Imperva SecureSphere Database Security Reviews

It has a very user-friendly interface that's very detailed. 

Overall, it's a very good product but they could do with some modifications log-wise — it should be more comprehensive. Otherwise, 95% of the product is very good.

The interface could be more user-friendly.

We have been using this solution for roughly two to three years.

Imperva SecureSphere Database Security is both completely scalable and stable.

I don't have much experience with technical support, but when I have spoken with them, they have been helpful.

The initial setup was very straightforward; not complex at all.

Deployment time varies, but in terms of implementation, it's a very good product. There is no hectic environment during the implementation. It is a very straightforward implementation.

The price is very high but compared to the price of the overall solution, then I think it's a good deal because the solution itself is great.

I would highly recommend this solution. It's a very expensive solution, but if you have the budget for it, I would definitely recommend Imperva Database Security.

On a scale from one to ten, I would give Imperva Database Security a rating of nine.

It is mainly used for database activity monitoring. Some customers use it to monitor all transactions in the database, such as privilege operations, grant commands. They collect all the data and see all transactions and store them. Sometimes, they also use security alerts with the database update monitoring, but generally, it is used only for regulations.

It has a user-friendly interface. It is a stable and scalable product. 

Its reporting can be improved. The reporting feature is currently not good enough for our clients.

I have been using this solution for about five years.

Stability is its main feature. There aren't any stability-related issues.

It is scalable.

I have contacted them. Sometimes, they are good, and sometimes, they are not. 

The initial setup was really easy. It took us two hours to deploy. 

I would recommend this solution. I would rate Imperva SecureSphere Database Security a nine out of ten.

Our use case for the solution is for monitoring, reporting and access management as well as looking for alerts in anomalies of behavior. I'm an information security analyst and we're a customer of Imperva. 

The integration with CounterBreach, which is the anomalous behavior detection feature, is the coolest thing and it's quite user friendly as far as the console goes. 

I think the biggest challenge with their product is the management of it. Not that it needs a lot of engineering, but it requires a lot of upkeep and deployment of a lot of servers that require regular updating. If you want to make any changes it's a lot of work to get things moving. I personally find it quite difficult to work with in that regard.

The product would be better with improvement to the database security from the access management perspective. A lot of it falls into content on the database and is difficult to retrieve. Also, looking into databases themselves, table sets and data sets and being able to retrieve that information.

I've been using this solution for a couple of months. 

I think it's a pretty stable product, but there's a lot you need to know about it. It's not like most fast products that you can just log in and get a feel for. You have to really get an understanding of how it was set up and the policies that are in place on it. 

The technical support is all right. They're not great, they're not terrible.

I would recommend including the entire team on the initial implementation because it's something that's not easy to pass along down the road. There's a lot to understand initially, and to upkeep it you have to know all that information.

I would rate this solution a seven out of 10. 

The primary use case is for database monitoring. We are also using the blocking part, which is used for: 

• Any suspicious activities which are done, such as delete command and query command, outside the admin, the solution is supposed to block them.
• The blocking of compromised databases through cloning. Blocking will not allow the cloning.

We use it for blocking and auditing. Our job is monitoring. We are a government entity and provide services to other ministries. We use Imperva for its Database Activity Monitoring and File Integrity Monitoring tools. We have also enabled Database Firewall.

As we are very sensitive to financial impacts, this product provides great protection for our organization.

It enabled us to monitor the most critical DBA activities, and most critically helped us identify default accounts and passwords. Additionally, with this solution we were able to block an external attack on our Oracle DB.

• DB Activity Monitoring
• DB Firewall
• CounterBreach

Their web application firewall (WAF) is quite good.

They have to put more focus on the administrative part of the application, especially on upgrades. There are a lot of packages to download and install that you have to be knowledgeable on. For example, we tried to install a version, and it did not work. Then, support had to become involved.

They should add an application availability dashboard feature and should focus more on the alerting mechanism.

There is a problem with the integrations. I would also like to see improvement in the integration part of the tool. This should be an easy process. For example, I had an issue with the integration of a file server. 

Within the endpoints, the communication is breaking down most of the time. Sometimes, once the communication stops, it does not resume again.

They could approve monitoring in the next release. E.g., right now, we lack the ability to know when databases are down. This is something we could use monitoring to mitigate. 

