SecureSphere Business Security Suite
January 07, 2013
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Enormous feature set and flexible deployment options
- Weaknesses: High cost and complex setup
- Verdict: Excellent for large enterprises or those that can afford the cost, but almost certainly overkill for smaller businesses
With large enterprise networks under constant attack from malicious entities, administrators need powerful defences. Imperva makes its appearance in this field to help hold attackers at bay. Just prepare your chequebook - this product doesn't come cheap.
While Imperva supports running the SecureSphere software in a multitude of configurations, both virtual and physical, the product was delivered to us as a pair of appliances: a dedicated management server as well as a gateway device.
The setup process was not insurmountably complex. However, we did need to contact support in order to acquire the administrator's guide before we could make much progress. The appliances used a 38,400 baud rate on its serial ports as opposed to the somewhat-standard 9,600 baud rate we find on most networking gear, so we had to check the administration guide for those settings.
The product's configuration was split between the command line interface (CLI) and the web interface on the management device, with all networking configuration being done via the CLI, as well as linking the gateway to the management device. There was a decent menu-driven system, so we didn't find ourselves typing out long commands. All other functionality was set up via the management server's web interface, so after the initial setup we didn't need to go back to the CLI again.
SecureSphere has far more functionality than we could possibly cover here in the space allotted. Functioning primarily as an application and database firewall with IDS/IPS features, the solution is deployable in a number of different configurations, with support for deployment as an inline gateway, reverse proxy or network sniffer. It supports SSL offloading and decryption of SSL traffic, input validation, application user tracking, session/cookie protection and more. Attack signatures are automatically updated from the Imperva website, and the product supports user-created signatures as well, using a proprietary language resembling that used by Snort. In addition to the standard attack signature detection methodology, subscribers to Imperva's ThreatRadar service get the added benefit of reputation-based IP blocking.
On the database side, the product supports activity auditing, continuously monitoring target databases and maintaining an audit trail. It also can alert on and/or block unauthorised access attempts, as well as perform user rights analysis.
The documentation is stellar. The administrator's guide covers everything from deployment planning to product configuration, with network diagrams and screenshots where appropriate. The user's guide covers day-to-day tasks, including reporting, detection signature writing, user tracking and more. Both manuals come as well-formatted PDF files.
Imperva offers three tiers of support. Standard includes help from Monday through to Friday and costs start at c£4,820, while the enhanced tier extends that support to 24/7. The premium support package includes advanced hardware replacement.
At a base price of c£32,160, buying into the SecureSphere platform isn't cheap, but it perhaps offers excellent value for large enterprises.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Senior Network Security Engineer, London, £68-85k + package
Infosec People - England, London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Report: Mirai 'is just the tip of the iceberg'
- Data centres are on the move - where will they end up?
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- 400% increase in POS malware variants across US Thanksgiving weekend
- Only 25% of businesses can effectively detect and respond to data breaches
- Is BYOD your company's norm? Beware the ghosts of data past this Christmas
- Over 400,000 phishing sites have been detected each month in 2016
- TalkTalk customers urged to get routers swapped over hacker fears