November 01, 2013
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Feature set, quick setup, support.
- Weaknesses: None that were important.
- Verdict: A serious product for small to midsized size companies. We select this as our Best Buy.
Fortinet is well-known for its products, and those we have reviewed in the past exhibited high quality response to a variety of challenges. The FortiDB-1000C did not disappoint us in this regard. It is one of a long string of Fortinet successes.
The unit is a suitable product for smaller size companies. It is a comprehensive database security management tool that provides vulnerability assessment, auditing and monitoring for database management systems. It has 24/7 or 8/5 support available, with engineers who are helpful, knowledgeable and pleasant. The user interface is interactive and easy to operate. The product itself can monitor up to 30 databases.
The 1000C has a multitude of feature, such as activity monitoring, auditing, vulnerability assessment and sensitive data discovery. It is also compatible with several platforms.
The documentation and support were some of the best we have seen. Quick configuration and an in-depth setup guides are available online, as is a full handbook. By following the quick configuration guide, we had the server up and running in 15 minutes, whereas the in-depth configuration guide offered the same information, except it included sample input for each step.
Complete configuration is simple and comprehensive. However, the only thing that needs to be watched is that the server comes with four ports, and users only need to configure the number to be used. Policy setup, on the other hand, is straightforward and granular. Between the quick-start guide and the handbook of some 400-plus pages, users have everything needed.
The 1000C passed all of our testing with flying colors. We tested it by creating databases performing routine database tasks in our test bed, and by running attacks using sqlmap and Armitage. The device logged all of the attack events, which, of course, is important to administrators. Logging is complete and there are many features specifically targeted at compliance reporting. In addition to detecting our attempts at database compromise, the 1000C can initiate database vulnerability tests of its own.
Pricing is reasonable with the solution available as software or preloaded on hardware (as we tested it). The most economical pricing includes the software, hardware, eight-hours-a-day/five-days-a-week support and the FortiGuard Bundle coming in at just under $25,000. We found that the FortiGuard Bundle is extensive and well worth the additional cost.
As well, we found the website to be an extension of the consistently fine assistance offered by Fortinet. User forums, manual downloads and a knowledge base all were publicly available - making the site useful to owners as well as prospective buyers. This is a trend we are seeing more and more and we applaud it.
This product exceeded initial expectations and received almost no negative points. It has the potential to be a significant asset to any organization's database security. Its value for money, considered over its lifecycle, is excellent and the solid reputation of the vendor is a positive consideration.
Rebecca Weaver contributed to this review.
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Scammers target oil companies with sneaky attack
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Study: Employees acknowledge risky security behavior, continue to engage in it
- Hack of airplane systems described in FBI docs raises security questions
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes