Imperva Data Security Fabric Reviews

The most valuable features are:

• DAM Module
• Third-party data source integration: Feeds automation
• Data enrichment: Provides better data quality and session handling
• API: Used for process automation

The solution has improved our organization as follows:

• Better agent performance compared to v9.5
• Gateways are much more stable
• Gateway cluster improves resource utilization and provides better resiliency
• Offers the option to manage cluster capacity without touching the agent configuration

BUGs, BUGs, BUGs. The product is under high development and the amount of bugs is bit disappointing. The product has lots of limitations which are not clearly documented. You can only find out the limitations by engaging the support

By using this product you can have only one type of date and time format which is US format. I’m EU citizen and I prefer different date format, same for time format. I would prefer 24Hour clock instead of AM/PM.

We have been used this solution for over three years.

There were stability issues in v9.5. There are no major stability issues in v10.5.

Stability is dependent on the infrastructure. If you use hypervisor, then you need to make sure to use resources and I/O settings that are optimal for SecureSphere. Otherwise, you will end up with stability and performance issues.

There are some scalability issues. There was a hardcoded limitation in the number of MXs you can connect to SOM. In addition, the bigger the infrastructure, the bigger challenge there is to create a single audit report file.

The technical support is OK. But they have big potential to do things better.

We had a previous solution. We switched because the new requirements couldn’t be accomplished with the old solution.

The installation was quite complex. We had to integrated lots of external systems in order to make it work right.

Give it a try. Write down your requirements as detailed as possible, and perform a PoC using this list. If you find gaps that require additional development, it could take some time until you actually get it.

Data discovery and classification: It gives you the ability to find your sensitive data where it exists, even though you may not have known it was there.

Vulnerability assessments: This feature helps you to know the possible vulnerabilities in your protected servers.

Database firewall: This is the most important feature. It provides you with the capability to block attacks (external or internal) in real time to your protected servers.

This product has helped us to protect the environment against malicious activities. We have detected some security violations and have taken actions against them.

Imperva must work on more features for z/OS.

I’ve been using SecureSphere for four years.

We had some issues but they were attributed to bad administration.

Scalability is one of the most powerful features of Imperva. We have grown easily, once it was necessary.

Support is good. The Imperva engineers have excellent technical knowedge.

We made a PoC with other solutions but Imperva was the best.

The initial setup was really easy. This product has a friendly wizard and in a few simple steps, we implemented it without troubles.

The product is not cheaper, but is one of the best options. Besides, the other options have more or less the same pricing.

We evaluated IBM Guardium.

They must take into account that this solution, like others, must be sized correctly. If they do not size the solution correctly, they might have some issues.

I believe the most valuable feature is the GUI. It is still very much oversized for the job it does, but in comparison to other alternatives, it is still the best at the moment.

Before SecureSphere was used, the native auditing tools were used, and now there is a segregation of duties when managing audit data from DBAs and DBS teams. It is a much more secure way to have audit data from databases and to monitor actions of privileged accounts.

All areas of this product have room for improvement. There are a lot of things that can be improved if you want this to run in a corporate environment with thousands of database servers. If your database server count is low, it is a fine solution for you.

Lack of centralized integration when supporting/configuring appliances (SOM has some, but not all configuration/reporting/management functions, but you can’t do a lot of things from one management appliance (SOM) and have to go to separate MX when you want to configure something). As well you can’t upgrade appliances via Update module (you can only do so with agent and that functionality has much room for improvement as the update GUI is not well designed, some functions do not work and event/alert notifications there are mostly useless). So this and some other things make management and support of very large SecureSphere infrastructure sometimes painful.

I’ve been using SecureSphere for over three years.

It depends on the load of gateways/MXs. If load is big and there are advanced filtering rules in place, gateways or MX can crash or perform slowly.

The SOM does not have all the functionality yet to manage all MXs centrally and, if you have a very large infrastructure, it is not so easy to manage it, as it requires you to apply updates or new configurations directly to agents or MXs 1 by 1.

The support team responds promptly but sometimes it seems that, in more complex cases, they just try to stall for time for R&D to look at it and that they don’t know why some problems are happening.

