Hello Paul.
A half year ago, we started to move out from agents to sniffing mode.
For us Pros/Cons:
Pros:
- No need install agents and additional software (less stress for administrators)
- We use SQL and Oracle data base , so we not need aditional solution.
Cons:
- No control local administrators (but we have other tools for control administrators)
- You cannot use Imperva tools - user blocking tools and etc through an agent (for us Imperva DAM- primarily a monitoring and audit tool, for other we have specifed tools and ruls).
In our understanding this is a logical transition, and I think the right decision for the future.
However, we immediately ran into a number of limitations and problems associated with the work of Imperva on VM
For example:
- virtual IPs for SPAN traffic to a sniffing ports (were able to solve through the installation of a PEACEMAKER on the GW).
But now we have a realy problems with decapsulation ERSPAN Traffic
- Iproute2 (on GW not use ERSPAN)
So you can have aditional problems.
And "At the end".
In my opinion, virtualization and leaving the agent scheme is what we will come to over time, and this is the right decision.
I really hope that our solution will be built on the Imperva solutions.
------------------------------
Sergey Malovidchenko
Lead Engineer
Moscow
------------------------------
Original Message:
Sent: 01-07-2022 00:59
From: Debajyoti Paul
Subject: Non Agent deployment (Sniffing Mode) of Imperva DAM
Hi Folks,
Has anyone tried to deploy Imperva DAM by Sniffing mode (non agent) deployment.
What are the pros & cons for the deployment of Sniffing mode ? Is there any specific use cases for sniffing mode deployment ?
#DatabaseActivityMonitoring
------------------------------
Debajyoti Paul
IT security manager
Dubai
------------------------------