Imperva SecureSphere Database Security Overview

Imperva SecureSphere Database Security is the #1 ranked solution in our list of top Database Security tools. It is most often compared to IBM Guardium Data Protection: Imperva SecureSphere Database Security vs IBM Guardium Data Protection

What is Imperva SecureSphere Database Security?

Imperva SecureSphere Database Security:

  • Audits all access to sensitive data.
  • Alerts or blocks database attacks and unauthorized activities, in real time.
  • Detects and virtually patches database vulnerabilities.
  • Identifies excessive user rights and dormant users, and enables a complete rights review cycle.
  • Accelerates incident response and forensics investigations with advanced analytics.
Imperva SecureSphere Database Security Buyer's Guide

Download the Imperva SecureSphere Database Security Buyer's Guide including reviews and more. Updated: June 2021

Imperva SecureSphere Database Security Customers

BlueCross BlueShield, eHarmony, EMF Broadcasting, GE Healthcare, Metro Bank, The Motley Fool, Siemens

Imperva SecureSphere Database Security Video

Filter Archived Reviews (More than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
FredBbaale
CEO at eLAAB Limited
Reseller
A comprehensive firewall and data security solution package with superior reporting capability

What is our primary use case?

We generally use Imperva as a database firewall and for activity monitoring. The solution has to fit the organization first. Once we know the product is a fit, we support in the creation of reports. We look at the core users (administrators, auditors, accountants, etc.) who need to get information and we look at the responsibility matrix. Our responsibility is the database and we try to implement the total solution for an organization. This means reports are created for the specific needs of, say, IT security administrators, top management, IT guys, etc. This shows each group or individual… more »

Pros and Cons

  • "Flexible reporting allows for customization that keeps the admins from having to interact with system automation."
  • "Performance can be slow under heavy loads, but this should be adjusted by scaling."

What other advice do I have?

Imperva is a good product if you look at its core functionality and the way it's built. It's a newer product and very consistent. Oracle has been around a long time and may suffer from that legacy a little. If clients want a product which covers all database management systems, then Imperva can work out of the box. Ideally, you can deploy within a day or two of signing a contract. Implementation time with Imperva is much shorter than with Oracle. I think I would rate Imperva a nine out of ten, despite the occasional performance issues. It delivers on the core functionality. If it's running…
Danish Ansari
Senior IT Security Specialist at National Water Company
Real User
Assesses the vulnerability of the database while it is running

What is our primary use case?

The primary use for our company is to enable the auditing on the DB level. The main target is to track the activities happening and by whom on critical tables. Based on that requirement, we purchased this database auditing solution because it was specific to Oracle for auditing purposes.

Pros and Cons

  • "A solution which does what other name brand products do for a lower cost."
  • "The interface is not user-friendly."

What other advice do I have?

I would give Imperva an eight out of ten as a solution. It meets our requirements equally to what we got from IBM Guardium which we went with based on little more than their name. In a later review, we considered Imperva and realized that both products had almost the same features. If the same functionality is provided by both, it is hard to justify the more expensive product. Now we will save the extra money. At that time, the administrator was not comfortable with the change to Imperva but we provided official training from Imperva. He had experience with other solutions for database…
Learn what your peers think about Imperva SecureSphere Database Security. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
511,307 professionals have used our research since 2012.
Arash Azari Samani
Unix System Administrator at a financial services firm with 1,001-5,000 employees
Real User
Top 5Leaderboard
A scalable solution that helps to secure our web-based financial applications

What is our primary use case?

Our primary use for this solution is securing banking web applications. It protects the web service of one of the big Internet banks in Iran.

Pros and Cons

  • "This solution has helped secure our Internet-based services, protecting us against DoS and other types of web-based attacks."
  • "The GUI for this solution could use some improvement."

What other advice do I have?

Imperva is a product leader in this line, and it is very good. In fact, I have experience with other products, and I would say that this solution is best-in-class. If we had support then this solution would be perfect. I would rate this solution a nine out of ten.
Roi Nahari
CTO- Consulting Services at 2bsecure
Real User
Provides valuable security when it is properly implemented and maintained

What is our primary use case?

My team and I deploy this solution for customers. In Israel, I'm the team leader of the whole Application Security Division.

Pros and Cons

  • "The most valuable feature of this solution is the database security policy."
  • "Technical support for this solution needs improvement."

What other advice do I have?

My advice for anybody implementing this solution is to know what you are doing before deploying. You need to learn the security concept of this product. You need to know what you want to protect, and then learn how to protect it. You cannot just deploy this solution and leave it like that. You need to know how to maintain this product. Things are being constantly improved in this solution, but there is no such thing as perfect. I would rate this solution eight out of ten.
AP
IT Security at rmrf-tech
Real User
Provides us with the tools we need to defend against Botnets and DDoS attacks

What is our primary use case?

