Imperva SecureSphere Database Security Room for Improvement

Andrew_Kampolo - PeerSpot reviewer
Senior Manager at Zamtel (Zambia Telecommunications Company Limited)

Data encryption. Yeah, Imperva needs to pull up on data encryption and make it a standard feature to allow maybe for tokenization, encryption of data, and things like that.

View full review »
Mangalik Pal - PeerSpot reviewer
Senior Network Security Engineer at SNSIN

Some cloud versions are not supported by the agent. For example, we had a client that wanted to move to the cloud and wanted to use AWS, however, it was not possible. Imperva should have every kind of agent.

View full review »
RN
CEO at Cyberapp

Imperva SecureSphere Database Security can improve something in all the versions I have used.

In an upcoming release, there should be a more simplistic way to learn the policy. The security policies can be complex, you need to know the attacks in order to give the portal a security policy. They should be more user-friendly to a level you do not need an expert.

View full review »
Buyer's Guide
Imperva SecureSphere Database Security
March 2024
Learn what your peers think about Imperva SecureSphere Database Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
SA
Executive Trainee at a financial services firm with 5,001-10,000 employees

Once we read the activity logs on the platform, we cannot open them anywhere else as they are stored in a proprietary format.

View full review »
EF
Consultant at Btechc

We'd like better compliance with cyber security and legal as well as other areas. 

I'd like to see some sort of solution for storage. For example, if someone in the company is doing some backup, I cannot reach that information in the discovery and in the protection. I only can protect the information, the databases that I use that are in developer or Q&A, and not those databases that are in the backups. It's a limitation.

View full review »
DC
Operator at Halliburton

SecureSphere activity log can be used with Imperva CounterBreach in an effort to protect enterprise data from theft and loss caused. Since such is core to its function, I would like to see future versions to integrate such options.

View full review »
MariyaKuklyeva - PeerSpot reviewer
BDM at Softprom by ERC

Imperva SecureSphere Database Security could improve the database defense feature called camouflage. This feature was responsible for the data mask but now it does not work well and we need another solution. All our banks have teams that are regarded with care and they need to mask sensitive data in order to provide testing to developers.

View full review »
TB
Technical Director at a consultancy with 11-50 employees

Mostly in areas like data masking since they previously had a product called "camouflage," but it was dropped. It would be better to have something similar to that. 

Additionally, improvements can be made in data enrichment, aggregation of data from different perspectives, and enhancing the GUI (Graphical User Interface) for a better user experience.

View full review »
TamunoibitonAdoki - PeerSpot reviewer
Security Engineer at Globus Bank

I have worked with IBM before, and I prefer its ease of deployment and management. Imperva SecureSphere Database Security has tricky deployment, whereas IBM's deployment is straightforward because of the UI.

View full review »
AJ
Network Engineer at CBN

Sometimes the reports are cumbersome, and you have to drill down to get more information. SecureSphere also sometimes needs a lot of maintenance to keep the agents running on the database. In the next release, Imperva should include a preventative solution that will stop an attack before it happens or read the behavior of particular accounts and act on it. They should also make SecureSphere available on mobile so that if an administrator isn't on-prem, he can access the solution via the internet wherever he may be.

View full review »
FB
Senior Solutions Architect at eLAAB Limited

I think the support needs more improvement than the product. The support we get struggles a bit to provide solutions. They take additional time to respond to support requests.

The core of Imperva can sometimes be very slow. This mostly happens when you turn on many alerts, if a lot of people log-in, or if you turn on auditing. It can get noticeably slow. Performance under a heavy load is noticeably reduced.

That could be because of scalability, but most of my major issues have to do with performance. I think it's because they run an Oracle database at the backend. If they allowed the administrators to tune the back end database it might solve the issue. If the backend database is having trouble you have to call support and that takes time. It is not efficient.

Finally, they might consider reducing the licensing fee. It's a bit high compared to the competition. 

