SecureSphere Business Security Suite
Strengths: Enormous feature set and flexible deployment options
Weaknesses: High cost and complex setup
Verdict: Excellent for large enterprises or those that can afford the cost, but almost certainly overkill for smaller businesses
With large enterprise networks under constant attack from malicious entities, administrators need powerful defences. Imperva makes its appearance in this field to help hold attackers at bay. Just prepare your chequebook - this product doesn't come cheap.
While Imperva supports running the SecureSphere software in a multitude of configurations, both virtual and physical, the product was delivered to us as a pair of appliances: a dedicated management server as well as a gateway device.
The setup process was not insurmountably complex. However, we did need to contact support in order to acquire the administrator's guide before we could make much progress. The appliances used a 38,400 baud rate on its serial ports as opposed to the somewhat-standard 9,600 baud rate we find on most networking gear, so we had to check the administration guide for those settings.
The product's configuration was split between the command line interface (CLI) and the web interface on the management device, with all networking configuration being done via the CLI, as well as linking the gateway to the management device. There was a decent menu-driven system, so we didn't find ourselves typing out long commands. All other functionality was set up via the management server's web interface, so after the initial setup we didn't need to go back to the CLI again.
SecureSphere has far more functionality than we could possibly cover here in the space allotted. Functioning primarily as an application and database firewall with IDS/IPS features, the solution is deployable in a number of different configurations, with support for deployment as an inline gateway, reverse proxy or network sniffer. It supports SSL offloading and decryption of SSL traffic, input validation, application user tracking, session/cookie protection and more. Attack signatures are automatically updated from the Imperva website, and the product supports user-created signatures as well, using a proprietary language resembling that used by Snort. In addition to the standard attack signature detection methodology, subscribers to Imperva's ThreatRadar service get the added benefit of reputation-based IP blocking.
On the database side, the product supports activity auditing, continuously monitoring target databases and maintaining an audit trail. It also can alert on and/or block unauthorised access attempts, as well as perform user rights analysis.
The documentation is stellar. The administrator's guide covers everything from deployment planning to product configuration, with network diagrams and screenshots where appropriate. The user's guide covers day-to-day tasks, including reporting, detection signature writing, user tracking and more. Both manuals come as well-formatted PDF files.
Imperva offers three tiers of support. Standard includes help from Monday through to Friday and costs start at c£4,820, while the enhanced tier extends that support to 24/7. The premium support package includes advanced hardware replacement.
At a base price of c£32,160, buying into the SecureSphere platform isn't cheap, but it perhaps offers excellent value for large enterprises.