Imperva SecureSphere Business Security Suite
November 01, 2012
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Enormous feature set and flexible deployment options.
- Weaknesses: High cost and slightly more complex setup.
- Verdict: Excellent for large enterprises or those which can afford the cost, but almost certainly overkill for smaller businesses.
With large enterprise networks under constant attack from malicious entities, administrators need powerful defenses. With what may just be the Cadillac of application and database security products, Imperva makes its appearance to help hold attackers at bay. Just prepare your checkbook, this Caddy doesn't come cheap.
While Imperva supports running the SecureSphere software in a multitude of configurations, both virtual and physical, the product was delivered to us as a pair of appliances - a dedicated management server and a gateway device. The setup process was not insurmountably complex. However, we did need to contact support in order to acquire the administrator's guide before we could make much progress. The appliances used a 38400 baud rate on its serial ports as opposed to the somewhat-standard 9600 baud rate we find on most networking gear, so we had to check the admin guide for those settings. The product's configuration was split between the command line interface (CLI) and the web interface on the management device, with all networking configuration being done via the CLI, as well as linking the gateway to the management device. There was a decent menu-driven system, so we didn't find ourselves typing out long commands. All other functionality was set up via the management server's web interface, so after the initial setup we didn't need to go back to the CLI again.
SecureSphere has far more functionality than we could possibly cover here in the space allotted. Functioning primarily as an application and database firewall with IDS/IPS features, the solution is deployable in a number of different configurations, with support for deployment as an inline gateway, as a reverse proxy or as a network sniffer. The offering supports SSL offloading and decryption of SSL traffic, input validation, application user tracking, session/cookie protection and more. Attack signatures are automatically updated from the Imperva website, and the product supports user-created signatures as well, using a proprietary language resembling that used by Snort. In addition to the standard attack signature detection methodology, subscribers to Imperva's ThreatRadar service get the added benefit of reputation-based IP blocking. On the database side, the product supports activity auditing, continuously monitoring target databases and maintaining an audit trail. It also can alert on and/or block unauthorized access attempts and perform user rights analysis.
The documentation is stellar. The administrator's guide covers everything from deployment planning to product configuration, with network diagrams and screen shots where appropriate. The user's guide covers day-to-day tasks, including reporting, detection signature writing, user tracking and more. Both manuals come as well-formatted PDF files.
Imperva offers three tiers of support. Standard includes help from 8 a.m. to 6 p.m., Monday through Friday, while the enhanced tier extends those hours to 24/7. The premium support package includes advanced hardware replacement.
At a base price of $51,000, buying into the SecureSphere platform isn't cheap. Support costs start at $7,650 for the standard support package.
SC Magazine Articles
- GCHQ infosec group disclosed kernel privilege exploit to Apple
- 77% of organisations unprepared for cyber-security incidents
- 117 million LinkedIn email credentials found for sale on the dark web
- Furtim malware can run AND it can hide
- Ubiquiti warns of worm using known exploit on outdated AirOS firmware
- Some U.S. Bancorp workers' W-2 info exposed in ADP data breach
- Spearphishing attack nets $495K from investment firm
- Updated: Gmail, Yahoo email credentials among millions found on the dark web
- Report: Ransomware feeds off poor endpoint security
- Organizations need formal vendor risk management programs, study
- 2.5K Twitter accounts hacked to spread links to adult content
- Study: Federal agencies still lack strong cyber hygiene practices
- Petya and Mischa - the Ransomware Twins (sort of)
- Bad guys update ransomware DMA Locker with version 4.0
- Lieu, Hurd urge colleagues to use encryption, improve cyber hygiene