We just raised a $30M Series A: Read our story

Imperva SecureSphere Database Security OverviewUNIXBusinessApplication

Imperva SecureSphere Database Security is #2 ranked solution in top Database Security tools. IT Central Station users give Imperva SecureSphere Database Security an average rating of 8 out of 10. Imperva SecureSphere Database Security is most commonly compared to IBM Guardium Data Protection:Imperva SecureSphere Database Security vs IBM Guardium Data Protection. The top industry researching this solution are professionals from a computer software company, accounting for 28% of all views.
What is Imperva SecureSphere Database Security?

Imperva SecureSphere Database Security:

  • Audits all access to sensitive data.
  • Alerts or blocks database attacks and unauthorized activities, in real time.
  • Detects and virtually patches database vulnerabilities.
  • Identifies excessive user rights and dormant users, and enables a complete rights review cycle.
  • Accelerates incident response and forensics investigations with advanced analytics.
Imperva SecureSphere Database Security Buyer's Guide

Download the Imperva SecureSphere Database Security Buyer's Guide including reviews and more. Updated: November 2021

Imperva SecureSphere Database Security Customers

BlueCross BlueShield, eHarmony, EMF Broadcasting, GE Healthcare, Metro Bank, The Motley Fool, Siemens

Imperva SecureSphere Database Security Video

Archived Imperva SecureSphere Database Security Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Sanjeet Kumar Bhuyan
Security Consultant and Cybersecurity Support at a tech services company with 51-200 employees
Real User
Top 5Leaderboard
Enables us to monitor the most critical DBA activities, helping identify default accounts and passwords

Pros and Cons

  • "As we are very sensitive to financial impacts, this product provides great protection for our organization."
  • "I would like to see improvement in the integration part of the tool. This should be an easy process."

What is our primary use case?

The primary use case is for database monitoring. We are also using the blocking part, which is used for: 

  • Any suspicious activities which are done, such as delete command and query command, outside the admin, the solution is supposed to block them.
  • The blocking of compromised databases through cloning. Blocking will not allow the cloning.

We use it for blocking and auditing. Our job is monitoring. We are a government entity and provide services to other ministries. We use Imperva for its Database Activity Monitoring and File Integrity Monitoring tools. We have also enabled Database Firewall.

How has it helped my organization?

As we are very sensitive to financial impacts, this product provides great protection for our organization.

It enabled us to monitor the most critical DBA activities, and most critically helped us identify default accounts and passwords. Additionally, with this solution we were able to block an external attack on our Oracle DB.

What is most valuable?

  • DB Activity Monitoring
  • DB Firewall
  • CounterBreach

Their web application firewall (WAF) is quite good.

What needs improvement?

They have to put more focus on the administrative part of the application, especially on upgrades. There are a lot of packages to download and install that you have to be knowledgeable on. For example, we tried to install a version, and it did not work. Then, support had to become involved.

They should add an application availability dashboard feature and should focus more on the alerting mechanism.

There is a problem with the integrations. I would also like to see improvement in the integration part of the tool. This should be an easy process. For example, I had an issue with the integration of a file server. 

Within the endpoints, the communication is breaking down most of the time. Sometimes, once the communication stops, it does not resume again.

They could approve monitoring in the next release. E.g., right now, we lack the ability to know when databases are down. This is something we could use monitoring to mitigate. 

For how long have I used the solution?

I have been using Imperva for around four and a half years.

What do I think about the stability of the solution?

The stability is good. Sometimes the gateways disconnect and connect again automatically.

We have a dedicated staff person for maintenance: alert, fine tuning, and adjustments.

What do I think about the scalability of the solution?

The solution is scalable. I would rate the scalability as an nine out of ten. We have used this solution since 2014 but have not encountered any scalability issues so far.

Within our organization, we have around 500 users. Our site protects approximately 70,000 end users.

How are customer service and technical support?

When the technical support is required, they assist us. I would rate them as seven out of ten because they are not so good due to the due to differing time zones. 

We managed by using the regional vendors. Overall, the support is effective.

Which solution did I use previously and why did I switch?

We previously used IBM Guardium. Before 2015, it was bit complicated to use.

How was the initial setup?

A bit complex, but following the instructions and the manual guide is enough for the initial setup. A little knowledge helps.

What about the implementation team?

We used the Imperva Professional Services for the configuration in our environment. It is important to have experienced professionals do these changes.

The initial deployment for our team was a failure.

The implementation took one week. Afterwards, the configuration started, then the use case testing. Overall, it took for us around one month.

Our local partner is now supporting us. Gulf IT has very good experience in the Middle East. They are nice to work with and supporting us well.

What was our ROI?

We have seen ROI, as it protects our company from threats.

This tool helped us mitigate audit risks by 100 percent.

What's my experience with pricing, setup cost, and licensing?

We have all the licenses, which we pay for annually. The price is a little high, but the product is good.

Which other solutions did I evaluate?

Yes, Guardium.

What other advice do I have?

Identify the proper use cases, then implement it.

Resource overhead management is a good option. The OS chain option provides the real user behind the DB application user.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
OluwoleOlajide
Cloud Solutions Architect at a tech services company with 11-50 employees
Real User
A stable product that provides good security through data masking

Pros and Cons

  • "The most valuable feature is the Data Masking."
  • "The firewall features are not very strong and should be improved."

What is our primary use case?

We do not use this solution directly. Rather, we procure it for our customers and assist with the implementation.

What is most valuable?

The most valuable feature is the Data Masking. Most of our customers inquire about it, so it is very important to us.

What needs improvement?

There is room for improvement in the firewall capabilities when it comes to additional features such as Traffic Shaping, Connection Pooling and Load Balancing. Barracuda and F5 are leading in this aspects.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

Once the installation is complete there are complaints here and there. Afterward, however, it is stable. Our support continues from this point, so over time, we will have a better understanding of this.

What do I think about the scalability of the solution?

One of our customers currently has five hundred users.

How are customer service and technical support?

The technical support is ok, and we have had good assistance from them.

How was the initial setup?

The initial setup is not straightforward for a single person or IT administrator. However, when many IT administrators get together then they can resolve all of the issues.

What about the implementation team?

We have consultants that assist our IT administrator with the deployment.

The length of time for deployment varies, but the last one took us approximately three months.

Which other solutions did I evaluate?

Many of our customers compare this solution to Oracle Audit Vault, although we are confident that Imperva satisfies all of their requirements.

What other advice do I have?

My advice to anybody who is implementing this solution is to get the right people on board, and with that, there shouldn't be any problem. 

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Imperva SecureSphere Database Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,305 professionals have used our research since 2012.
FredBbaale
CEO at eLAAB Limited
Reseller
A comprehensive firewall and data security solution package with superior reporting capability

Pros and Cons

  • "Flexible reporting allows for customization that keeps the admins from having to interact with system automation."
  • "Performance can be slow under heavy loads, but this should be adjusted by scaling."

What is our primary use case?

We generally use Imperva as a database firewall and for activity monitoring. 

The solution has to fit the organization first. Once we know the product is a fit, we support in the creation of reports. We look at the core users (administrators, auditors, accountants, etc.) who need to get information and we look at the responsibility matrix. Our responsibility is the database and we try to implement the total solution for an organization. This means reports are created for the specific needs of, say, IT security administrators, top management, IT guys, etc. This shows each group or individual what they need to know. We try to make it so database administrators do not have to directly interface with the solution by creating report editors and report creators based on the unique assessment of the organization. 

Imperva is a high-end product and it doesn't come cheap. Most government agencies don't use it because of its expense. But those who use it, like it and it's on the wishlist of many organizations.

How has it helped my organization?

The ability to automate reports simplifies what an organization has to do. Even the in-built reports are quite useful. But customization can make the product experience very specific and efficient.

But besides that, clients like to compare industry benchmarks and establish best practices. Report analysis can help with that.

What is most valuable?

The reporting ends up being the most visible feature even though the protection and automated blocking are as valuable. The reporting is very flexible, and users can create any type of reports they want. It gives them insight into the information they need to be effective at what they are responsible for.

What needs improvement?

I think the support needs more improvement than the product. The support we get struggles a bit to provide solutions. They take additional time to respond to support requests.

The core of Imperva can sometimes be very slow. This mostly happens when you turn on many alerts, if a lot of people log-in, or if you turn on auditing. It can get noticeably slow. Performance under a heavy load is noticeably reduced.