I am using Imperva in different projects for application defense.

Pros and Cons

  • "The functionality is very useable and easy to understand."
  • "It would be better to update the solution by using a GUI that guides me, rather than through a CLI."

What other advice do I have?

There are many functions in this solution that I do not use at this time. This is a fine product, and one of the best. We needed it for DDoS protection and for Botnet protection, and all of this works fine. I would rate this solution an eight out of ten.
RB
Software Developer at a tech services company with 201-500 employees
Real User
Good Integration between components helps us to meet the needs of our customers

What is our primary use case?

I use this solution to discover missing data, and to find weaknesses or miscalculations in my database standards.

Pros and Cons

  • "It has a lot of different components that cover the needs of our customers."
  • "Integration with other databases or third-party products would be useful."

What other advice do I have?

My advice is to do a POC before implementing this solution. I would rate this solution an eight out of ten.
Ajay-Chattwal
Project Manager at a energy/utilities company with 10,001+ employees
Real User
Policies and alerts allow us to detect malicious activity in critical databases

What is our primary use case?

The primary use case is specific to database security through log auditing, to identify the actions performed by various users. That gets logged. Then policies are used to see whether any action performed by a database user is below a threshold or above a threshold; whether there should there be an alert because of it. It is used by specific teams within our organization to monitor activity, to see whether there is any malicious activity or a user who's not supposed to be performing a certain action.

Pros and Cons

  • "The tool happens to be very intelligent when it comes to processing policies and sounding alerts. It allows us to implement policies and measure actions against them, raising alerts accordingly."
  • "The only challenge I see is that SecureSphere is deployed on servers or databases which are held on physical infrastructure. However, there are databases which are hosted on cloud platforms and Imperva has a separate tool altogether for that, not SecureSphere."

What other advice do I have?

My advice is to go to IT CentralStation and download the report on database security tools. In general, it's all about the policies that you put into the tool to get the output. The tool itself is pretty smart. As someone who is designing the policies or the outputs or the queries, it is like putting a query into a SQL database to get the results. The better or more optimized the query is, the better output you will receive, and so it goes with this solution. When selecting a vendor, pricing, of course, is the most important thing to look at. Then, you look at the scalability options, at how…
Darren Chaker
Operator at Halliburton
Real User
Allows people to secure data, while seamlessly allowing the distribution of that data in an effortless manner.

Pros and Cons

  • "I like Imperva SecureSphere platform forms. Imperva SecureSphere is the foundation for SecureSphere data, file and web application solutions."
  • "SecureSphere activity log can be used with Imperva CounterBreach in an effort to protect enterprise data from theft and loss caused."

What other advice do I have?

Imperva SecureSphere provides great options to secure data and would not hesitate to use it.
it_user584112
Network And Security System Administrator at a international affairs institute with 1,001-5,000 employees
Real User
Monitors and protects internet banking applications. Provides the option of deployment architectures.

What other advice do I have?

We recommend implementing it.
it_user541239
Regional Sales Engineer at a tech company with 1,001-5,000 employees
Vendor
Offers flexible deployment modes and custom policy creation.

What other advice do I have?

For DAM, I recommend that you invest proper resources in the business part of the project. It is very important to set expectations properly.
ITCS user
Solution Architect at a financial services firm with 10,001+ employees
Real User
Facilities data enrichment and process automation. It manages cluster capacity.

What other advice do I have?

Give it a try. Write down your requirements as detailed as possible, and perform a PoC using this list. If you find gaps that require additional development, it could take some time until you actually get it.
it_user561654
IT Security Consultant at a tech company with 501-1,000 employees
Vendor
Blocks external and internal attacks on protected servers in real time.

What other advice do I have?

They must take into account that this solution, like others, must be sized correctly. If they do not size the solution correctly, they might have some issues.
it_user548754
L3 Application Support Analyst at a financial services firm with 1,001-5,000 employees
Vendor
I believe the most valuable feature is the GUI. If load is big and there are advanced filtering rules in place, gateways or MX can crash.

What other advice do I have?

Use the newest version (at the moment I think it is 11.5) and pay extra for staff training and additional consultation on how to set up rules, etc.
it_user577539
Senior Security Analyst at a tech services company with 10,001+ employees
Consultant
The level of detail allows resources managing devices to determine whether activity is a legitimate concern. In the current environment, rebranding exported PDF files is a pain.
it_user589365
Senior Analyst at a consultancy with 10,001+ employees
Consultant
You don’t need to run scans by logging into different databases. It is monitored through the centralized console.

