Please share with the community what you think needs improvement with Imperva SecureSphere Database Security.
What are its weaknesses? What would you like to see changed in a future version?
They have to put more focus on the administrative part of the application, especially on upgrades. There are a lot of packages to download and install that you have to be knowledgeable on. For example, we tried to install a version, and it did not work. Then, support had to become involved. They should add an application availability dashboard feature and should focus more on the alerting mechanism. There is a problem with the integrations. I would also like to see improvement in the integration part of the tool. This should be an easy process. For example, I had an issue with the integration of a file server. Within the endpoints, the communication is breaking down most of the time. Sometimes, once the communication stops, it does not resume again. They could approve monitoring in the next release. E.g., right now, we lack the ability to know when databases are down. This is something we could use monitoring to mitigate.
The GUI for this solution could use some improvement. I would like to see better support for countries in the Middle East, and other places that do not have direct access to the vendor.
The GUI needs to be improved and made more user-friendly. This solution is a little complicated compared with other solutions for database auditing because of the GUI interface. It will be much more competitive if the interface meets the standards of the other vendors in the market. For example, the price of the IBM Guardium is very high, but it's user-friendly. On the other hand, the Imperva GUI is complicated. It is harder for us to generate reports. That's why we face some hurdles in operations. For security, the main point is to report on any violation of compliance. The administrator is required to generate reports. The GUI is set by the operator and not the admin of the device. Every time they need to make changes, it requires a lot of configuration to generate a new report. For any urgent report, the administrator has to be involved. It should not be necessary. The agent should be installed at the box itself instead of going on the bridging system and doing the installation. Whenever any dependency is required, the activity becomes harder. If the dependency is not required then the activity can be handled from the box itself. It should be very easy to execute the administration and operations of the device. Comparing to Cisco devices, which are very user-friendly, other product manufacturers can take a lesson and make an effort to make the operational and administrative tasks easy. It should be possible to execute by the team without writing custom lock sources.
I think the support needs more improvement than the product. The support we get struggles a bit to provide solutions. They take additional time to respond to support requests. The core of Imperva can sometimes be very slow. This mostly happens when you turn on many alerts, if a lot of people log-in, or if you turn on auditing. It can get noticeably slow. Performance under a heavy load is noticeably reduced. That could be because of scalability, but most of my major issues have to do with performance. I think it's because they run an Oracle database at the backend. If they allowed the administrators to tune the back end database it might solve the issue. If the backend database is having trouble you have to call support and that takes time. It is not efficient. Finally, they might consider reducing the licensing fee. It's a bit high compared to the competition.
Technical support for this solution needs improvement.
There is room for improvement in the firewall capabilities when it comes to additional features such as Traffic Shaping, Connection Pooling and Load Balancing. Barracuda and F5 are leading in this aspects.
It would be better to update the solution by using a GUI that guides me, rather than through a CLI. It would be best if it were simply updated automatically from an admin page.
The pricing for support could be improved. Integration with other databases or third-party products would be useful.
Comparing it with other products in the market, we definitely see that Imperva SecureSphere is head-to-head with the likes of McAfee, IBM Guardium, and others. It's definitely good. The only challenge I see is that SecureSphere is deployed on servers or databases which are held on physical infrastructure. However, there are databases which are hosted on cloud platforms and Imperva has a separate tool altogether for that, not SecureSphere. If an organization is monitoring databases which are on physical as well as virtual infrastructure, running two different tools can become a problem. If that could be merged together it would be an improvement. Having read about Imperva, I couldn't get much detail as to what their roadmap is for the future, whether they would want to merge them or not. But as a customer, if I can have one tool for various landscapes, like the databases hosted on a physical landscape as well as the virtual ones, that makes it a lot easier.