Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Non Agent deployment (Sniffing Mode) of Imperva DAM

    Posted 01-07-2022 03:00
    Hi Folks, 

    Has anyone tried to deploy Imperva DAM by Sniffing mode (non agent) deployment. 
    What are the pros & cons for the deployment of Sniffing mode ? Is there any specific use cases for sniffing mode deployment ?

    #DatabaseActivityMonitoring

    ------------------------------
    Debajyoti Paul
    IT security manager
    Dubai
    ------------------------------


  • 2.  RE: Non Agent deployment (Sniffing Mode) of Imperva DAM

    Posted 01-10-2022 02:07
    Edited by Sergey Malovidchenko 01-10-2022 02:46
    Hello Paul.

    A half year ago, we started to move out from agents to sniffing mode.

    For us Pros/Cons:

    Pros:
    - No need install agents and additional software (less stress for administrators)
    - We use SQL and Oracle data base , so we not need aditional solution.

    Cons:
    - No control local administrators (but we have other tools for control administrators)
    - You cannot use Imperva tools - user blocking tools and etc through an agent (for us Imperva DAM- primarily a monitoring and audit tool, for other we have specifed tools and ruls).

    In our understanding this is a logical transition, and I think the right decision for the future.

    However, we immediately ran into a number of limitations and problems associated with the work of Imperva on VM

    For example:
    - virtual IPs for SPAN traffic to a sniffing ports (were able to solve through the installation of a PEACEMAKER on the GW).
    But now we have a realy problems with decapsulation ERSPAN Traffic
    - Iproute2 (on GW not use ERSPAN)

    So you can have aditional problems.

    And "At the end".
    In my opinion, virtualization and leaving the agent scheme is what we will come to over time, and this is the right decision.
    I really hope that our solution will be built on the Imperva solutions.

    ------------------------------
    Sergey Malovidchenko
    Lead Engineer
    Moscow
    ------------------------------



  • 3.  RE: Non Agent deployment (Sniffing Mode) of Imperva DAM

    Posted 01-17-2022 08:56
    Hi Sergey, 

    Thanks for the update. 

    We are proceed with Agentless Deployment only. Also, as you told you did agentless deployment previously and you have a hands on experience for this. So, can you please help me out on below mention points ?
    Because I'm not able to find related documents for the implementation. Only one link is there where mentation details related Non-Agent deployment. 

    Imperva Documentation Portal :- Determining Type of Deployment - Agent Vs. Non-Agent 

    Required help on below mention points :-
     
    • Any pre-requisite documents is there related to Agentless deployment ? What is  the pre-requisites for implementing DAM in Agentless deployment. ?
    • What are the Risks & Dependencies of Agentless deployment ?
    • What are the Key Solution Components for Agentless deployment ?
    • If you have any KB articles or any reference links can you please share that for my reference.  
     



    ------------------------------
    Debajyoti Paul
    IT security manager
    Dubai
    ------------------------------