That could be because of scalability, but most of my major issues have to do with performance. I think it's because they run an Oracle database at the backend. If they allowed the administrators to tune the back end database it might solve the issue. If the backend database is having trouble you have to call support and that takes time. It is not efficient.

Finally, they might consider reducing the licensing fee. It's a bit high compared to the competition. 

For how long have I used the solution?

We have been reselling this product for five years.

What do I think about the stability of the solution?

Imperva is very stable. I think because of the core on which it is built.

What do I think about the scalability of the solution?

The Imperva solution is quite scalable. You can start by adding it to one device and then scale it to the whole organization. 

We've had instances where we added a gateway and the end user didn't notice. It scales fluidly.

How are customer service and technical support?

There are different levels of support that you can contract for and it is supposed to be based on priority. In our region, the level of support — whether you have paid for premium or expanded support — you get the same level of support. There are no options for same day support or one hour support. You may still get a response within an hour no matter what level you pay for. That said, we normally pay for premium support and we have been satisfied with the service when we do that.

Which solution did I use previously and why did I switch?

Most of the time, the customers I deal with pick products which have a particular reputation. That may lead to their decision to go with Imperva. 

How was the initial setup?

The initial setup was straightforward. We normally use Imperva's professional services, so that makes it very easy to deploy. We build on the knowledge gained in previous deployments, which makes it easier still. 

In the deployment, we want to get up as soon as possible. We know that for a typical deployment that it is usually two weeks. 

What about the implementation team?

We use Imperva's professional services for most of our deployments, but we work through a distributor data group. The services are always really good. They know the company, they know the market, they know the region where we operate from, and they know the language and the culture. The knowledge of the local environment makes everything easier in completing a proper implementation.

What was our ROI?

We don't do actual studies on return on investment. The key thing is for the product to do its job. The value of good security is practically limitless and it would be hard to define in hard dollar value.

What's my experience with pricing, setup cost, and licensing?

Licenses are yearly. We normally try to negotiate a perpetual license but separate annual support and maintenance.

The pricing over-all depends on the entry level. For example, if support and maintenance are about $20,000 - $25,000, the initial cost can be five times more. It is less expensive for the company to maintain the client than to make the deployment.

There are some additional costs for add-ons and scaling.

Which other solutions did I evaluate?

Normally, in this region, clients look at McAfee and Oracle security solutions first because of recognition. Our suggestions are normally to compare Imperva and Oracle. Clients like the reputation of Oracle because it has a large footprint and is proven in areas like databases and applications. Sometimes clients try to build database security strictly around Oracle Technology without considering other options. They are often surprised what Imperva has to offer as the name is less familiar.

What other advice do I have?

Imperva is a good product if you look at its core functionality and the way it's built. It's a newer product and very consistent. Oracle has been around a long time and may suffer from that legacy a little. If clients want a product which covers all database management systems, then Imperva can work out of the box. Ideally, you can deploy within a day or two of signing a contract. Implementation time with Imperva is much shorter than with Oracle. 

I think I would rate Imperva a nine out of ten, despite the occasional performance issues. It delivers on the core functionality. If it's running well you are assured you will get the value out of it in terms of the security assurance. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Danish Ansari
Senior IT Security Specialist at National Water Company
Real User
Assesses the vulnerability of the database while it is running

Pros and Cons

  • "A solution which does what other name brand products do for a lower cost."
  • "The interface is not user-friendly."

What is our primary use case?

The primary use for our company is to enable the auditing on the DB level. The main target is to track the activities happening and by whom on critical tables. Based on that requirement, we purchased this database auditing solution because it was specific to Oracle for auditing purposes.

How has it helped my organization?

It addresses our needs and our clients' needs for Oracle DB reporting.

What is most valuable?

The features which are most valuable are from the security perspective. We do not have other specific tools for vulnerability assessment. The package allows user activity monitoring. The second thing is for assessing the vulnerability of the database while it is running. 

What needs improvement?

The GUI needs to be improved and made more user-friendly. This solution is a little complicated compared with other solutions for database auditing because of the GUI interface. It will be much more competitive if the interface meets the standards of the other vendors in the market.

For example, the price of the IBM Guardium is very high, but it's user-friendly. On the other hand, the Imperva GUI is complicated. It is harder for us to generate reports. That's why we face some hurdles in operations.

For security, the main point is to report on any violation of compliance. The administrator is required to generate reports. The GUI is set by the operator and not the admin of the device. Every time they need to make changes, it requires a lot of configuration to generate a new report. For any urgent report, the administrator has to be involved. It should not be necessary.

The agent should be installed at the box itself instead of going on the bridging system and doing the installation. Whenever any dependency is required, the activity becomes harder. If the dependency is not required then the activity can be handled from the box itself. It should be very easy to execute the administration and operations of the device. Comparing to Cisco devices, which are very user-friendly, other product manufacturers can take a lesson and make an effort to make the operational and administrative tasks easy.

It should be possible to execute by the team without writing custom lock sources. 

For how long have I used the solution?

We have been using this solution for about seven months.

What do I think about the stability of the solution?

Everything is working fine, so it is stable.

What do I think about the scalability of the solution?

As we are able to change our licensing to expand resources and features, it is scalable. We have not yet actually implemented the scalability.

How are customer service and technical support?

Till now we have not had any open cases with the technical support, so I cannot comment on that.

Which solution did I use previously and why did I switch?

Before Imperva, we used IBM Guardium. We switched because of the price. With IBM Guardium we were charged for features we never needed to use. We were using it only for auditing purposes. That is the same thing we are using Imperva for. As we did not have any need for the other features in Guardium we were paying extra for nothing. Some of the higher level features we now use in Imperva were available in Guardium, but we didn't use them at that time. 

How was the initial setup?

The initial setup was straightforward. At first, we were unable to find the application user tracking and our main target was to track specific user privileges, activity and who was making changes inside the database from the console. It was a minor setback.

There are two types of deployment. The first one is for the solution to integrate the database which took about three days. For the usage, identifying the queries and creating rules, it took longer. The whole was complete within 15 days or 20 days, I think.

We have three operators and two administrators. The administrator role is to make the policies, install the agent, do the integration with the gateway and enable the auditing on the specific tables and the specific columns.

The operator generates reports on users and activity based on the areas we need to monitor. If a user is doing any activity outside of the normal time, the operator's responsibility is to report users to the DVR admin and the security feed.

One guy was enough for the deployment. We have only integrated one database, so in our environment is simple.

Another thing I want to highlight is that you can adjust the permissions from anywhere.

What about the implementation team?

The deployment was done by the Imperva partner.

What was our ROI?

The immediate return is that we are saving money by having a lower cost for the same functionality. The new solution has satisfied management. I couldn't tell you the exact return. The only real additional cost was retraining staff. That was minimal.

What's my experience with pricing, setup cost, and licensing?

I don't know the exact prices because that is a function of accounting, but I know service is contracted on a yearly basis. We purchased the minimal license for Imperva initially even though we have a lot of databases, but the license covered our needs. The company has recommended increasing the licensing. 

There are additional costs depending on the features. For example, if we want to prevent something on the DV level we can't because we didn't purchase that license. If we want it, we can add it. Our main goal right now is to enhance the license for the TPS license (transaction process system). It is easy to enhance functionality by adding other features licenses.

Which other solutions did I evaluate?

We did a comparison between Imperva and IBM Guardium before making the switch. The comparison was based on two things: auditing the databases and monitoring user privileges. These two features were offered by both solutions, so we were just left to evaluate based on the difference in prices. 

What other advice do I have?

I would give Imperva an eight out of ten as a solution. It meets our requirements equally to what we got from IBM Guardium which we went with based on little more than their name.

In a later review, we considered Imperva and realized that both products had almost the same features. If the same functionality is provided by both, it is hard to justify the more expensive product. Now we will save the extra money.

At that time, the administrator was not comfortable with the change to Imperva but we provided official training from Imperva. He had experience with other solutions for database auditing systems, so he was able to make the adjustment.

We are working with the minimal license so currently, the resources are lower compared to our IBM Guardium license. Even with a shortage of resources, everything is equal to the IBM Guadium solution and we can correct that resource shortage while still saving money.

The main thing is defining the actual requirements. If a solution complies with the requirements there's no need to spend extra money for the brand names.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Arash Azari Samani
Data Center Network Expert at TOSAN
Real User
Top 20
A scalable solution that helps to secure our web-based financial applications

Pros and Cons

  • "This solution has helped secure our Internet-based services, protecting us against DoS and other types of web-based attacks."
  • "The GUI for this solution could use some improvement."

