Which solution is better for database security? IBM Guardium or Imperva SecureSphere Database Security?
If we look at the technical aspects which one should we choose?
I have done assessment for both products.
Performance wise both product are equal, there is no difference.
However when looking into infrastructure setup, licencing and management there is a huge difference.
Imperva Pros & Cons:
- Simple initial setup. Works quite well out of the box.
- Have rich set of predefined policies and reporting. Easy to start digging into audit data
- Easy dataset management
- Cost efficient appliances. Good optimizations.
- Excellent health monitoring for large deployments. SOM + 10 or more MXs
- Global configuration management via SOM
- Alert suppression via ticket submission (flag session with valid change ref ticket)
- Automatic configuration change synchronization
- All configuration, including advanced configuration is done remotely without need to touch OS platform (applicable only for AGENTS)
- Fairly easy troubleshooting
- Modern user friendly GUI
- Automatic agent load balancing within gateway cluster (v12 and up)
- Reporting issues when audit policy data is higher than 50GB (New EX system can solve this problem).
- Central reporting is limited and very restrictive in size (New EX system can resolve this problem).
- Advanced reporting can only be done via EX system.
- BUG fixing takes lot of time
- Monitoring limitations in some scenarios (like Oracle Shared Server and ASO Encryption)
Guardium Pros & Cons:
- Ability to define any king of reports, but required knowledge of SQL language
- Scheduled audit data off-shipping to central reporting console.
- Central reporting is based on BigData
- Agent deployment in listener mode
- Extremely complicated and difficult initial setup. Impossible to do it without Guardium SME onsite.
- No predefined set of audit report policies. you have to create your own.
- Very complicated agent registration process
- Some agent configurations needs to be done only locally via shell.
- Inefficient appliances. Requires lots of RAM due to RDBMS is used for data collection. Example (Imperva needs 8GB RAM vs Guardium 32GB. this is just to service same amount of monitored DB hosts)
- Global configuration management is not possible via single location. Policies and configurations are tuned either in manager of collector.
- Very difficult to scale
- While resiliency is possible, session persistence is not available (at least in v10.1).
- Data Interface Discovery has lots of bugs (should be fixed in v10.2 and up).
- Security/Audit Policy changes not synchronized automatically unless you make a workaround by building scheduled job.
- Global infrastructure reporting is not possible unless you have central reporting console. Still data delay is more than 5 min. and you have to define which fields you want to feed.
- Alert/Violation suppression via ticket submission is not possible, at least in v10.1
- Dynamic dataset from external source is possible, but very difficult to implement.
- Multi dataset match is not possible, building dataset from multiple datasets kind of possible. but involves building tens of additional processes. if something goes wrong will be very hard to identify where is the issue.
- very difficult to scale
- expensive licenses
- GUI is not user friendly and very difficult to navigate. Design drops back into 1995. Menu navigation, in most cases, is done via search to find what you need until you memorize the path.
Both products have own strengths and weaknesses. But my prize goes to Imperva for more furnished and completeness of the DAM solution.
IMPERVA is a better choice.
1. Has more implement types.
2. Agent is an option, you need to install IMPERVA agent on DB server only if you allow local access and you want to audit such behavior.
You can also config the percentage of CPU resources that IMPERVA agent can use, to prevent database crash.
3. GUI is more friendly. Guardium’s GUI is more like a design for a tech guy, and you might be better familiar with a database so that you can use the GUI well.
4. Support cloud platform such as Microsoft Azure or Amazon AWS.
5. If you have many database servers, IMPERVA might have a better price than IBM.
6. Management and Gateway both support VM, you can control VM resources as you need.
VM is also easier to backup and restore.
7. Many compliance report template and policy, and maintained by IMPERVA.
8. IMPERVA also has WAF function, you can purchase it once you need. And WAF can share the same management interface.
9. Not only log behaviors, IMPERVA can provide real-time security alerts once someone trying to hack your database, perform privilege commands, access by unauthorized sources…etc.
10. You might search audit logs in real-time, and raw data stored in IMPERVA is been encrypted.
Imperva's focus is on Web Application Security, Database Security, File Security and etc.. As for the Database Security, the big difference between IBM and Imperva, Imperva is working like IPS and it has many signatures that you can protect against attacks such as database protocol attacks and SQL Injection attacks even you work with Agent or Inline/Sniff mode. Sometimes I used to write some specific signature based on database flow to block anomalies and also correlate them with custom policies. The last thing is the infrastructure. Imperva has a compact solution. 1 gateway and 1 management is more than enough to handle all traffic. But when you try to implement IBM Guardium, you need to distribute collectors for almost every 4-5 databases (depends on the transaction size). I did not use Guardium but seen some on field and I must say that I would definetely choose Imperva.
Both are good products. But technically for me IBM Guardium is better then Imperva
Explored Guardium in the past and Imperva seems competing and has enriched features in cloud.
Ideally, see the basic requirement to fulfill, compare cost of both and do a poc.
Guardium and Imperva both are industry leaders in the DAM and Database Firewall areas. Although Impreva is a much better solution in terms of features, firewall capability and customized rules that can be created. Still my suggestion would be to go with Guardium primarily because it has support for encrypted database and provides a clear cut integration with IBM Qradar. IBM Guardium has a similar look and feel of IBM Qradar in terms of offenses (that is quite cumbersome). IBM guardium also is more effective in terms of SQL variants of injection compared to Imperva. All in all if you are not user containers and encrypted database, use imperva (Better GUI and more effective Fire-walling capability and less false positives)
Hi, both solutions have good things, but in operational environments, Imperva works better, I think IBM works better in infrastructure or another stuff, Imperva is the specialist in DBF and data protection, all imperva engineers work for it, Imperva solutions was born as firewall solution, is its main functionality.
I'd worked with both, and support as well, and If I can recomended one of them, the answer is imperva without doubts.
I work for IBM so my response is going to be biased. Of course, Guardium is far superior to Imperva. Both products do a great job at providing database activity monitoring. The difference is in the details. There are architectural and administrative qualities that I believe set Guardium apart.