November 01, 2011
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Easy deployment, easy to use.
- Weaknesses: Monitoring and auditing, and vulnerability assessment lack some integration. User interface was a bit hard to maneuver.
- Verdict: This tool covers a lot of database platforms. Admins can get it up and running quickly, and automatically discover databases. The product provides additional protection for a decent price.
Fortinet FortiDB-400B provides a suite of functions, including database activity monitoring, audit and compliance reporting, and vulnerability assessment. The tool is available either as an appliance or as client-side software.
The offering is easy to get installed and running. One browses to the default address for initial configuration. The user interface is not as clean or intuitive as we would like, but we were able to work through what we needed to get running, which is a good thing since the documentation is a bit lacking. The main screen brings one to a box to select either "vulnerability assessment" or "monitoring and auditing." These appear to be separate, discrete functions requiring separate logins.
FortiDB captures all types of database activities - from administrative to end-user events. One also can create rules to alert on things like user access, applications and IP addresses. Admins can log this access, and there are built-in compliance policies and canned reports available to support audit needs. The audit policies are also updated regularly to keep admins current with compliance reports.
FortiDB also provides a vulnerability assessment tool, which has its own knowledge base and many out-of-the-box base policies. One benefit is the ability to automatically discover databases on the network. The documentation discusses a data leakage prevention capability for monitoring personally identifiable data, but we were unable to test that.
There is support for Oracle, Sybase, MS SQL and MySQL databases. The product did appear to favor Oracle database systems, as there were multiple collection methods for logs in that environment. SQL Trace is used to collect information on MS SQL databases.
Compliance reporting is good, though alerting was lacking, at least from what we were able to test. But, if one needs to add a layer of protection to out-of-the-box database security protection, the Fortinet FortiDB-400B is a nice, easy-to-deploy and reasonably priced offering.
SC Magazine Articles
- Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak
- USAA members hit with multiple phishing attacks
- Trust exercise: Symantec's new website security expert is reaching out to hacker community
- WikiLeaks postings of Turkish emails included active links to malware
- U.S. government extends offer to protect states from electoral cyberthreats
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- CEO sacked after aircraft company grounded by whaling attack
- Microsoft warns of new, self-propagating ransomware in the wild
- Wendy's POS breach 'considerably' bigger than first thought
- The media becomes the story as hackers focus efforts on news organizations
- Researchers quell Wildfire ransomware with decryption key
- M&A deals bring added cybersecurity risks
- Twitoor first Android malware known to leverage Twitter for command and control
- Juniper confirms leaked "NSA exploits" affect its firewalls, no patch released yet