Before, we were using native database auditing tools. Regulators have pointed out that DBAs are managing auditing tools themselves, which is not a good practice. Usage of SecureSphere and forming a new team responsible only for management of this tool was suggested.

Setup was complex. We had to deploy hundreds of gateway appliances to gather audit data and deploy thousands of agents to different OSs. This was not an easy task, as there were no simple solutions to do that. There were also challenges to configuring auditing rules and monitoring rules to work with all kinds of databases and different kind of requirements relating to them.

I don’t know anything about pricing and licensing.

I believe an IBM solution was considered, but it was much too expensive and didn’t provide as many features.

Use the newest version (at the moment I think it is 11.5) and pay extra for staff training and additional consultation on how to set up rules, etc.

As the member of an MSSP SOC team, we monitor dozens of appliances from multiple vendors. SecureSphere is one of the many tools that feeds our SIEM with relevant alerts regarding client activity of concern. Once we receive this, we use the alert monitor to delve into the details about what took place, when and where.

The level of detail provided is excellent, allowing the resources that manage the actual devices to determine whether or not, the activity is a legitimate concern and to rectify the activity in a timely manner.

We currently export PDF files to provide to the client. Rebranding this is a pain in the current environment. Having multiple and flexible export options would be better. Exporting to CSV or other formats and allowing the simple application of corporate logos to the reports, instead of vendor logos would be helpful.

In our environment, we use the SIEM to monitor the alerts, then log into SecureSphere to examine the activity in its alert monitor. Once we know that, if our level 1 analysts cannot determine whether or not the activity is false-positive, then we will export the activity and send it to the DBAs for them to examine closer.

I have used this solution for five years.

I don’t deploy, only monitor.

I’ve never had to contact them.

The most valuable feature of this product is vulnerability management since you don’t need to run different scans by logging into different databases. Everything can be done and monitored through the centralized console by a few clicks and without any hassle.

Also, the report generation option on a daily/weekly/monthly basis comes in very handy to the top management.

Some of the ways in which this product has helped our organization are:

• All the databases are being monitored.
• All the compliance requirements can be taken care of through a console.
• The daily and weekly reports are helpful in understanding the environment.

The stability and the ease of use of this product can be improved. I believe the product can be made more flexible and stable.

Additionally, it is very unlikely for a new professional to easily use this tool to its full potential. For this purpose, I believe a few more video tutorials can be uploaded for the newer versions.

I have been using this solution for one year.

We have encountered some stability issues. There were situations when sometimes the gateway didn’t work as expected. However, thanks to active-passive mode, none of the information was lost.

Every manager and gateway has a predefined capacity. It is very easy to scale up to that capacity. But, if that is exhausted you have to burn the midnight oil.

The technical support is good in terms of knowledge. However, the replies are not so frequent and hence can be frustrating sometimes.

I have not used any other solution before. I have only used Imperva SecureSphere 11.0.

The initial setup was straightforward. Each and every step is clearly mentioned in the manual. After the initial setup, it becomes a bit tricky.

Since this tool is far better than the competitors and manages a lot of compliance requirements, the pricing seems to be fine.

We had evaluated other solutions such as McAfee DAM and IBM Guardium.

You should follow both the guide and the tutorials. The tool is handy only if it is implemented properly. Implementation is a bit complicated; hence, it is advisable to create documentation alongside. It would be more beneficial to use the directory present on the Imperva site before logging for any issues.

Database auditing has become simple and easy, releasing storage previously used for native database audit processes. We found new patterns of database users' behaviour and corrected some user authorisations.

Mainframe mappings/agents/optimization for CPU usage are areas with room for improvement.

Agent on z/OS does not have a limit for CPU usage like on other platforms. If
you specify filter too "wide", the agent would consume too much cpu so that
could cause more cost for your mainframe. Agents are a bit special for
configuration because the logic is different than the one on other
platforms.

That is because mainframe agents were originally from Tomium company that
was acquired by Imperva some time ago. They still run the same code, just
little improved.
At this point, my configuration does not collect what I expected, but that
could be due to bugs, that is expected to be solved in version 12 of the
SecureSphere.