What is our primary use case?

Our primary use for this solution is securing banking web applications. It protects the web service of one of the big Internet banks in Iran.

How has it helped my organization?

This solution has helped secure our Internet-based services, protecting us against DoS and other types of web-based attacks.

What is most valuable?

The most valuable features include the compliance with standards for security in web applications, and the ability to detect vulnerabilities.

What needs improvement?

The GUI for this solution could use some improvement.

I would like to see better support for countries in the Middle East, and other places that do not have direct access to the vendor.

For how long have I used the solution?

Five years.

What do I think about the stability of the solution?

Stability is great. Immediately after we deployed it, we had a good feeling about security and performance.

What do I think about the scalability of the solution?

The scalability of this solution is good. Compared to other products, this one is more scalable.

Currently, this solution is protecting approximately twenty thousand end-users.

We are deploying new web-based services and applications, so we expect the usage to increase.

How are customer service and technical support?

Due to restrictions because of sanctions in Iran, we do not have support for this solution. For this reason, we have done everything ourselves. This can be challenging because sometimes we have troubles upgrading the device, or obtaining new signatures.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one.

How was the initial setup?

The initial setup and configuration for this solution were very simple and straightforward.

Deployment in our environment took approximately one week. We begin by deploying it in a test environment. After performing some tests, we moved it to the operational environment.

Two technical staff are required for deployment and maintenance, and we have about six people, in different roles, who manage this solution.

What about the implementation team?

We handled the implementation and deployment ourselves.

What was our ROI?

Our ROI from the initial payment was realized in approximately two months.

What's my experience with pricing, setup cost, and licensing?

This is an affordable solution. There is an annual licensing fee for upgrading the device.

Which other solutions did I evaluate?

After we undertook wide research and development, we found that this product is suitable for us. Two of the products that we looked at in addition to this one were FortiWeb and F5.

What other advice do I have?

Imperva is a product leader in this line, and it is very good. In fact, I have experience with other products, and I would say that this solution is best-in-class. If we had support then this solution would be perfect.

I would rate this solution a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Roi Nahari
CTO- Consulting Services at 2bsecure
Real User
Provides valuable security when it is properly implemented and maintained

Pros and Cons

  • "The most valuable feature of this solution is the database security policy."
  • "Technical support for this solution needs improvement."

What is our primary use case?

My team and I deploy this solution for customers. In Israel, I'm the team leader of the whole Application Security Division.

What is most valuable?

The most valuable feature of this solution is the database security policy.

What needs improvement?

Technical support for this solution needs improvement.

For how long have I used the solution?

Eight to ten years.

What do I think about the stability of the solution?

The stability of this solution depends on the version of the operating system, itself. Often, when a new version of the OS comes out, it is not stable by nature. Once the new patch comes out then it is fixed.

What do I think about the scalability of the solution?

The scalability is dependent on the deployment surface. If you plan for scalability then you will have it. If you are going to a single, or one box solution, then you don't have scalability.

How are customer service and technical support?

Technical support for this solution is insufficient. If you have a professional then you can handle it, but if you are a regular customer then it is difficult.

Which solution did I use previously and why did I switch?

We have different solutions in our portfolio, including IBM Guardium and McAfee Sentrigo.

How was the initial setup?

The initial setup of this solution is complex. However, I understand the complexity.

The length of the time it takes for deployment depends on the customer and their environment. It can take up to three months.

What about the implementation team?

We have a team that handles the implementation and deployment of this solution for our customers. I am the team leader.

What other advice do I have?

My advice for anybody implementing this solution is to know what you are doing before deploying. You need to learn the security concept of this product. You need to know what you want to protect, and then learn how to protect it. You cannot just deploy this solution and leave it like that. You need to know how to maintain this product.

Things are being constantly improved in this solution, but there is no such thing as perfect.

I would rate this solution eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
AP
IT Security at rmrf-tech
Real User
Provides us with the tools we need to defend against Botnets and DDoS attacks

Pros and Cons

  • "The functionality is very useable and easy to understand."
  • "It would be better to update the solution by using a GUI that guides me, rather than through a CLI."

What is our primary use case?

I am using Imperva in different projects for application defense.

How has it helped my organization?

This solution provides analytics using rules in the application. For example, it can report who most often uses certain queries.

What is most valuable?

The most valuable feature is the protection from Botnets. The DDoS attack is one of the things that it protects against.

The functionality is very useable and easy to understand. It is also easy to update if you follow the instructions.

What needs improvement?

It would be better to update the solution by using a GUI that guides me, rather than through a CLI. It would be best if it were simply updated automatically from an admin page.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

I think that the stability is fine, although sometimes the server is down.

What do I think about the scalability of the solution?

It is easy to scale. I use only universal appliances and I know exactly how they work.

Three people use this solution on a single server for a few services.

How are customer service and technical support?

We have contacted technical support a few times, and the experience was ok.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one.

How was the initial setup?

The initial setup for this solution is very easy. Just start it up, log in, and the instructions are there. It is launched from an FTP server and takes four or five hours.

What about the implementation team?

We handled the implementation in-house.

What was our ROI?

It is difficult to say because it has stopped some attacks, but I have nothing to compare against when the solution was not being used. It can protect against attacks, but I cannot say how much money it has saved.

What's my experience with pricing, setup cost, and licensing?

Licensing fees are on a yearly basis, and it is a good value for the money.

Which other solutions did I evaluate?

I was not involved in the selection of the solution.

What other advice do I have?

There are many functions in this solution that I do not use at this time.

This is a fine product, and one of the best. We needed it for DDoS protection and for Botnet protection, and all of this works fine.

I would rate this solution an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
RB
Software Developer at a tech services company with 201-500 employees
Real User
Good Integration between components helps us to meet the needs of our customers

Pros and Cons

  • "It has a lot of different components that cover the needs of our customers."
  • "Integration with other databases or third-party products would be useful."

What is our primary use case?

I use this solution to discover missing data, and to find weaknesses or miscalculations in my database standards.

How has it helped my organization?

One example of how this has improved my organization is with respect to security. We previously had a default passcode in place, and this is discouraged by our password policy. I was able to find this problem and solve it.

What is most valuable?

The best feature of this solution is the integration between components. It has a lot of different components that cover the needs of our customers.

What needs improvement?

The pricing for support could be improved.

Integration with other databases or third-party products would be useful.

For how long have I used the solution?

One year.

What do I think about the stability of the solution?

It is a stable solution.

What do I think about the scalability of the solution?

I think that the product is scalable.

There are five users for this solution.

How are customer service and technical support?

I have no experience with their technical support.

Which solution did I use previously and why did I switch?

I did use other tools for a short span of time.

How was the initial setup?

The initial setup for this solution is straightforward.

I am not using the entire solution, so the deployment time was very short. There were five people involved in the installation.

What's my experience with pricing, setup cost, and licensing?

The cost of support for this solution is very expensive.

There are no costs in addition to the standard licensing fees.

Which other solutions did I evaluate?

I looked at several websites and read reviews. All of them said that Imperva is the best product in this area.

What other advice do I have?

My advice is to do a POC before implementing this solution.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Ajay-Chattwal
Project Manager at a energy/utilities company with 10,001+ employees
Real User
Policies and alerts allow us to detect malicious activity in critical databases

Pros and Cons

  • "The tool happens to be very intelligent when it comes to processing policies and sounding alerts. It allows us to implement policies and measure actions against them, raising alerts accordingly."
  • "The only challenge I see is that SecureSphere is deployed on servers or databases which are held on physical infrastructure. However, there are databases which are hosted on cloud platforms and Imperva has a separate tool altogether for that, not SecureSphere."

What is our primary use case?

The primary use case is specific to database security through log auditing, to identify the actions performed by various users. That gets logged. Then policies are used to see whether any action performed by a database user is below a threshold or above a threshold; whether there should there be an alert because of it.

It is used by specific teams within our organization to monitor activity, to see whether there is any malicious activity or a user who's not supposed to be performing a certain action.

How has it helped my organization?

It helps us look into who's doing what, particularly on databases related to critical applications. That's the way we see it as useful. We've been using it for four or five years now, and it has been bringing in the value that we expected it to.

What is most valuable?

The tool happens to be very intelligent when it comes to processing policies and sounding alerts. It allows us to implement policies and measure actions against them, raising alerts accordingly. That is the best feature.

What needs improvement?

Comparing it with other products in the market, we definitely see that Imperva SecureSphere is head-to-head with the likes of McAfee, IBM Guardium, and others. It's definitely good. The only challenge I see is that SecureSphere is deployed on servers or databases which are held on physical infrastructure. However, there are databases which are hosted on cloud platforms and Imperva has a separate tool altogether for that, not SecureSphere. If an organization is monitoring databases which are on physical as well as virtual infrastructure, running two different tools can become a problem. If that could be merged together it would be an improvement.

Having read about Imperva, I couldn't get much detail as to what their roadmap is for the future, whether they would want to merge them or not. But as a customer, if I can have one tool for various landscapes, like the databases hosted on a physical landscape as well as the virtual ones, that makes it a lot easier.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The stability has been good. In our case, we've been using it through one of our suppliers so we don't directly manage it. It's our supplier who manages it for us. The supplier happens to manage the infrastructure on which the database application or databases are hosted as well.

We don't deal with it but, getting the reports that we have been getting from our supplier, it looks pretty good as far as stability is concerned. We haven't experienced many issues. Even if there were any, it would be our supplier's responsibility to make sure that they got resolved very quickly, so they rarely come to our notice.

What do I think about the scalability of the solution?

When it comes to scalability, as I noted, there are two different tools, one for physical infrastructure and another for virtual infrastructure.

If I want to scale it up from a physical to a virtual platform, that's certainly not a feature at this point of time. That can be a drawback. You have to look for a separate tool from the same vendor because you already have an existing tool from that vendor which is doing well. And you cannot have tools from two different vendors running on two different platforms.

How are customer service and technical support?

We have not used technical support. Our supplier manages the tool, so we don't get in touch with Imperva if there are any issues. Our supplier does that for us.

What other advice do I have?

My advice is to go to IT CentralStation and download the report on database security tools.

In general, it's all about the policies that you put into the tool to get the output. The tool itself is pretty smart. As someone who is designing the policies or the outputs or the queries, it is like putting a query into a SQL database to get the results. The better or more optimized the query is, the better output you will receive, and so it goes with this solution.

When selecting a vendor, pricing, of course, is the most important thing to look at. Then, you look at the scalability options, at how good the tool is, that it suffices your functionality requirements, and that it provides interoperability.

I rate Imperva at eight out of ten across the various areas that I just mentioned, be it interoperability, scalability, cost, or ease of installation and setup. Measuring it on each of these aspects is how I came up with my rating.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Darren Chaker
Operator at Halliburton
Real User
Allows people to secure data, while seamlessly allowing the distribution of that data in an effortless manner.

Pros and Cons

  • "I like Imperva SecureSphere platform forms. Imperva SecureSphere is the foundation for SecureSphere data, file and web application solutions."
  • "SecureSphere activity log can be used with Imperva CounterBreach in an effort to protect enterprise data from theft and loss caused."

What is most valuable?

I like Imperva SecureSphere platform forms. Imperva SecureSphere is the foundation for SecureSphere data, file and web application solutions. Imperva SecureSphere is designed to work together, however can be independently deployed.

How has it helped my organization?

Imperva SecureSphere allows people to secure data, while seamlessly allowing the distribution of that data in an effortless manner.

What needs improvement?

SecureSphere activity log can be used with Imperva CounterBreach in an effort to protect enterprise data from theft and loss caused. Since such is core to its function, I would like to see future versions to integrate such options.

For how long have I used the solution?

Imperva SecureSphere allows the company to adhere to data compliance requirements, and at the same time to effectively protect data from theft.

What was my experience with deployment of the solution?

No.

What do I think about the stability of the solution?

No. After using Imperva SecureSphere the first few days, implementing it was second nature.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Customer Service:

Very good customer service was responsive to needs to get Imperva SecureSphere operational.

Technical Support:

Imperva SecureSphere did not require very much tech support, but with the few issues we had, they were cured very quickly by tech support.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

Setting up Imperva SecureSphere was very simple, and configuration was easy.

What about the implementation team?

We used in-house.

What was our ROI?

It was well worth implementing Imperva SecureSphere and found the rate of productivity increased by using it.

What's my experience with pricing, setup cost, and licensing?

Compare other similar products and definitely use the free trial. I truly enjoyed using it, and recommend Imperva SecureSphere to any one who has similar needs.

Which other solutions did I evaluate?

No we did not.

What other advice do I have?

Imperva SecureSphere provides great options to secure data and would not hesitate to use it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user584112
Network And Security System Administrator at a international affairs institute with 1,001-5,000 employees
Real User
Monitors and protects internet banking applications. Provides the option of deployment architectures.

What is most valuable?

  • Flexibility
  • Provides the option of deployment architectures

How has it helped my organization?

  • Easy monitoring
  • Protection of internet banking applications

I was working for Crescendo International, which is a small company in Romania. My primary role was in network solution integration. I was the only person in the country with experience of three deployments of Imperva products at two major banks.

What needs improvement?

  • The upgrade procedure is not clear
  • There is no easy rollback
  • There is no possibility to select different ways for two different types of cipher suit negotiation in two arm deployments. Most of the banks now use ECDHE for PFSC.
  • No SNI support

For how long have I used the solution?

We have been using the solution for two years.

What do I think about the stability of the solution?

There were many stability issues with the upgrade procedure. The technical support team didn't know how to handle them.

What do I think about the scalability of the solution?

We encountered some stability issues.

How are customer service and technical support?

The level of technical support is bad.

Which solution did I use previously and why did I switch?

We did not use a previous solution.

How was the initial setup?

The initial setup was straightforward.

What's my experience with pricing, setup cost, and licensing?

Please be more transparent about licensing on subscriptions such as for ThreatRadar.

Which other solutions did I evaluate?

We evaluated F5 Networks.

What other advice do I have?

We recommend implementing it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user541239
Regional Sales Engineer at a tech company with 1,001-5,000 employees
Vendor
Offers flexible deployment modes and custom policy creation.

What is most valuable?

  • Flexible deployment modes
  • Custom policy creation
  • Complex vision of web apps
  • DB security
  • Intuitive logs

How has it helped my organization?

We have seen our security risk decreased due to customization and meeting all the security needs for every application.

What needs improvement?

I would like to see more parameters configurable for the kernel reverse proxy.

For how long have I used the solution?

I have used this product for eight years, on both sides; from deployment to customers and administration of the existing infrastructure.

What do I think about the stability of the solution?

The stabillity issues we encountered were fluently fixed.

What do I think about the scalability of the solution?

We did not encounter any scalability issues.

How are customer service and technical support?

Technical support was very professional and elastic.

Which solution did I use previously and why did I switch?

We used to deploy a different solution. We switched due to the valuable features mentioned.

How was the initial setup?

Initial setup was straighforward.

What's my experience with pricing, setup cost, and licensing?

It is a good idea to invest in threat detection licenses.

Which other solutions did I evaluate?

We evaluated:

  • WAF: F5 and Radware
  • DAM: IBM Guardium

What other advice do I have?

For DAM, I recommend that you invest proper resources in the business part of the project. It is very important to set expectations properly.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Solution Architect at a financial services firm with 10,001+ employees
Real User
Facilities data enrichment and process automation. It manages cluster capacity.

What is most valuable?

The most valuable features are:

  • DAM Module
  • Third-party data source integration: Feeds automation
  • Data enrichment: Provides better data quality and session handling
  • API: Used for process automation

How has it helped my organization?

The solution has improved our organization as follows:

  • Better agent performance compared to v9.5
  • Gateways are much more stable
  • Gateway cluster improves resource utilization and provides better resiliency
  • Offers the option to manage cluster capacity without touching the agent configuration

What needs improvement?

BUGs, BUGs, BUGs. The product is under high development and the amount of bugs is bit disappointing. The product has lots of limitations which are not clearly documented. You can only find out the limitations by engaging the support

By using this product you can have only one type of date and time format which is US format. I’m EU citizen and I prefer different date format, same for time format. I would prefer 24Hour clock instead of AM/PM.

For how long have I used the solution?

We have been used this solution for over three years.

What do I think about the stability of the solution?

There were stability issues in v9.5. There are no major stability issues in v10.5.

Stability is dependent on the infrastructure. If you use hypervisor, then you need to make sure to use resources and I/O settings that are optimal for SecureSphere. Otherwise, you will end up with stability and performance issues.

What do I think about the scalability of the solution?

There are some scalability issues. There was a hardcoded limitation in the number of MXs you can connect to SOM. In addition, the bigger the infrastructure, the bigger challenge there is to create a single audit report file.

How are customer service and technical support?

The technical support is OK. But they have big potential to do things better.

Which solution did I use previously and why did I switch?

We had a previous solution. We switched because the new requirements couldn’t be accomplished with the old solution.

How was the initial setup?

The installation was quite complex. We had to integrated lots of external systems in order to make it work right.

What other advice do I have?

Give it a try. Write down your requirements as detailed as possible, and perform a PoC using this list. If you find gaps that require additional development, it could take some time until you actually get it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user561654
IT Security Consultant at a tech company with 501-1,000 employees
Vendor
Blocks external and internal attacks on protected servers in real time.

What is most valuable?

Data discovery and classification: It gives you the ability to find your sensitive data where it exists, even though you may not have known it was there.

Vulnerability assessments: This feature helps you to know the possible vulnerabilities in your protected servers.

Database firewall: This is the most important feature. It provides you with the capability to block attacks (external or internal) in real time to your protected servers.

How has it helped my organization?

This product has helped us to protect the environment against malicious activities. We have detected some security violations and have taken actions against them.

What needs improvement?

Imperva must work on more features for z/OS.

For how long have I used the solution?

I’ve been using SecureSphere for four years.

What do I think about the stability of the solution?

We had some issues but they were attributed to bad administration.

What do I think about the scalability of the solution?

Scalability is one of the most powerful features of Imperva. We have grown easily, once it was necessary.

How are customer service and technical support?

Support is good. The Imperva engineers have excellent technical knowedge.

Which solution did I use previously and why did I switch?

We made a PoC with other solutions but Imperva was the best.

How was the initial setup?

The initial setup was really easy. This product has a friendly wizard and in a few simple steps, we implemented it without troubles.

What's my experience with pricing, setup cost, and licensing?

The product is not cheaper, but is one of the best options. Besides, the other options have more or less the same pricing.

Which other solutions did I evaluate?

We evaluated IBM Guardium.

What other advice do I have?

They must take into account that this solution, like others, must be sized correctly. If they do not size the solution correctly, they might have some issues.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are a premium channel of this vendor.
it_user548754
L3 Application Support Analyst at a financial services firm with 1,001-5,000 employees
Vendor
I believe the most valuable feature is the GUI. If load is big and there are advanced filtering rules in place, gateways or MX can crash.

What is most valuable?

I believe the most valuable feature is the GUI. It is still very much oversized for the job it does, but in comparison to other alternatives, it is still the best at the moment.

How has it helped my organization?

Before SecureSphere was used, the native auditing tools were used, and now there is a segregation of duties when managing audit data from DBAs and DBS teams. It is a much more secure way to have audit data from databases and to monitor actions of privileged accounts.

What needs improvement?

All areas of this product have room for improvement. There are a lot of things that can be improved if you want this to run in a corporate environment with thousands of database servers. If your database server count is low, it is a fine solution for you.

Lack of centralized integration when supporting/configuring appliances (SOM has some, but not all configuration/reporting/management functions, but you can’t do a lot of things from one management appliance (SOM) and have to go to separate MX when you want to configure something). As well you can’t upgrade appliances via Update module (you can only do so with agent and that functionality has much room for improvement as the update GUI is not well designed, some functions do not work and event/alert notifications there are mostly useless). So this and some other things make management and support of very large SecureSphere infrastructure sometimes painful.

For how long have I used the solution?

I’ve been using SecureSphere for over three years.

What do I think about the stability of the solution?

It depends on the load of gateways/MXs. If load is big and there are advanced filtering rules in place, gateways or MX can crash or perform slowly.

What do I think about the scalability of the solution?

The SOM does not have all the functionality yet to manage all MXs centrally and, if you have a very large infrastructure, it is not so easy to manage it, as it requires you to apply updates or new configurations directly to agents or MXs 1 by 1.

How are customer service and technical support?

The support team responds promptly but sometimes it seems that, in more complex cases, they just try to stall for time for R&D to look at it and that they don’t know why some problems are happening.

Which solution did I use previously and why did I switch?

Before, we were using native database auditing tools. Regulators have pointed out that DBAs are managing auditing tools themselves, which is not a good practice. Usage of SecureSphere and forming a new team responsible only for management of this tool was suggested.

How was the initial setup?

Setup was complex. We had to deploy hundreds of gateway appliances to gather audit data and deploy thousands of agents to different OSs. This was not an easy task, as there were no simple solutions to do that. There were also challenges to configuring auditing rules and monitoring rules to work with all kinds of databases and different kind of requirements relating to them.

What's my experience with pricing, setup cost, and licensing?

I don’t know anything about pricing and licensing.

Which other solutions did I evaluate?

I believe an IBM solution was considered, but it was much too expensive and didn’t provide as many features.

What other advice do I have?

Use the newest version (at the moment I think it is 11.5) and pay extra for staff training and additional consultation on how to set up rules, etc.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user577539
Senior Security Analyst at a tech services company with 10,001+ employees
Consultant
The level of detail allows resources managing devices to determine whether activity is a legitimate concern. In the current environment, rebranding exported PDF files is a pain.

What is most valuable?

As the member of an MSSP SOC team, we monitor dozens of appliances from multiple vendors. SecureSphere is one of the many tools that feeds our SIEM with relevant alerts regarding client activity of concern. Once we receive this, we use the alert monitor to delve into the details about what took place, when and where.

The level of detail provided is excellent, allowing the resources that manage the actual devices to determine whether or not, the activity is a legitimate concern and to rectify the activity in a timely manner.

What needs improvement?

We currently export PDF files to provide to the client. Rebranding this is a pain in the current environment. Having multiple and flexible export options would be better. Exporting to CSV or other formats and allowing the simple application of corporate logos to the reports, instead of vendor logos would be helpful.

In our environment, we use the SIEM to monitor the alerts, then log into SecureSphere to examine the activity in its alert monitor. Once we know that, if our level 1 analysts cannot determine whether or not the activity is false-positive, then we will export the activity and send it to the DBAs for them to examine closer.

For how long have I used the solution?

I have used this solution for five years.

What was my experience with deployment of the solution?

I don’t deploy, only monitor.

How is customer service and technical support?

I’ve never had to contact them.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user589365
Senior Analyst at a consultancy with 10,001+ employees
Consultant
You don’t need to run scans by logging into different databases. It is monitored through the centralized console.

What is most valuable?

The most valuable feature of this product is vulnerability management since you don’t need to run different scans by logging into different databases. Everything can be done and monitored through the centralized console by a few clicks and without any hassle.

Also, the report generation option on a daily/weekly/monthly basis comes in very handy to the top management.

How has it helped my organization?

Some of the ways in which this product has helped our organization are:

  • All the databases are being monitored.
  • All the compliance requirements can be taken care of through a console.
  • The daily and weekly reports are helpful in understanding the environment.

What needs improvement?

The stability and the ease of use of this product can be improved. I believe the product can be made more flexible and stable.

Additionally, it is very unlikely for a new professional to easily use this tool to its full potential. For this purpose, I believe a few more video tutorials can be uploaded for the newer versions.

For how long have I used the solution?

I have been using this solution for one year.

What do I think about the stability of the solution?

We have encountered some stability issues. There were situations when sometimes the gateway didn’t work as expected. However, thanks to active-passive mode, none of the information was lost.

What do I think about the scalability of the solution?

Every manager and gateway has a predefined capacity. It is very easy to scale up to that capacity. But, if that is exhausted you have to burn the midnight oil.

How are customer service and technical support?

The technical support is good in terms of knowledge. However, the replies are not so frequent and hence can be frustrating sometimes.

Which solution did I use previously and why did I switch?

I have not used any other solution before. I have only used Imperva SecureSphere 11.0.

How was the initial setup?

The initial setup was straightforward. Each and every step is clearly mentioned in the manual. After the initial setup, it becomes a bit tricky.

What's my experience with pricing, setup cost, and licensing?

Since this tool is far better than the competitors and manages a lot of compliance requirements, the pricing seems to be fine.

Which other solutions did I evaluate?

We had evaluated other solutions such as McAfee DAM and IBM Guardium.

What other advice do I have?

You should follow both the guide and the tutorials. The tool is handy only if it is implemented properly. Implementation is a bit complicated; hence, it is advisable to create documentation alongside. It would be more beneficial to use the directory present on the Imperva site before logging for any issues.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user579513
Senior System Engineer at a financial services firm with 1,001-5,000 employees
Vendor
We found new patterns of user behaviour and corrected authorisations.

How has it helped my organization?

Database auditing has become simple and easy, releasing storage previously used for native database audit processes. We found new patterns of database users' behaviour and corrected some user authorisations.

What needs improvement?

Mainframe mappings/agents/optimization for CPU usage are areas with room for improvement.

Agent on z/OS does not have a limit for CPU usage like on other platforms. If
you specify filter too "wide", the agent would consume too much cpu so that
could cause more cost for your mainframe. Agents are a bit special for
configuration because the logic is different than the one on other
platforms.

That is because mainframe agents were originally from Tomium company that
was acquired by Imperva some time ago. They still run the same code, just
little improved.
At this point, my configuration does not collect what I expected, but that
could be due to bugs, that is expected to be solved in version 12 of the
SecureSphere.

You can say for sure that security audit costs money - in this case, your
mainframe CPU money.

For how long have I used the solution?

I have been using it for 18 months.

What was my experience with deployment of the solution?

We had a problem with mainframe DB2 mappings; incorrect results due to bug. A fix is expected in DAM (Database Activity Monitoring) version 12 in March 2017.

What do I think about the stability of the solution?

I have not encountered any stability issues. Only, you need to optimize the data/events you are receiving. If you have too much input, you will have a stability problem (in that case, lower event throughput and increase manager memory).

What do I think about the scalability of the solution?

I have not encountered any scalability issues. It's flexible.

How are customer service and technical support?

Customer service is excellent, 5/5.

Which solution did I use previously and why did I switch?

We did not previously use a different solution. We had some pilot projects and chose this solution.

How was the initial setup?

Initial setup was straightforward and it was simple/easy to install and customize.

What about the implementation team?

A combination of in-house and local support teams implemented it. We are satisfied with their level of expertise.

What was our ROI?

ROI is good. We needed this system for getting ISO 27001.

What's my experience with pricing, setup cost, and licensing?

Be careful if you have a mainframe. Calculate well...

Which other solutions did I evaluate?

Before choosing this product, we evaluated IBM InfoSphere Guardium.

What other advice do I have?

We are very satisfied with this product. It's simple to use, customize and administer. Installation is simple and easy, even on mainframe.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Senior IT Security Consultant at a tech consulting company with 51-200 employees
Consultant
It relies on signature-based policies, as well as on a web correlation engine.

What is most valuable?

WAF is a great security layer to protect an organization from a wide spectrum of application attacks residing in OSI layer 7. The Imperva device relies on signature-based policies, as well as on a web correlation engine. In addition, the packet inspection can be enhanced with the aid of stream signature policies, which are policy items focused on the stream rather than the HTTP/HTTPS protocol. Imperva can easily match a web user to the requests launched from his client. While the default policy subset is very rich and covers different regulations (e.g., PCI, SOX), there is always an option to create custom policies addressing specific needs. Security alerts are comprehensive of all the necessary details for the analysis, such as connection details, signature triggered, alert type (e.g., Protocol, Profile), severity and followed action (e.g., syslog forward, IP monitoring).

DAM also provides great value to audits and again, the data monitoring policies by default are very rich.

If you don't know exactly what kind of data you store in-house, SecureSphere allows you to actively scan and classify your information, automatically providing you detailed status of the data, which can be further reviewed and finalised by analysts or DBAs. This is also valid for user rights on the data, understanding the level of privileges granted to users and suggesting countermeasures in detailed aggregated charts and reports.

Once under monitoring, the data can be reviewed with an intuitive interface that allows the analyst to drill down, quickly narrowing the scope in a few clicks and focusing the attention only on the relevant queries. Once the pattern is identified, it is even possible to quickly report a detailed status of the findings, as well as generate a report template for future uses. This is on the hot data, what we have available in the management database. The time span can be increased indeterminately with a good retention configuration, combined with a SAN that stores the cold data, partitioned in daily slices and ready to be loaded into a separate database space for archives.

This is brilliant if you think about scalability, for you can obtain a very big archive while preserving system resources and performance. However, to get this configuration, in-depth tuning is needed for several weeks in order to get all relevant metrics (e.g. data stored per day, data spikes, backup speed, link transfer capacity, etc.) and adopt the appropriate customizations.

Audit data can also be correlated with application users by obtaining a detailed match of the database queries executed according to a particular web user’s HTTP requests.

The FAM module allows organizations to continuously audit storages and network shares and keep a detailed record of every file operation across the company. Scans are available also in this context, providing user rights as well as access to the monitored files. A data classification is also possible with the FAM.

All of Imperva’s features are extremely powerful, while a certain degree of knowledge is required to have a solid understanding of the product.

How has it helped my organization?

Imperva helps you comply with data regulations such as SOX or PCI. It helps SOC analysts to enlarge the scope analysis, significantly providing great procedures to drill down into the audit or a customizable enrichment fed by several types of input, e.g. Active Directory or other external platforms, and even a layer 7 inspection. When fully integrated, the application user requests are bound with the queries executed, giving a comprehensive picture of how your web application interacts with the data layer highlighting all possible security flaws in the data management, code bugs or server misconfigurations. All this logical data collection is effectively arranged into detailed profiles from where it is possible to spot the unusual deviations or to create advanced conditions to trigger upon this baseline. Think about access to PCI data from users different to the ones allowed, such as DBAs, only from a certain subnet, let's say the external network, out of the business hours, like nights or weekends. This is one possibility of what Imperva can achieve in your organization to protect the data from unauthorised users.

What needs improvement?

To have the mind at ease with a security solution has been always a chimera. Even SecureSphere suffers from some limitations, which I believe will be handled in the near future. I see two main things to improve at this point:

  • SSL tunnel support for z/OS agents
  • Capability to retain live audit policy data for several months; sometimes, on certain installations, this is not feasible due to the big data streams involved in the scope.

For how long have I used the solution?

I've been supporting the Imperva technology since version 8.x. I have a company that provides consultancy services and I support Imperva.

What do I think about the stability of the solution?

From versions 9.5 and later, the Imperva solution has reached an optimum level of stability. On every unusual state reported, I was always able to relate it to misconfigurations or other hardware limitations and never to major bugs or software problems.

What do I think about the scalability of the solution?

Again, Imperva works great when you need to increase managed devices, add new gateways or even change the operational modes of the latter.

How are customer service and technical support?

On a scale from 1-10 (1=worst, 10=best) I would say technical support is 9. Support is always guaranteed and every internal SE has been always competent and ready to assist.

Which solution did I use previously and why did I switch?

I tested different audit and WAF solutions and the one I was always more comfortable with is Imperva.

How was the initial setup?

Setup is actually complex due to the nature of the product and needs deep knowledge of the solution to get things working with minor effort. If you don't know exactly what kind of solution are you deploying or even the installation steps to get the environment fully working, you won't be able to install it easily.

What's my experience with pricing, setup cost, and licensing?

I am a technician, so I am not very confident discussing this topic.

What other advice do I have?

Doing the initial Imperva training before putting your hands on the product helps a lot. Getting assistance from Imperva during the initial stage of your new environment is highly recommended.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user499686
Senior Database Administrator at a media company with 1,001-5,000 employees
Real User
It helped us classify our large inventory and apply additional security controls based on the data classification.

Valuable Features

  • SecureSphere Database Assessment
  • SecureSphere Database Activity Monitoring

Improvements to My Organization

It was instrumental in scanning a large inventory of databases to identify sensitive data. Using Imperva Assessment scans, we were able to identify SHR, PII & confidential data sources in a large inventory of database systems.

This helped us classify our large inventory and apply additional security controls based on the data classification output.

Room for Improvement

I would like to see a better web management console; the UI is not very intuitive, unless you really know what you’re doing. And scan error details should be readable from the web console, instead of running Unix commands on the backend server to view detailed logs.

I would like to see improvements in setting custom device configuration (e.g., Server Name, TCP Port for connections). In a large inventory, it is a time-consuming process if you need to change any configuration.

The web management console UI, could be much more user friendly. The product is pretty powerful, but the management UI is not very intuitive, i.e. not very user friendly and can be improved to make it much better.

When the DAM scans contains errors, the web UI should have the ability to show detailed logs in the web console, instead of requiring an admin to query the back-end server via commands to retrieve scan error logs. This limited web functionality causes extra work when scanning a large inventory where sometimes some servers return scan errors.

Use of Solution

I have used it for 3.5 years.

Deployment Issues

I have not encountered any deployment, stability or scalability issues.

Customer Service and Technical Support

While configuring custom strings for data classification, we did engage Imperva Support and they were very helpful in setting up custom hex strings to help with our data classification. The response time was good too.

Initial Setup

As mentioned above, Imperva was already set up in our Enterprise environment and we only had to add on the Database Assessment module license to our setup.

Implementation Team

It was implemented in-house.

ROI

During the evaluation phase of the project, many of the IT service providers we spoke to quoted figures ranging from half-a-million Australian dollars and up. This cost was inclusive of X people they proposed to get the job done. Imperva DAM was already included in our Enterprise licensing and until last year, we didn’t have a use-case for it. With this project, we had no second thoughts about adding this module license. Excellent ROI using the automated scans, especially comparing it to the manual method proposed by many vendors.

Other Solutions Considered

We did evaluate many software solutions & IT service providers, but none of them were close to meeting our project objective. We had a vast inventory of 5000+ databases, hosting data for thousands of applications, each having different schema & naming conventions. We did a Proof of Technology (PoT) in-house using the Imperva DAM module and, with a few tweaks, it met our project needs. Considering we were already using Imperva for different security assessments, it was an easy decision to add on the Database Assessment module and use that in our infrastructure.

Other Advice

Out of the box, Imperva comes with a lot of security modules & features that straight away add value to your organisation’s security objectives. That’s just the beginning in my opinion. There are enough customization options available for administrators to get Imperva to work for them the way they want it to. The ability to use custom scripts for scans and the ability to use TCP-level capture of database events are excellent features to use in an enterprise.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user504735
Assistant lead - Security Operations at a comms service provider with 10,001+ employees
Vendor
The technology includes unique correlated attack validation. My suggestion to Imperva: Improve the UI.

What is most valuable?

Web application security is pretty good. I have encountered very low false positives.

The correlated attack validation (CAV) is one of the unique aspects about the SecureSphere technology I like.

How has it helped my organization?

First of all, the product is useful for securing the websites of our company, which is basically preserving our brand value in the market.

Secondly, the product is very much competent with evolving threat vectors in cyberspace. Hence, this piece of security requires very few fine tuning efforts be put in place; everything falls right into its exact place.

What needs improvement?

The user interface is kind of a let-down. The graphics, tabs, and other various options are quite jumbled and confusing. My only complaint/suggestion: Improve the user interface.

For how long have I used the solution?

I have been using it for 18 months.

What was my experience with deployment of the solution?

I would like to talk about the upgrade scenario (deployment). First of all, it is complicated; secondly, many manual settings need to be done when you move from one version to another. They don’t automatically get replicated into the newer version, something which I encountered only in Imperva products. The boxes should have built-in scripts to reconfigure the settings and carry out a smooth migration.

How are customer service and technical support?

I didn’t interact much with tech support. But from what I’ve heard, it’s on par with industry standards.

Which solution did I use previously and why did I switch?

Imperva from the beginning!!

How was the initial setup?

Initial setup was complex, but security is not that easy to be figured out in simple clicks, so I guess it’s okay.

What about the implementation team?

We have resident engineers from Imperva and they are quite good at what they do.

What other advice do I have?

Before implementing this product, get your hands dirty with the world wide web. The more you know about the internet, the more useful it is.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user496329
Security Engineer at a tech company with 1,001-5,000 employees
Vendor
Most of the configuration is out-of-the-box and the security policies it offers are granular.

Valuable Features

Most of the configuration is out-of-the-box and it offers very granular security policies. Deployment and configuration is very easy. Once initial setup has been configured, all the rules and polices are applied automatically and we can start viewing the logs.

Improvements to My Organization

We are able to prevent and protect external and internal threats by using Imperva’s complete product line.

Room for Improvement

I would like to see some more granular audit logs for database activities.

Use of Solution

I have been using it for 5-6 years.

Deployment Issues

I have not encountered any issues with deployment, stability or scalability issues. Deployment is very easy, and it offers more stability and scalability.

Customer Service and Technical Support

There are delays in responses from technical support, but you do get a response per SLA.

Initial Setup

Initial setup was pretty straightforward.

Implementation Team

Anyone can implement this solution if you study the guides.

ROI

It is worth the investment for retail, banking, government and IT organizations.

Other Advice

It is the best product for cyber security & forensic investigation for external and internal threat identification and prevention.

Disclosure: My company has a business relationship with this vendor other than being a customer: My company has a distribution partnership with Imperva.
it_user501258
ERS Consultant at a consultancy with 10,001+ employees
Consultant
It covers the legal obligations for Turkish banks and fulfills requirements for our clients.

Valuable Features

  • Easy agent setup
  • Big data
  • SIEM tool integration

Improvements to My Organization

SecureSphere covers the legal obligations for Turkish banks. According to Turkish banking regulations, database activities (especially admins' activities) should be monitored and alerted.

Room for Improvement

Syslog size for transferring data should be increased.

Use of Solution

I used it from September 2015-May 2016.

Deployment Issues

I remember that SecureSphere stores limited data according to the number of the data structure type that is defined in the server configuration files. If a customer does not realize this, data taken with the policy that has a max data structure type is interrupted.

Customer Service and Technical Support

The vendor’s local partners, NGN Company and Bulent Daldal, were very supportive whenever my company needed their help.

Initial Setup

I supported NGN when SecureSphere was set up. Although I only experienced this setup process once, I can now setup SecureSphere DAM and agents on my own. I mean, it was easy and feasible with guidance.

Implementation Team

A vendor team implemented it.

Other Solutions Considered

I did not evaluate other solutions, but I have heard from my clients (Deloitte clients) who have used Guardium before that SecureSphere is better.

Other Advice

SecureSphere fulfills so many requirements for our clients. Additionally, if they want to evaluate and correlate data more comprehensively, they can use this product with SIEM tools such as ArcSight or Splunk.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Mikael Takeo
Security Professional with 501-1,000 employees
Consultant
Top 20Leaderboard
With the audit log system, it can secure an audit trail from privileged users with user logs on a physical server, but the UX is not great and sometimes confusing.

Valuable Features

There are many features that are valuable, it depends on the purpose. If the purpose is compliance or auditing, the most valuable feature are the audit log system, as it helps you to secure an audit trail and from user to action even if the user are privileged and even if the user logs in on the physical server. If the purpose is security the most valuable feature are the way it can drop and prevent the access of sensitive table/data set by rules and policies. Lastly, if the purpose is availability, the most valuable feature is the way it can drop connections set by rules and policies.

Improvements to My Organization

If the purpose is compliance or auditing, ex PCI-DSS you need a system like this to pass part of the compliance. As I help customers with compliance, this is a great tool to make it all "simple" and the report part makes the lives easier for the users/auditors.

If it's used for security, this, or systems like this, are the last line of defence, and you will prevent incursions, or at least know what happened, and what was stolen.

If it is to be used to monitor availability, you will only know the real ROI if you are a victim of a large attack, then you can pat yourself on the back and say "Yay! We prevented that". This cannot be achieved solely on the Imperva system and you need the full suite of WAF.

Room for Improvement

This product needs a good team of UX people, because it's not always that understandable, and sometimes it's straight up confusing.

Deployment Issues

They did have some issues with HA and Clustered environments, but it is supposed to be fixed in v12, which I have not tested.

Stability Issues

No issues encountered.

Scalability Issues

There are issues, but it is supposed to be fixed in v12, which I have not tested.

Customer Service and Technical Support

Customer Service:

It's good, but it's a big company, so you need to know the paths to get the most out of it.

Technical Support:

It's very good.

Initial Setup

This is a complex system, and all other in the same league are just as complex. There are no workarounds to simplify it.

Pricing, Setup Cost and Licensing

It's expensive, and their licensing is kind of strange, but it is what it is.

Other Solutions Considered

We also looked at IBM InfoSphere Guardium.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are a partner/vendor.
it_user254976
Officer- Informations Systems Security Audit at a government with 501-1,000 employees
Vendor
It provides you with audit logs for changes to the database.

What is most valuable?

  • Database activity monitoring
  • Web application firewall

How has it helped my organization?

This product has limited attacks to the core tax collection application. It also provides audit logs for changes to the database and gives user account details.

What needs improvement?

None so far.

For how long have I used the solution?

I've used it for over two years.

What was my experience with deployment of the solution?

I was not around during the implementation, but reports do not show any issues noted.

What do I think about the stability of the solution?

None so far.

What do I think about the scalability of the solution?

None so far. Our solution has not had bottlenecks so far

How are customer service and technical support?

Customer Service:

Customer service has always been available.

Technical Support:

Technical support is rated highly.

Which solution did I use previously and why did I switch?

Only a firewall was in place before. WAF was needed for web application specific protection as firewalls are not the best solution.

How was the initial setup?

No issues noted in the implementation reports.

What about the implementation team?

A third party vendor was used to implement the product and to get the IT security staff trained.

What was our ROI?

We have had a high ROI with this product.

What's my experience with pricing, setup cost, and licensing?

Budget for licenses in synch with your financial years, and it's best to have licenses covering over a year so that planning for procurement of new licenses is done earlier. Of course, if you operate in AWS cloud, its much easier to justify as you can pay for three or more years at once.

Which other solutions did I evaluate?

I am not privy to procurement details, but we use Gartner as a source. Imperva is the sole leader in its field.

What other advice do I have?

Implement this product across all systems running applications as access to one unprotected system can be elevated to a protected one. Also, have reports produced frequently using the tools available in the system and analyze them to know and investigate the sources of attacks the WAF has blocked. That's because they could be internal indicating a compromise or a malicious user within. Ensure that your SharePoint environment is also protected as though it may be internal, attacks can be directed at it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user249771
Information Security Compliance Manager at a financial services firm with 10,001+ employees
Vendor
This is a very complex solution with a wide range of capabilities.

What is most valuable?

The database activity monitoring module used for real time database monitoring and integrated into the security event and incident monitoring solution. Most importantly for our critical legacy databases that cannot be encrypted and require real time a activity monitoring.

How has it helped my organization?

It provides a more granular monitoring of database activity at the column and row level as opposed to high level database management system logs.

What needs improvement?

The professional services and customer training aspect needs to be improved.

For how long have I used the solution?

I've used it for four years.

What was my experience with deployment of the solution?

The first implementation was not tailored to our specific requirements and the system was basically an expensive log collector until the vendors came to capture our requirements and then made modifications. This was then followed up with training.

What do I think about the stability of the solution?

No issues encountered.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

It's moderate.

Technical Support:

It's moderate.

Which solution did I use previously and why did I switch?

I used a different solution with a former employer.

How was the initial setup?

We are a large organization with about 100 critical heterogeneous database servers. This means that one configuration does not fit all, and that made the implementation very complex. Combined with protection of sensitive information that could be logged by the solution.

What about the implementation team?

We used a vendor and their level of expertise was between moderate and high.

What was our ROI?

The ROI based on the number of prevented, and detected, information security incidents can be classified as high.

Which other solutions did I evaluate?

We also looked at Sentrigo Hedgehog by McAfee.

What other advice do I have?

Ensure the vendor clearly captures your specific database monitoring requirements and that might include importing the metadata of the database for proper monitoring. Training should be included in the implementation budget as this is a very complex solution with a wide range of capabilities.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Database Administrator II at a pharma/biotech company with 501-1,000 employees
Vendor
It's a pretty decent product but the learning mode feature should be improved.

What is most valuable?

The alerts on threats and system statuses.

How has it helped my organization?

I can drill down/troubleshoot errors much quicker.

What needs improvement?

Design/ease of the learning mode feature.

For how long have I used the solution?

I have used the product for about a year.

What was my experience with deployment of the solution?

No, the engineer did a very smooth job at deployment.

What do I think about the stability of the solution?

No I have not.

What do I think about the scalability of the solution?

No I have not.

How are customer service and technical support?

Customer Service: 8/10. Technical Support: I haven’t had an issue in the year I have used the product.

Which solution did I use previously and why did I switch?

I did,…

What is most valuable?

The alerts on threats and system statuses.

How has it helped my organization?

I can drill down/troubleshoot errors much quicker.

What needs improvement?

Design/ease of the learning mode feature.

For how long have I used the solution?

I have used the product for about a year.

What was my experience with deployment of the solution?

No, the engineer did a very smooth job at deployment.

What do I think about the stability of the solution?

No I have not.

What do I think about the scalability of the solution?

No I have not.

How are customer service and technical support?

Customer Service:

8/10.

Technical Support:

I haven’t had an issue in the year I have used the product.

Which solution did I use previously and why did I switch?

I did, and I switched because of the poor level of customer service and the solution wasn’t meeting my expectations.

How was the initial setup?

The setup was pretty straightforward as right away, I was very familiar with the architecture.

What about the implementation team?

Their rep did the initial setup and I shadowed him.

What was our ROI?

If I calculated the man hours trying to figure out the alerts I would say a few thousand hours a month have been saved

Which other solutions did I evaluate?

I did evaluate about four other similar products –

  • Gardium
  • Application Security
  • Sentrigo
  • Veracode

What other advice do I have?

It's a decent product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user254619
Operations Consultant at a financial services firm with 10,001+ employees
Vendor
Sometimes convincing the engineering team that there was a problem was a bit harder than it should have been, but the on-site engineers who supported the implementation were excellent.

What is most valuable?

We utilise the following components:

  1. Database activity monitoring of Oracle/SQL/Sybase databases - we did have UDB running, but that was decommissioned
  2. Assessment scans using mostly custom checks to check for security settings - we did expand this at one point to check for best practise, but this was discontinued

How has it helped my organization?

It hasn't really improved the way we function, but it has allowed us to meet several audit issues that were outstanding for many years. We tried another product, but we found it did not meet our requirements.

What needs improvement?

  • Capacity management of application needs significant improvement
  • Task management functionality is pretty basic, with not a lot of functionality
  • I would also like to be able to replace IP addresses with DNS names for easier recognition of host machines
  • The SOM feature could also be dramatically improved to allow central management of the entire feature set
  • The ability to manage lifecycle of agents could be improved via central deployment of upgraded agents

For how long have I used the solution?

I started using the database auditing/risk areas of the product in mid-2011. We use agents for monitoring database activity. We do not use the gateways for collecting data via the network.

What was my experience with deployment of the solution?

We had several performance issues on high throughput applications due to outdated, old hardware/non-ideal settings in the agents. These were mostly on our end.

What do I think about the stability of the solution?

We had a few minor issues with stability, but it has not impacted our service. We did have an agent cause a reboot of a host server, but this was quickly fixed via an upgrade of the agent.

What do I think about the scalability of the solution?

Capacity management is a major issue with the application. There is no easy way to identify when new hardware is required, or if a modification to the configuration could solve the issue. This may have been due to our method of deployment though.

How are customer service and technical support?

Customer Service:

We had a service provider in-between Imperva and our organisation. It did not make things easy. When dealing directly with Imperva I had good experiences with the vendor, and real issues were escalated quickly and getting access to the relevant engineering sections of the vendor was possible.

Technical Support:

Technical support was hit and miss. Sometimes we received excellent support, and other times it was not so good. Sometimes convincing the engineering team that there was a real problem in the software was a bit harder than it should have been. Overall, compared to other vendors, support was good.

Which solution did I use previously and why did I switch?

We previously used another solution, and that product was different depending on the DBMS that was being monitored. Technical expertise in DBMS technology with that vendor was poor, so we switched..

How was the initial setup?

The initial setup was easy, but some of the specific requirements we had required some work. Deploying the hardware during the initial setup did not require and specific customisation for our organisation. The audit policies and assessments obviously did require customisation, but it was relatively simple. Later on, we did find some issues that were due to the setup of the site hierarchy that was not brought to our attention until one to two years later.

What about the implementation team?

We used on-site vendor engineers to support the internal implementation. Their level of expertise was excellent.

What was our ROI?

This is not relevant to the production selection, as we were required to close off auditing items.

Which other solutions did I evaluate?

We compared IBM Guardium and Imperva SecureSphere via a POC process. We did a paper evaluation of other products to choose two products for the POC.

What other advice do I have?

Go through the POC process and test all ITIL processes to ensure you understand what will be required for the entire lifecycle of implementation/support. Engage with DBA teams to provide DBA support and knowledge. If it's possible, ensure there are people who understand databases on the SecureSphere support team.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Product Categories
Database Security
Buyer's Guide
Download our free Imperva SecureSphere Database Security Report and get advice and tips from experienced pros sharing their opinions.