The stability is good. Sometimes the gateways disconnect and connect again automatically.

We have a dedicated staff person for maintenance: alert, fine tuning, and adjustments.

The solution is scalable. I would rate the scalability as an nine out of ten. We have used this solution since 2014 but have not encountered any scalability issues so far.

Within our organization, we have around 500 users. Our site protects approximately 70,000 end users.

When the technical support is required, they assist us. I would rate them as seven out of ten because they are not so good due to the due to differing time zones. 

We managed by using the regional vendors. Overall, the support is effective.

We previously used IBM Guardium. Before 2015, it was bit complicated to use.

A bit complex, but following the instructions and the manual guide is enough for the initial setup. A little knowledge helps.

We used the Imperva Professional Services for the configuration in our environment. It is important to have experienced professionals do these changes.

The initial deployment for our team was a failure.

The implementation took one week. Afterwards, the configuration started, then the use case testing. Overall, it took for us around one month.

Our local partner is now supporting us. Gulf IT has very good experience in the Middle East. They are nice to work with and supporting us well.

We have seen ROI, as it protects our company from threats.

This tool helped us mitigate audit risks by 100 percent.

We have all the licenses, which we pay for annually. The price is a little high, but the product is good.

Yes, Guardium.

Identify the proper use cases, then implement it.

Resource overhead management is a good option. The OS chain option provides the real user behind the DB application user.

We do not use this solution directly. Rather, we procure it for our customers and assist with the implementation.

The most valuable feature is the Data Masking. Most of our customers inquire about it, so it is very important to us.

There is room for improvement in the firewall capabilities when it comes to additional features such as Traffic Shaping, Connection Pooling and Load Balancing. Barracuda and F5 are leading in this aspects.

Once the installation is complete there are complaints here and there. Afterward, however, it is stable. Our support continues from this point, so over time, we will have a better understanding of this.

One of our customers currently has five hundred users.

The technical support is ok, and we have had good assistance from them.

The initial setup is not straightforward for a single person or IT administrator. However, when many IT administrators get together then they can resolve all of the issues.

We have consultants that assist our IT administrator with the deployment.

The length of time for deployment varies, but the last one took us approximately three months.

Many of our customers compare this solution to Oracle Audit Vault, although we are confident that Imperva satisfies all of their requirements.

My advice to anybody who is implementing this solution is to get the right people on board, and with that, there shouldn't be any problem. 

I would rate this solution an eight out of ten.

We generally use Imperva as a database firewall and for activity monitoring. 

The solution has to fit the organization first. Once we know the product is a fit, we support in the creation of reports. We look at the core users (administrators, auditors, accountants, etc.) who need to get information and we look at the responsibility matrix. Our responsibility is the database and we try to implement the total solution for an organization. This means reports are created for the specific needs of, say, IT security administrators, top management, IT guys, etc. This shows each group or individual what they need to know. We try to make it so database administrators do not have to directly interface with the solution by creating report editors and report creators based on the unique assessment of the organization. 

Imperva is a high-end product and it doesn't come cheap. Most government agencies don't use it because of its expense. But those who use it, like it and it's on the wishlist of many organizations.

The ability to automate reports simplifies what an organization has to do. Even the in-built reports are quite useful. But customization can make the product experience very specific and efficient.

But besides that, clients like to compare industry benchmarks and establish best practices. Report analysis can help with that.

The reporting ends up being the most visible feature even though the protection and automated blocking are as valuable. The reporting is very flexible, and users can create any type of reports they want. It gives them insight into the information they need to be effective at what they are responsible for.

I think the support needs more improvement than the product. The support we get struggles a bit to provide solutions. They take additional time to respond to support requests.

The core of Imperva can sometimes be very slow. This mostly happens when you turn on many alerts, if a lot of people log-in, or if you turn on auditing. It can get noticeably slow. Performance under a heavy load is noticeably reduced.

That could be because of scalability, but most of my major issues have to do with performance. I think it's because they run an Oracle database at the backend. If they allowed the administrators to tune the back end database it might solve the issue. If the backend database is having trouble you have to call support and that takes time. It is not efficient.

Finally, they might consider reducing the licensing fee. It's a bit high compared to the competition. 

Imperva is very stable. I think because of the core on which it is built.