You can say for sure that security audit costs money - in this case, your
mainframe CPU money.

I have been using it for 18 months.

We had a problem with mainframe DB2 mappings; incorrect results due to bug. A fix is expected in DAM (Database Activity Monitoring) version 12 in March 2017.

I have not encountered any stability issues. Only, you need to optimize the data/events you are receiving. If you have too much input, you will have a stability problem (in that case, lower event throughput and increase manager memory).

I have not encountered any scalability issues. It's flexible.

Customer service is excellent, 5/5.

We did not previously use a different solution. We had some pilot projects and chose this solution.

Initial setup was straightforward and it was simple/easy to install and customize.

A combination of in-house and local support teams implemented it. We are satisfied with their level of expertise.

ROI is good. We needed this system for getting ISO 27001.

Be careful if you have a mainframe. Calculate well...

Before choosing this product, we evaluated IBM InfoSphere Guardium.

We are very satisfied with this product. It's simple to use, customize and administer. Installation is simple and easy, even on mainframe.

WAF is a great security layer to protect an organization from a wide spectrum of application attacks residing in OSI layer 7. The Imperva device relies on signature-based policies, as well as on a web correlation engine. In addition, the packet inspection can be enhanced with the aid of stream signature policies, which are policy items focused on the stream rather than the HTTP/HTTPS protocol. Imperva can easily match a web user to the requests launched from his client. While the default policy subset is very rich and covers different regulations (e.g., PCI, SOX), there is always an option to create custom policies addressing specific needs. Security alerts are comprehensive of all the necessary details for the analysis, such as connection details, signature triggered, alert type (e.g., Protocol, Profile), severity and followed action (e.g., syslog forward, IP monitoring).

DAM also provides great value to audits and again, the data monitoring policies by default are very rich.

If you don't know exactly what kind of data you store in-house, SecureSphere allows you to actively scan and classify your information, automatically providing you detailed status of the data, which can be further reviewed and finalised by analysts or DBAs. This is also valid for user rights on the data, understanding the level of privileges granted to users and suggesting countermeasures in detailed aggregated charts and reports.

Once under monitoring, the data can be reviewed with an intuitive interface that allows the analyst to drill down, quickly narrowing the scope in a few clicks and focusing the attention only on the relevant queries. Once the pattern is identified, it is even possible to quickly report a detailed status of the findings, as well as generate a report template for future uses. This is on the hot data, what we have available in the management database. The time span can be increased indeterminately with a good retention configuration, combined with a SAN that stores the cold data, partitioned in daily slices and ready to be loaded into a separate database space for archives.

This is brilliant if you think about scalability, for you can obtain a very big archive while preserving system resources and performance. However, to get this configuration, in-depth tuning is needed for several weeks in order to get all relevant metrics (e.g. data stored per day, data spikes, backup speed, link transfer capacity, etc.) and adopt the appropriate customizations.

Audit data can also be correlated with application users by obtaining a detailed match of the database queries executed according to a particular web user’s HTTP requests.

The FAM module allows organizations to continuously audit storages and network shares and keep a detailed record of every file operation across the company. Scans are available also in this context, providing user rights as well as access to the monitored files. A data classification is also possible with the FAM.

All of Imperva’s features are extremely powerful, while a certain degree of knowledge is required to have a solid understanding of the product.

Imperva helps you comply with data regulations such as SOX or PCI. It helps SOC analysts to enlarge the scope analysis, significantly providing great procedures to drill down into the audit or a customizable enrichment fed by several types of input, e.g. Active Directory or other external platforms, and even a layer 7 inspection. When fully integrated, the application user requests are bound with the queries executed, giving a comprehensive picture of how your web application interacts with the data layer highlighting all possible security flaws in the data management, code bugs or server misconfigurations. All this logical data collection is effectively arranged into detailed profiles from where it is possible to spot the unusual deviations or to create advanced conditions to trigger upon this baseline. Think about access to PCI data from users different to the ones allowed, such as DBAs, only from a certain subnet, let's say the external network, out of the business hours, like nights or weekends. This is one possibility of what Imperva can achieve in your organization to protect the data from unauthorised users.