View full review »
DA
Senior IT Security Specialist at National Water Company

The GUI needs to be improved and made more user-friendly. This solution is a little complicated compared with other solutions for database auditing because of the GUI interface. It will be much more competitive if the interface meets the standards of the other vendors in the market.

For example, the price of the IBM Guardium is very high, but it's user-friendly. On the other hand, the Imperva GUI is complicated. It is harder for us to generate reports. That's why we face some hurdles in operations.

For security, the main point is to report on any violation of compliance. The administrator is required to generate reports. The GUI is set by the operator and not the admin of the device. Every time they need to make changes, it requires a lot of configuration to generate a new report. For any urgent report, the administrator has to be involved. It should not be necessary.

The agent should be installed at the box itself instead of going on the bridging system and doing the installation. Whenever any dependency is required, the activity becomes harder. If the dependency is not required then the activity can be handled from the box itself. It should be very easy to execute the administration and operations of the device. Comparing to Cisco devices, which are very user-friendly, other product manufacturers can take a lesson and make an effort to make the operational and administrative tasks easy.

It should be possible to execute by the team without writing custom lock sources. 

View full review »
AJ
Network Engineer at CBN

We have a lot of lost communication between the clients and the management server. This is a client-on-server solution and sometimes the agent stops communicating and it can take a lot of troubleshooting to solve the issue. It would also be helpful if they'd improve artificial intelligence. 

View full review »
AC
Project Manager at a energy/utilities company with 10,001+ employees

Comparing it with other products in the market, we definitely see that Imperva SecureSphere is head-to-head with the likes of McAfee, IBM Guardium, and others. It's definitely good. The only challenge I see is that SecureSphere is deployed on servers or databases which are held on physical infrastructure. However, there are databases which are hosted on cloud platforms and Imperva has a separate tool altogether for that, not SecureSphere. If an organization is monitoring databases which are on physical as well as virtual infrastructure, running two different tools can become a problem. If that could be merged together it would be an improvement.

Having read about Imperva, I couldn't get much detail as to what their roadmap is for the future, whether they would want to merge them or not. But as a customer, if I can have one tool for various landscapes, like the databases hosted on a physical landscape as well as the virtual ones, that makes it a lot easier.

View full review »
EA
Core Banking Application Support at a financial services firm with 10,001+ employees

The feature right now that we have not been able to use successfully is the firewall aspect, the WAF.

In terms of the WAF, we tried their blocking functionality at some point, and our entire company came to a halt due to the fact that it was blocking even database connections. It was hanging our databases. Until now, we've not been able to fully use their database blocking functionality very well. That is the only aspect that I wish could be improved tomorrow.

The entire system is not user-friendly for me, and definitely not as user-friendly as Oracle Vault. It should be more user-friendly, to make it much more competitive in the space. 

The technical support is not offered by the company itself. Rather, you can only get technical support via partners. It isn't that good and because of this, we want to leave the product.

The solution is expensive.

If we can look at a system that can do 360 annual. There is an app call bridge that is something they've introduced, however, we don't have that yet. I don't know if that is able to do application monitoring as well, but I wish they had a feature that could do both the database and application monitoring.

View full review »
it_user548754 - PeerSpot reviewer
L3 Application Support Analyst at a financial services firm with 1,001-5,000 employees

All areas of this product have room for improvement. There are a lot of things that can be improved if you want this to run in a corporate environment with thousands of database servers. If your database server count is low, it is a fine solution for you.

Lack of centralized integration when supporting/configuring appliances (SOM has some, but not all configuration/reporting/management functions, but you can’t do a lot of things from one management appliance (SOM) and have to go to separate MX when you want to configure something). As well you can’t upgrade appliances via Update module (you can only do so with agent and that functionality has much room for improvement as the update GUI is not well designed, some functions do not work and event/alert notifications there are mostly useless). So this and some other things make management and support of very large SecureSphere infrastructure sometimes painful.

