November 01, 2013
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Feature set, quick setup, support.
- Weaknesses: None that were important.
- Verdict: A serious product for small to midsized size companies. We select this as our Best Buy.
Fortinet is well-known for its products, and those we have reviewed in the past exhibited high quality response to a variety of challenges. The FortiDB-1000C did not disappoint us in this regard. It is one of a long string of Fortinet successes.
The unit is a suitable product for smaller size companies. It is a comprehensive database security management tool that provides vulnerability assessment, auditing and monitoring for database management systems. It has 24/7 or 8/5 support available, with engineers who are helpful, knowledgeable and pleasant. The user interface is interactive and easy to operate. The product itself can monitor up to 30 databases.
The 1000C has a multitude of feature, such as activity monitoring, auditing, vulnerability assessment and sensitive data discovery. It is also compatible with several platforms.
The documentation and support were some of the best we have seen. Quick configuration and an in-depth setup guides are available online, as is a full handbook. By following the quick configuration guide, we had the server up and running in 15 minutes, whereas the in-depth configuration guide offered the same information, except it included sample input for each step.
Complete configuration is simple and comprehensive. However, the only thing that needs to be watched is that the server comes with four ports, and users only need to configure the number to be used. Policy setup, on the other hand, is straightforward and granular. Between the quick-start guide and the handbook of some 400-plus pages, users have everything needed.
The 1000C passed all of our testing with flying colors. We tested it by creating databases performing routine database tasks in our test bed, and by running attacks using sqlmap and Armitage. The device logged all of the attack events, which, of course, is important to administrators. Logging is complete and there are many features specifically targeted at compliance reporting. In addition to detecting our attempts at database compromise, the 1000C can initiate database vulnerability tests of its own.
Pricing is reasonable with the solution available as software or preloaded on hardware (as we tested it). The most economical pricing includes the software, hardware, eight-hours-a-day/five-days-a-week support and the FortiGuard Bundle coming in at just under $25,000. We found that the FortiGuard Bundle is extensive and well worth the additional cost.
As well, we found the website to be an extension of the consistently fine assistance offered by Fortinet. User forums, manual downloads and a knowledge base all were publicly available - making the site useful to owners as well as prospective buyers. This is a trend we are seeing more and more and we applaud it.
This product exceeded initial expectations and received almost no negative points. It has the potential to be a significant asset to any organization's database security. Its value for money, considered over its lifecycle, is excellent and the solid reputation of the vendor is a positive consideration.
Rebecca Weaver contributed to this review.
Sign up to our newsletters
SC Magazine Articles
- Malware on Lime Crime website, payment cards compromised
- Florida law enforcement docs show widespread stingray use, secrecy
- After Superfish-Lenovo incident, Facebook probes larger issue of SSL-sniffing adware
- Gemalto investigates claims that gov't spies hacked SIM card encryption keys
- Disconnect yawns between CISOs, exec leadership, study says
- Carbanak APT campaign made off with $1B from banks globally
- BMW issues security patch for bug allowing attackers physical access into vehicles
- NIST requests final comments on ICS security guide
- New attack uses ransomware to drop trojans and keyloggers
- Microsoft phishing emails target corporate users, deliver malware that evades sandboxes
- Report: Majority of health-related websites leak data to third parties
- State breakdowns: Anthem breach by the numbers
- Botnet of Joomla servers furthers DDoS-for-hire scheme
- Study: SMBs lack thorough understanding of state data breach notification laws