money.

The main thing is defining the actual requirements. If a solution complies with the requirements there's no need to spend extra money for the brand names.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email