If you were talking to someone whose organization is considering Imperva SecureSphere Database Security, what would you say?
How would you rate it and why? Any other tips or advice?
Identify the proper use cases, then implement it. Resource overhead management is a good option. The OS chain option provides the real user behind the DB application user.
Imperva is a product leader in this line, and it is very good. In fact, I have experience with other products, and I would say that this solution is best-in-class. If we had support then this solution would be perfect. I would rate this solution a nine out of ten.
I would give Imperva an eight out of ten as a solution. It meets our requirements equally to what we got from IBM Guardium which we went with based on little more than their name. In a later review, we considered Imperva and realized that both products had almost the same features. If the same functionality is provided by both, it is hard to justify the more expensive product. Now we will save the extra money. At that time, the administrator was not comfortable with the change to Imperva but we provided official training from Imperva. He had experience with other solutions for database auditing systems, so he was able to make the adjustment. We are working with the minimal license so currently, the resources are lower compared to our IBM Guardium license. Even with a shortage of resources, everything is equal to the IBM Guadium solution and we can correct that resource shortage while still saving money. The main thing is defining the actual requirements. If a solution complies with the requirements there's no need to spend extra money for the brand names.
Imperva is a good product if you look at its core functionality and the way it's built. It's a newer product and very consistent. Oracle has been around a long time and may suffer from that legacy a little. If clients want a product which covers all database management systems, then Imperva can work out of the box. Ideally, you can deploy within a day or two of signing a contract. Implementation time with Imperva is much shorter than with Oracle. I think I would rate Imperva a nine out of ten, despite the occasional performance issues. It delivers on the core functionality. If it's running well you are assured you will get the value out of it in terms of the security assurance.
My advice for anybody implementing this solution is to know what you are doing before deploying. You need to learn the security concept of this product. You need to know what you want to protect, and then learn how to protect it. You cannot just deploy this solution and leave it like that. You need to know how to maintain this product. Things are being constantly improved in this solution, but there is no such thing as perfect. I would rate this solution eight out of ten.
My advice to anybody who is implementing this solution is to get the right people on board, and with that, there shouldn't be any problem. I would rate this solution an eight out of ten.
There are many functions in this solution that I do not use at this time. This is a fine product, and one of the best. We needed it for DDoS protection and for Botnet protection, and all of this works fine. I would rate this solution an eight out of ten.
My advice is to do a POC before implementing this solution. I would rate this solution an eight out of ten.
My advice is to go to IT CentralStation and download the report on database security tools. In general, it's all about the policies that you put into the tool to get the output. The tool itself is pretty smart. As someone who is designing the policies or the outputs or the queries, it is like putting a query into a SQL database to get the results. The better or more optimized the query is, the better output you will receive, and so it goes with this solution. When selecting a vendor, pricing, of course, is the most important thing to look at. Then, you look at the scalability options, at how good the tool is, that it suffices your functionality requirements, and that it provides interoperability. I rate Imperva at eight out of ten across the various areas that I just mentioned, be it interoperability, scalability, cost, or ease of installation and setup. Measuring it on each of these aspects is how I came up with my rating.