View full review »
it_user589365 - PeerSpot reviewer
Senior Analyst at a consultancy with 10,001+ employees

The stability and the ease of use of this product can be improved. I believe the product can be made more flexible and stable.

Additionally, it is very unlikely for a new professional to easily use this tool to its full potential. For this purpose, I believe a few more video tutorials can be uploaded for the newer versions.

View full review »
it_user249771 - PeerSpot reviewer
Information Security Compliance Manager at a financial services firm with 10,001+ employees

The professional services and customer training aspect needs to be improved.

View full review »
LM
Tech Lead at a financial services firm with 1,001-5,000 employees

The solution needs local support.

They need to do a little bit more knowledge-sharing with the tool. Knowledge-sharing is not what you normally get with Microsoft, Symantec, or any other tools that are leaders in their respective spaces. This is more of a closed-group type of solution only, whereby the information is only accessible to certain groups, or maybe in certain countries. It needs a broader, more accessible knowledge base. 

There could be more on the monitoring side of things. They need more monitoring tools within the tool itself. Although it does a good job monitoring databases, in terms of the health of its agent gateways to verify communication and all that, there are basically no utilities available within the tool.

View full review »
AA
Data Center Network Expert at TOSAN

The GUI for this solution could use some improvement.

I would like to see better support for countries in the Middle East, and other places that do not have direct access to the vendor.

View full review »
it_user538203 - PeerSpot reviewer
Solution Architect at a financial services firm with 10,001+ employees

BUGs, BUGs, BUGs. The product is under high development and the amount of bugs is bit disappointing. The product has lots of limitations which are not clearly documented. You can only find out the limitations by engaging the support

By using this product you can have only one type of date and time format which is US format. I’m EU citizen and I prefer different date format, same for time format. I would prefer 24Hour clock instead of AM/PM.

View full review »
it_user254619 - PeerSpot reviewer
Operations Consultant at a financial services firm with 10,001+ employees
  • Capacity management of application needs significant improvement
  • Task management functionality is pretty basic, with not a lot of functionality
  • I would also like to be able to replace IP addresses with DNS names for easier recognition of host machines
  • The SOM feature could also be dramatically improved to allow central management of the entire feature set
  • The ability to manage lifecycle of agents could be improved via central deployment of upgraded agents
View full review »
Arnab - PeerSpot reviewer
Data Analyst at a tech services company with 11-50 employees

The GUI is bad. The product must focus on improving its reporting features and the dashboard.

View full review »
DA
Cyber Security Engineer at Isolutions Associates Ltd (ISOLS)

I've been part of various projects and also interact with clients because I do pre-sales. Most of the feedback I receive relates to clients wanting to see an improvement in the reporting. They like the ability and functionality of the solution but they feel the reporting is lacking. The general feeling is also that the GUI has been the same for a very long time and there is room for improvement there. It could look a little better and then if the reports are also improved that would make a big difference all round. 

From a basic implementation point of view, there are some features that are very technical, clients want everything very granular and they always say Imperva bundles everything. You do a signature, and ABC updates and you trust what the ABC is doing. I think if it were a little more granular and detailed in terms of how, for example, a query stream is being detected or something like that, rather than just blocking something, it would give the administrator a better view and understanding of what's happening. 

View full review »
DK
Technical Account Manager at a tech services company with 201-500 employees

What I would like to see improved is Imperva making further development in terms of them going to the Cloud. Our business is moving to the cloud, so we want to have cloud availability as an option. Imperva can do the cloud database, but they are still working at building it out and it does not seem to me to be fully operational.  

View full review »
BO
Security Engineer at a comms service provider with 5,001-10,000 employees

The support could be improved.

The product needs to perform better in extremely busy databases. It does not do really well where the DB is extremely, extremely busy. 

The updates could be better.

The UI can be improved. 

The ability to narrow down to the right environment could be helpful. They need to allow users to find an easy way to drill down to what's important.

