November 01, 2011
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Easy deployment, easy to use.
- Weaknesses: Monitoring and auditing, and vulnerability assessment lack some integration. User interface was a bit hard to maneuver.
- Verdict: This tool covers a lot of database platforms. Admins can get it up and running quickly, and automatically discover databases. The product provides additional protection for a decent price.
Fortinet FortiDB-400B provides a suite of functions, including database activity monitoring, audit and compliance reporting, and vulnerability assessment. The tool is available either as an appliance or as client-side software.
The offering is easy to get installed and running. One browses to the default address for initial configuration. The user interface is not as clean or intuitive as we would like, but we were able to work through what we needed to get running, which is a good thing since the documentation is a bit lacking. The main screen brings one to a box to select either "vulnerability assessment" or "monitoring and auditing." These appear to be separate, discrete functions requiring separate logins.
FortiDB captures all types of database activities - from administrative to end-user events. One also can create rules to alert on things like user access, applications and IP addresses. Admins can log this access, and there are built-in compliance policies and canned reports available to support audit needs. The audit policies are also updated regularly to keep admins current with compliance reports.
FortiDB also provides a vulnerability assessment tool, which has its own knowledge base and many out-of-the-box base policies. One benefit is the ability to automatically discover databases on the network. The documentation discusses a data leakage prevention capability for monitoring personally identifiable data, but we were unable to test that.
There is support for Oracle, Sybase, MS SQL and MySQL databases. The product did appear to favor Oracle database systems, as there were multiple collection methods for logs in that environment. SQL Trace is used to collect information on MS SQL databases.
Compliance reporting is good, though alerting was lacking, at least from what we were able to test. But, if one needs to add a layer of protection to out-of-the-box database security protection, the Fortinet FortiDB-400B is a nice, easy-to-deploy and reasonably priced offering.
Sign up to our newsletters
SC Magazine Articles
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Report: $19M breach settlement between MasterCard, Target terminated
- Logjam attack exposes data passed over TLS connections
- Google releases Chrome 43, addresses 37 bugs
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Senate fails to pass USA Freedom Act; McConnell moves for revote of Patriot Act extension
- Android ransomware distributed to English speakers in spam campaign
- Site operator sentenced to 13 months for facilitating prostitution
- ISA presses for data to shape cyber security policy, encourages use of NIST framework
- Former Jacobi Medical Center employee improperly emails patient data