The Imperva solution is quite scalable. You can start by adding it to one device and then scale it to the whole organization. 

We've had instances where we added a gateway and the end user didn't notice. It scales fluidly.

There are different levels of support that you can contract for and it is supposed to be based on priority. In our region, the level of support — whether you have paid for premium or expanded support — you get the same level of support. There are no options for same day support or one hour support. You may still get a response within an hour no matter what level you pay for. That said, we normally pay for premium support and we have been satisfied with the service when we do that.

Most of the time, the customers I deal with pick products which have a particular reputation. That may lead to their decision to go with Imperva. 

The initial setup was straightforward. We normally use Imperva's professional services, so that makes it very easy to deploy. We build on the knowledge gained in previous deployments, which makes it easier still. 

In the deployment, we want to get up as soon as possible. We know that for a typical deployment that it is usually two weeks. 

We use Imperva's professional services for most of our deployments, but we work through a distributor data group. The services are always really good. They know the company, they know the market, they know the region where we operate from, and they know the language and the culture. The knowledge of the local environment makes everything easier in completing a proper implementation.

We don't do actual studies on return on investment. The key thing is for the product to do its job. The value of good security is practically limitless and it would be hard to define in hard dollar value.

Licenses are yearly. We normally try to negotiate a perpetual license but separate annual support and maintenance.

The pricing over-all depends on the entry level. For example, if support and maintenance are about $20,000 - $25,000, the initial cost can be five times more. It is less expensive for the company to maintain the client than to make the deployment.

There are some additional costs for add-ons and scaling.

Normally, in this region, clients look at McAfee and Oracle security solutions first because of recognition. Our suggestions are normally to compare Imperva and Oracle. Clients like the reputation of Oracle because it has a large footprint and is proven in areas like databases and applications. Sometimes clients try to build database security strictly around Oracle Technology without considering other options. They are often surprised what Imperva has to offer as the name is less familiar.

Imperva is a good product if you look at its core functionality and the way it's built. It's a newer product and very consistent. Oracle has been around a long time and may suffer from that legacy a little. If clients want a product which covers all database management systems, then Imperva can work out of the box. Ideally, you can deploy within a day or two of signing a contract. Implementation time with Imperva is much shorter than with Oracle. 

I think I would rate Imperva a nine out of ten, despite the occasional performance issues. It delivers on the core functionality. If it's running well you are assured you will get the value out of it in terms of the security assurance. 

The primary use for our company is to enable the auditing on the DB level. The main target is to track the activities happening and by whom on critical tables. Based on that requirement, we purchased this database auditing solution because it was specific to Oracle for auditing purposes.

It addresses our needs and our clients' needs for Oracle DB reporting.

The features which are most valuable are from the security perspective. We do not have other specific tools for vulnerability assessment. The package allows user activity monitoring. The second thing is for assessing the vulnerability of the database while it is running. 

The GUI needs to be improved and made more user-friendly. This solution is a little complicated compared with other solutions for database auditing because of the GUI interface. It will be much more competitive if the interface meets the standards of the other vendors in the market.

For example, the price of the IBM Guardium is very high, but it's user-friendly. On the other hand, the Imperva GUI is complicated. It is harder for us to generate reports. That's why we face some hurdles in operations.

For security, the main point is to report on any violation of compliance. The administrator is required to generate reports. The GUI is set by the operator and not the admin of the device. Every time they need to make changes, it requires a lot of configuration to generate a new report. For any urgent report, the administrator has to be involved. It should not be necessary.

The agent should be installed at the box itself instead of going on the bridging system and doing the installation. Whenever any dependency is required, the activity becomes harder. If the dependency is not required then the activity can be handled from the box itself. It should be very easy to execute the administration and operations of the device. Comparing to Cisco devices, which are very user-friendly, other product manufacturers can take a lesson and make an effort to make the operational and administrative tasks easy.

It should be possible to execute by the team without writing custom lock sources. 

Everything is working fine, so it is stable.

As we are able to change our licensing to expand resources and features, it is scalable. We have not yet actually implemented the scalability.

Till now we have not had any open cases with the technical support, so I cannot comment on that.

Before Imperva, we used IBM Guardium. We switched because of the price. With IBM Guardium we were charged for features we never needed to use. We were using it only for auditing purposes. That is the same thing we are using Imperva for. As we did not have any need for the other features in Guardium we were paying extra for nothing. Some of the higher level features we now use in Imperva were available in Guardium, but we didn't use them at that time. 