View full review »
RH
Senior Database Administrator at a financial services firm with 1,001-5,000 employees

It is quite expensive. I would prefer a lower price. 

In terms of features, I started using it this month. I need more time to explore it.

View full review »
SB
Security Consultant and Cybersecurity Support at a tech services company with 51-200 employees

They have to put more focus on the administrative part of the application, especially on upgrades. There are a lot of packages to download and install that you have to be knowledgeable on. For example, we tried to install a version, and it did not work. Then, support had to become involved.

They should add an application availability dashboard feature and should focus more on the alerting mechanism.

There is a problem with the integrations. I would also like to see improvement in the integration part of the tool. This should be an easy process. For example, I had an issue with the integration of a file server. 

Within the endpoints, the communication is breaking down most of the time. Sometimes, once the communication stops, it does not resume again.

They could approve monitoring in the next release. E.g., right now, we lack the ability to know when databases are down. This is something we could use monitoring to mitigate. 

View full review »
it_user144273 - PeerSpot reviewer
Senior IT Security Consultant at a tech consulting company with 51-200 employees

To have the mind at ease with a security solution has been always a chimera. Even SecureSphere suffers from some limitations, which I believe will be handled in the near future. I see two main things to improve at this point:

  • SSL tunnel support for z/OS agents
  • Capability to retain live audit policy data for several months; sometimes, on certain installations, this is not feasible due to the big data streams involved in the scope.
View full review »
it_user579513 - PeerSpot reviewer
Senior System Engineer at a financial services firm with 1,001-5,000 employees

Mainframe mappings/agents/optimization for CPU usage are areas with room for improvement.

Agent on z/OS does not have a limit for CPU usage like on other platforms. If
you specify filter too "wide", the agent would consume too much cpu so that
could cause more cost for your mainframe. Agents are a bit special for
configuration because the logic is different than the one on other
platforms.

That is because mainframe agents were originally from Tomium company that
was acquired by Imperva some time ago. They still run the same code, just
little improved.
At this point, my configuration does not collect what I expected, but that
could be due to bugs, that is expected to be solved in version 12 of the
SecureSphere.

You can say for sure that security audit costs money - in this case, your
mainframe CPU money.

View full review »
it_user504735 - PeerSpot reviewer
Assistant lead - Security Operations at a comms service provider with 10,001+ employees

The user interface is kind of a let-down. The graphics, tabs, and other various options are quite jumbled and confusing. My only complaint/suggestion: Improve the user interface.

View full review »
SA
Manager - IT Security

They can maybe look at its pricing model. Its pricing could be cheaper for the African countries or developing economies.

View full review »
it_user499686 - PeerSpot reviewer
Senior Database Administrator at a media company with 1,001-5,000 employees

I would like to see a better web management console; the UI is not very intuitive, unless you really know what you’re doing. And scan error details should be readable from the web console, instead of running Unix commands on the backend server to view detailed logs.

I would like to see improvements in setting custom device configuration (e.g., Server Name, TCP Port for connections). In a large inventory, it is a time-consuming process if you need to change any configuration.

The web management console UI, could be much more user friendly. The product is pretty powerful, but the management UI is not very intuitive, i.e. not very user friendly and can be improved to make it much better.

When the DAM scans contains errors, the web UI should have the ability to show detailed logs in the web console, instead of requiring an admin to query the back-end server via commands to retrieve scan error logs. This limited web functionality causes extra work when scanning a large inventory where sometimes some servers return scan errors.

View full review »
AZ
Information Security Analyst at a financial services firm with 501-1,000 employees

I think the biggest challenge with their product is the management of it. Not that it needs a lot of engineering, but it requires a lot of upkeep and deployment of a lot of servers that require regular updating. If you want to make any changes it's a lot of work to get things moving. I personally find it quite difficult to work with in that regard.

The product would be better with improvement to the database security from the access management perspective. A lot of it falls into content on the database and is difficult to retrieve. Also, looking into databases themselves, table sets and data sets and being able to retrieve that information.