To have the mind at ease with a security solution has been always a chimera. Even SecureSphere suffers from some limitations, which I believe will be handled in the near future. I see two main things to improve at this point:

• SSL tunnel support for z/OS agents
• Capability to retain live audit policy data for several months; sometimes, on certain installations, this is not feasible due to the big data streams involved in the scope.

I've been supporting the Imperva technology since version 8.x. I have a company that provides consultancy services and I support Imperva.

From versions 9.5 and later, the Imperva solution has reached an optimum level of stability. On every unusual state reported, I was always able to relate it to misconfigurations or other hardware limitations and never to major bugs or software problems.

Again, Imperva works great when you need to increase managed devices, add new gateways or even change the operational modes of the latter.

On a scale from 1-10 (1=worst, 10=best) I would say technical support is 9. Support is always guaranteed and every internal SE has been always competent and ready to assist.

I tested different audit and WAF solutions and the one I was always more comfortable with is Imperva.

Setup is actually complex due to the nature of the product and needs deep knowledge of the solution to get things working with minor effort. If you don't know exactly what kind of solution are you deploying or even the installation steps to get the environment fully working, you won't be able to install it easily.

I am a technician, so I am not very confident discussing this topic.

Doing the initial Imperva training before putting your hands on the product helps a lot. Getting assistance from Imperva during the initial stage of your new environment is highly recommended.

• SecureSphere Database Assessment
• SecureSphere Database Activity Monitoring

It was instrumental in scanning a large inventory of databases to identify sensitive data. Using Imperva Assessment scans, we were able to identify SHR, PII & confidential data sources in a large inventory of database systems.

This helped us classify our large inventory and apply additional security controls based on the data classification output.

I would like to see a better web management console; the UI is not very intuitive, unless you really know what you’re doing. And scan error details should be readable from the web console, instead of running Unix commands on the backend server to view detailed logs.

I would like to see improvements in setting custom device configuration (e.g., Server Name, TCP Port for connections). In a large inventory, it is a time-consuming process if you need to change any configuration.

The web management console UI, could be much more user friendly. The product is pretty powerful, but the management UI is not very intuitive, i.e. not very user friendly and can be improved to make it much better.

When the DAM scans contains errors, the web UI should have the ability to show detailed logs in the web console, instead of requiring an admin to query the back-end server via commands to retrieve scan error logs. This limited web functionality causes extra work when scanning a large inventory where sometimes some servers return scan errors.

I have used it for 3.5 years.

I have not encountered any deployment, stability or scalability issues.

While configuring custom strings for data classification, we did engage Imperva Support and they were very helpful in setting up custom hex strings to help with our data classification. The response time was good too.

As mentioned above, Imperva was already set up in our Enterprise environment and we only had to add on the Database Assessment module license to our setup.

It was implemented in-house.

During the evaluation phase of the project, many of the IT service providers we spoke to quoted figures ranging from half-a-million Australian dollars and up. This cost was inclusive of X people they proposed to get the job done. Imperva DAM was already included in our Enterprise licensing and until last year, we didn’t have a use-case for it. With this project, we had no second thoughts about adding this module license. Excellent ROI using the automated scans, especially comparing it to the manual method proposed by many vendors.

We did evaluate many software solutions & IT service providers, but none of them were close to meeting our project objective. We had a vast inventory of 5000+ databases, hosting data for thousands of applications, each having different schema & naming conventions. We did a Proof of Technology (PoT) in-house using the Imperva DAM module and, with a few tweaks, it met our project needs. Considering we were already using Imperva for different security assessments, it was an easy decision to add on the Database Assessment module and use that in our infrastructure.

Out of the box, Imperva comes with a lot of security modules & features that straight away add value to your organisation’s security objectives. That’s just the beginning in my opinion. There are enough customization options available for administrators to get Imperva to work for them the way they want it to. The ability to use custom scripts for scans and the ability to use TCP-level capture of database events are excellent features to use in an enterprise.