The initial setup was straightforward. At first, we were unable to find the application user tracking and our main target was to track specific user privileges, activity and who was making changes inside the database from the console. It was a minor setback.

There are two types of deployment. The first one is for the solution to integrate the database which took about three days. For the usage, identifying the queries and creating rules, it took longer. The whole was complete within 15 days or 20 days, I think.

We have three operators and two administrators. The administrator role is to make the policies, install the agent, do the integration with the gateway and enable the auditing on the specific tables and the specific columns.

The operator generates reports on users and activity based on the areas we need to monitor. If a user is doing any activity outside of the normal time, the operator's responsibility is to report users to the DVR admin and the security feed.

One guy was enough for the deployment. We have only integrated one database, so in our environment is simple.

Another thing I want to highlight is that you can adjust the permissions from anywhere.

The deployment was done by the Imperva partner.

The immediate return is that we are saving money by having a lower cost for the same functionality. The new solution has satisfied management. I couldn't tell you the exact return. The only real additional cost was retraining staff. That was minimal.

I don't know the exact prices because that is a function of accounting, but I know service is contracted on a yearly basis. We purchased the minimal license for Imperva initially even though we have a lot of databases, but the license covered our needs. The company has recommended increasing the licensing. 

There are additional costs depending on the features. For example, if we want to prevent something on the DV level we can't because we didn't purchase that license. If we want it, we can add it. Our main goal right now is to enhance the license for the TPS license (transaction process system). It is easy to enhance functionality by adding other features licenses.

We did a comparison between Imperva and IBM Guardium before making the switch. The comparison was based on two things: auditing the databases and monitoring user privileges. These two features were offered by both solutions, so we were just left to evaluate based on the difference in prices. 

I would give Imperva an eight out of ten as a solution. It meets our requirements equally to what we got from IBM Guardium which we went with based on little more than their name.

In a later review, we considered Imperva and realized that both products had almost the same features. If the same functionality is provided by both, it is hard to justify the more expensive product. Now we will save the extra money.

At that time, the administrator was not comfortable with the change to Imperva but we provided official training from Imperva. He had experience with other solutions for database auditing systems, so he was able to make the adjustment.

We are working with the minimal license so currently, the resources are lower compared to our IBM Guardium license. Even with a shortage of resources, everything is equal to the IBM Guadium solution and we can correct that resource shortage while still saving money.

The main thing is defining the actual requirements. If a solution complies with the requirements there's no need to spend extra money for the brand names.

Our primary use for this solution is securing banking web applications. It protects the web service of one of the big Internet banks in Iran.

This solution has helped secure our Internet-based services, protecting us against DoS and other types of web-based attacks.

The most valuable features include the compliance with standards for security in web applications, and the ability to detect vulnerabilities.

The GUI for this solution could use some improvement.

I would like to see better support for countries in the Middle East, and other places that do not have direct access to the vendor.

Stability is great. Immediately after we deployed it, we had a good feeling about security and performance.

The scalability of this solution is good. Compared to other products, this one is more scalable.

Currently, this solution is protecting approximately twenty thousand end-users.

We are deploying new web-based services and applications, so we expect the usage to increase.

Due to restrictions because of sanctions in Iran, we do not have support for this solution. For this reason, we have done everything ourselves. This can be challenging because sometimes we have troubles upgrading the device, or obtaining new signatures.

We did not use another solution prior to this one.

The initial setup and configuration for this solution were very simple and straightforward.

Deployment in our environment took approximately one week. We begin by deploying it in a test environment. After performing some tests, we moved it to the operational environment.

Two technical staff are required for deployment and maintenance, and we have about six people, in different roles, who manage this solution.

We handled the implementation and deployment ourselves.

Our ROI from the initial payment was realized in approximately two months.

This is an affordable solution. There is an annual licensing fee for upgrading the device.

After we undertook wide research and development, we found that this product is suitable for us. Two of the products that we looked at in addition to this one were FortiWeb and F5.

Imperva is a product leader in this line, and it is very good. In fact, I have experience with other products, and I would say that this solution is best-in-class. If we had support then this solution would be perfect.

I would rate this solution a nine out of ten.