What other advice do I have?

You should follow both the guide and the tutorials. The tool is handy only if it is implemented properly. Implementation is a bit complicated; hence, it is advisable to create documentation alongside. It would be more beneficial to use the directory present on the Imperva site before logging for any issues.
it_user579513
Senior System Engineer at a financial services firm with 1,001-5,000 employees
Vendor
We found new patterns of user behaviour and corrected authorisations.

What other advice do I have?

We are very satisfied with this product. It's simple to use, customize and administer. Installation is simple and easy, even on mainframe.
ITCS user
Senior IT Security Consultant at a tech consulting company with 51-200 employees
Consultant
It relies on signature-based policies, as well as on a web correlation engine.

What other advice do I have?

Doing the initial Imperva training before putting your hands on the product helps a lot. Getting assistance from Imperva during the initial stage of your new environment is highly recommended.
it_user499686
Senior Database Administrator at a media company with 1,001-5,000 employees
Real User
It helped us classify our large inventory and apply additional security controls based on the data classification.

What other advice do I have?

Out of the box, Imperva comes with a lot of security modules & features that straight away add value to your organisation’s security objectives. That’s just the beginning in my opinion. There are enough customization options available for administrators to get Imperva to work for them the way they want it to. The ability to use custom scripts for scans and the ability to use TCP-level capture of database events are excellent features to use in an enterprise.
it_user504735
Assistant lead - Security Operations at a comms service provider with 10,001+ employees
Vendor
The technology includes unique correlated attack validation. My suggestion to Imperva: Improve the UI.

What other advice do I have?

Before implementing this product, get your hands dirty with the world wide web. The more you know about the internet, the more useful it is.
it_user496329
Security Engineer at a tech company with 1,001-5,000 employees
Vendor
Most of the configuration is out-of-the-box and the security policies it offers are granular.

What other advice do I have?

It is the best product for cyber security & forensic investigation for external and internal threat identification and prevention.
it_user501258
ERS Consultant at a consultancy with 10,001+ employees
Consultant
It covers the legal obligations for Turkish banks and fulfills requirements for our clients.

What other advice do I have?

SecureSphere fulfills so many requirements for our clients. Additionally, if they want to evaluate and correlate data more comprehensively, they can use this product with SIEM tools such as ArcSight or Splunk.
Mikael Takeo
Security Professional with 501-1,000 employees
Consultant
Top ReviewerTop 5
With the audit log system, it can secure an audit trail from privileged users with user logs on a physical server, but the UX is not great and sometimes confusing.
it_user254976
Officer- Informations Systems Security Audit at a government with 501-1,000 employees
Vendor
It provides you with audit logs for changes to the database.

What other advice do I have?

Implement this product across all systems running applications as access to one unprotected system can be elevated to a protected one. Also, have reports produced frequently using the tools available in the system and analyze them to know and investigate the sources of attacks the WAF has blocked. That's because they could be internal indicating a compromise or a malicious user within. Ensure that your SharePoint environment is also protected as though it may be internal, attacks can be directed at it.
it_user249771
Information Security Compliance Manager at a financial services firm with 10,001+ employees
Vendor
This is a very complex solution with a wide range of capabilities.

What other advice do I have?

Ensure the vendor clearly captures your specific database monitoring requirements and that might include importing the metadata of the database for proper monitoring. Training should be included in the implementation budget as this is a very complex solution with a wide range of capabilities.
ITCS user
Database Administrator II at a pharma/biotech company with 501-1,000 employees
Vendor
It's a pretty decent product but the learning mode feature should be improved.

What is most valuable?

The alerts on threats and system statuses.

How has it helped my organization?

I can drill down/troubleshoot errors much quicker.

What needs improvement?

Design/ease of the learning mode feature.

For how long have I used the solution?

I have used the product for about a year.

What was my experience with deployment of the solution?

No, the engineer did a very smooth job at deployment.

What do I think about the stability of the solution?

No I have not.

What do I think about the scalability of the solution?

No I have not.

How are customer service and technical support?

Customer Service: 8/10. Technical Support: I haven’t had an issue in the year I have used the product.

Which solution did I use previously and why did I switch?

I did,…
it_user254619
Operations Consultant at a financial services firm with 10,001+ employees
Vendor
Sometimes convincing the engineering team that there was a problem was a bit harder than it should have been, but the on-site engineers who supported the implementation were excellent.

What other advice do I have?

Go through the POC process and test all ITIL processes to ensure you understand what will be required for the entire lifecycle of implementation/support. Engage with DBA teams to provide DBA support and knowledge. If it's possible, ensure there are people who understand databases on the SecureSphere support team.