View full review »
it_user280122 - PeerSpot reviewer
Security Professional with 501-1,000 employees

This product needs a good team of UX people, because it's not always that understandable, and sometimes it's straight up confusing.

View full review »
it_user561654 - PeerSpot reviewer
IT Security Consultant at a tech company with 501-1,000 employees

Imperva must work on more features for z/OS.

View full review »
it_user949830 - PeerSpot reviewer
IT Security at rmrf-tech

It would be better to update the solution by using a GUI that guides me, rather than through a CLI. It would be best if it were simply updated automatically from an admin page.

View full review »
it_user501258 - PeerSpot reviewer
ERS Consultant at a consultancy with 10,001+ employees

Syslog size for transferring data should be increased.

View full review »
it_user254976 - PeerSpot reviewer
Officer- Informations Systems Security Audit at a government with 501-1,000 employees
RB
Software Developer at a university with 1,001-5,000 employees

The pricing for support could be improved.

Integration with other databases or third-party products would be useful.

View full review »
Roi Nahari - PeerSpot reviewer
CTO- Consulting Services at 2bsecure

Technical support for this solution needs improvement.

View full review »
MS
Security Specialist at a tech services company with 51-200 employees

The solution could improve by having more integration.

View full review »
OO
Cloud Solutions Architect at Snapnet Limited

There is room for improvement in the firewall capabilities when it comes to additional features such as Traffic Shaping, Connection Pooling and Load Balancing. Barracuda and F5 are leading in this aspects.

View full review »
KW
Deputy Director/IT Infrastructure & Security at a educational organization with 1,001-5,000 employees

The system reports vulnerabilities in my vulnerability assessment, but I need something to generate warning messages.

I would like to see integration such that there is support for different kinds of environments, such as on-premises versus cloud.

View full review »
AP
Chairman & CEO at a tech vendor with 51-200 employees

It is very expensive. Its price can be better.

View full review »
it_user245442 - PeerSpot reviewer
Database Administrator II at a pharma/biotech company with 501-1,000 employees

Design/ease of the learning mode feature.

View full review »
it_user577539 - PeerSpot reviewer
Senior Security Analyst at a tech services company with 10,001+ employees

We currently export PDF files to provide to the client. Rebranding this is a pain in the current environment. Having multiple and flexible export options would be better. Exporting to CSV or other formats and allowing the simple application of corporate logos to the reports, instead of vendor logos would be helpful.

In our environment, we use the SIEM to monitor the alerts, then log into SecureSphere to examine the activity in its alert monitor. Once we know that, if our level 1 analysts cannot determine whether or not the activity is false-positive, then we will export the activity and send it to the DBAs for them to examine closer.

View full review »
Rana Shahid - PeerSpot reviewer
Business Development Manager at gwc networks

Overall, it's a very good product but they could do with some modifications log-wise — it should be more comprehensive. Otherwise, 95% of the product is very good.

The interface could be more user-friendly.

View full review »
GD
Information Security Specialist with 51-200 employees

Its reporting can be improved. The reporting feature is currently not good enough for our clients.

View full review »
it_user496329 - PeerSpot reviewer
Security Engineer at a tech company with 1,001-5,000 employees

I would like to see some more granular audit logs for database activities.

View full review »
it_user584112 - PeerSpot reviewer
Network And Security System Administrator at a international affairs institute with 1,001-5,000 employees
  • The upgrade procedure is not clear
  • There is no easy rollback
  • There is no possibility to select different ways for two different types of cipher suit negotiation in two arm deployments. Most of the banks now use ECDHE for PFSC.
  • No SNI support
View full review »
it_user541239 - PeerSpot reviewer
Regional Sales Engineer at a tech company with 1,001-5,000 employees

I would like to see more parameters configurable for the kernel reverse proxy.

View full review »
Buyer's Guide
Imperva SecureSphere Database Security
March 2024
Learn what your peers think about Imperva SecureSphere Database Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.