Imperva SecureSphere Business Security Suite
November 01, 2012
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Enormous feature set and flexible deployment options.
- Weaknesses: High cost and slightly more complex setup.
- Verdict: Excellent for large enterprises or those which can afford the cost, but almost certainly overkill for smaller businesses.
With large enterprise networks under constant attack from malicious entities, administrators need powerful defenses. With what may just be the Cadillac of application and database security products, Imperva makes its appearance to help hold attackers at bay. Just prepare your checkbook, this Caddy doesn't come cheap.
While Imperva supports running the SecureSphere software in a multitude of configurations, both virtual and physical, the product was delivered to us as a pair of appliances - a dedicated management server and a gateway device. The setup process was not insurmountably complex. However, we did need to contact support in order to acquire the administrator's guide before we could make much progress. The appliances used a 38400 baud rate on its serial ports as opposed to the somewhat-standard 9600 baud rate we find on most networking gear, so we had to check the admin guide for those settings. The product's configuration was split between the command line interface (CLI) and the web interface on the management device, with all networking configuration being done via the CLI, as well as linking the gateway to the management device. There was a decent menu-driven system, so we didn't find ourselves typing out long commands. All other functionality was set up via the management server's web interface, so after the initial setup we didn't need to go back to the CLI again.
SecureSphere has far more functionality than we could possibly cover here in the space allotted. Functioning primarily as an application and database firewall with IDS/IPS features, the solution is deployable in a number of different configurations, with support for deployment as an inline gateway, as a reverse proxy or as a network sniffer. The offering supports SSL offloading and decryption of SSL traffic, input validation, application user tracking, session/cookie protection and more. Attack signatures are automatically updated from the Imperva website, and the product supports user-created signatures as well, using a proprietary language resembling that used by Snort. In addition to the standard attack signature detection methodology, subscribers to Imperva's ThreatRadar service get the added benefit of reputation-based IP blocking. On the database side, the product supports activity auditing, continuously monitoring target databases and maintaining an audit trail. It also can alert on and/or block unauthorized access attempts and perform user rights analysis.
The documentation is stellar. The administrator's guide covers everything from deployment planning to product configuration, with network diagrams and screen shots where appropriate. The user's guide covers day-to-day tasks, including reporting, detection signature writing, user tracking and more. Both manuals come as well-formatted PDF files.
Imperva offers three tiers of support. Standard includes help from 8 a.m. to 6 p.m., Monday through Friday, while the enhanced tier extends those hours to 24/7. The premium support package includes advanced hardware replacement.
At a base price of $51,000, buying into the SecureSphere platform isn't cheap. Support costs start at $7,650 for the standard support package.
Sign up to our newsletters
SC Magazine Articles
- Microsoft report explores dangers of running expired security software
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Survey: real-time SIEM solutions help orgs detect attacks within minutes
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- Vulnerabilities identified in three Advantech products
- Operators disable firewall features to increase network performance, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Upping the ante: PCI Security Standard