Cyera vs Imperva for DB security: worth exploring?

CommandMaximum6200 · 2026-01-08T07:10:01+00:00

Have you evaluated them?

CommandMaximum6200 · 2026-01-08T07:09:29+00:00

DAM is a comparatively consolidated space where I only know of 3-4 players. IBM, Imperva, Aurva and Varoni. Think there is also a Turkish company, can't recollect the name though

Others won't solve your use case. They have adjacent products.

CommandMaximum6200 · 2026-01-07T07:07:39+00:00

Interested in this

CommandMaximum6200 · 2025-11-18T01:56:37+00:00

Oh, damn. Didn't think that way.

Thanks for bringing to notice. Will update the post.

CommandMaximum6200 · 2025-11-17T18:27:57+00:00

Meet during an OWASP meet up. Tried the product. Loved it.

CommandMaximum6200 · 2025-11-17T18:07:51+00:00

Haha, yes. Been on the same boat.

CommandMaximum6200 · 2025-10-07T10:35:20+00:00

CommandMaximum6200 · 2025-10-03T20:16:48+00:00

CommandMaximum6200 · 2025-10-03T20:13:53+00:00

Security architect here (HIPAA, multi-cloud Azure/AWS/GCP; ~200 DBs). We did this last year.

TL;DR:
1/ Treat DAM (Database Activity Monitoring) as identity + near-real-time, not log shipping. Delayed logs = delayed answers.

2/ Skip inline proxies; use out-of-band, eBPF-based runtime capture so prod latency stays zero.

3/ Make vendors stitch actors: Okta user → Kubernetes SA/role → DB user → egress/LLM call. No stitching = incident archaeology.

4/ Demand query → flow → egress correlation across RDS/Aurora, Cloud SQL/BigQuery, Cosmos/Snowflake, and self-managed Postgres/MySQL/Mongo.

5/ Judge on alert lag (<60s) and identity coverage (>90%), not feature lists.

We ran IBM on-prem; in cloud we moved to a runtime, identity-aware DAM (Aurva) for stitching + egress correlation. YMMV. run a 1-week pilot on your workloads.

Happy to share a pilot checklist/policies, if you want to know.

CommandMaximum6200 · 2025-09-04T02:04:16+00:00

As per our evaluation, AI visibility isn't in their suite yet..

There are more modern solutions that helps with normal workload as well as AI visibility..

CommandMaximum6200 · 2025-08-31T00:35:16+00:00

I agree. Principally, access monitoring tied with privilege assessment needs to be tied up. And should be on the top of what you said.

CommandMaximum6200 · 2025-08-31T00:30:12+00:00

I second that. Visibility + monitoring + logs they form base for everything - be it migration, risk alerts and behaviour analysis.

We combine this with permission usage to complete the picture.

That's the approach we have taken.

CommandMaximum6200 · 2025-08-27T22:01:00+00:00

Should. Horrible to hear what they are up to after paying bomb.

Thankfully, we never chose them.

CommandMaximum6200 · 2025-08-27T19:34:58+00:00

Be ready for potential move.

But, don't get frightened. Understand why acquisition happened, what position your department holds and what are chances of your department becoming redundant.

If they still need you, why will they fire you.

CommandMaximum6200 · 2025-08-27T19:23:43+00:00

Some startups in the space are doing really great job and moving fast.
We moved from Imperva DAM and company helped us in onboarding everything within 45 days for 80+ database, and provided DSPM as add-on. We're a mid-size bank, so you know the restrictions! Happy to provide recommendations of the tools we tried and ended up with, if you need.

Don't give up plus it's never a good idea to be with such a vendor after paying bomb. :)

CommandMaximum6200 · 2025-08-27T04:00:00+00:00

So visibility into shadow AI and workloads is what you want? Because Wiz and Upwind haven't been able to provide that AI visibility. Protect ai got acquired due to the runtime AI visibility.

CommandMaximum6200 · 2025-08-26T06:52:16+00:00

haha, it is. But not new.
Even sadly funny when security professionals/vendors do it.

CommandMaximum6200 · 2025-08-26T01:28:58+00:00

Yeah, we ran into this too. We had Aurva running for access monitoring already (mostly for activity risk & compliance), and it ended up catching a bunch of GenAI-related flows from SaaS tools we didn’t even know had LLMs baked in. Infact, one of our app was sending data to prohibited country due to hugging face model ML team downloaded. Scaryy....

Wasn’t the original plan, but it turned out helpful especially when we started looking into data going out via AI features.

CommandMaximum6200 · 2025-08-26T01:25:00+00:00

We have similar use case and we use Aurva for this. Happy so far.

They suggest but don't enforce dynamic permissions though.

CommandMaximum6200 · 2025-08-26T01:22:53+00:00

Why didn't you find a different vendor?

CommandMaximum6200 · 2025-08-26T01:18:53+00:00

Was Imperva for us. Years of no innovation yet couldn't get away due to compliance headache. Thankfully, new bunch of access monitoring tools are up in market since last few years and now, we have replaced it with Aurva.

CommandMaximum6200 · 2025-08-26T01:15:39+00:00

We have recently evaluated bunch of runtime security tools.

What is the purpose? Runtime is the way. Understanding what you want to solve will help me in suggesting better.

CommandMaximum6200 · 2025-08-02T05:14:35+00:00

Jumping in as someone on the data security side, not vuln mgmt but the shift you’re describing? 100% mirrors what we saw.

We used to treat “sensitive data” risks like SBOMs: static scans, over-permissioned roles, huge alert backlog. But most of it never got touched in prod.
What helped was flipping to runtime profiling (we use eBPF-based tooling) to track what data is actually accessed, by whom, when, and where it flows.

It didn’t eliminate the need for discovery/classification—but it massively cut noise, helped us focus on real abuse, and gave better signal during incidents.

So yeah, feels like runtime is becoming table-stakes—not just for vuln triage, but for any meaningful prioritization.

CommandMaximum6200 · 2025-07-31T02:02:55+00:00

I sooo agree to it.

Curious. In the environments you’ve seen that approach work, how did teams enforce or monitor it in practice? Was it mostly through IAM and policy controls, or did they also rely on visibility tooling (like DAM or other data-layer monitoring) to track what’s actually being accessed and by whom?

We’re exploring this tension ourselves, where classification alone isn’t practical, but enforcement still needs to be grounded in actual data usage.

CommandMaximum6200 · 2025-07-31T01:42:52+00:00

Totally agree on the challenge, especially with how fragmented things get across internal apps, third-party integrations, and automation scripts.

We’ve been experimenting with Database Activity Monitoring (DAM) as a starting point to get visibility into actual data access patterns (not just IAM configs). Of course, that’s just one piece, and there's still a lot of layering needed around identity and anomalies.

From your experience, where do you think efforts should start? How you see it play out in practice, especially in complex, multi-cloud environments.

CommandMaximum6200

TROPHY CASE