November 01, 2011
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Easy deployment, easy to use.
- Weaknesses: Monitoring and auditing, and vulnerability assessment lack some integration. User interface was a bit hard to maneuver.
- Verdict: This tool covers a lot of database platforms. Admins can get it up and running quickly, and automatically discover databases. The product provides additional protection for a decent price.
Fortinet FortiDB-400B provides a suite of functions, including database activity monitoring, audit and compliance reporting, and vulnerability assessment. The tool is available either as an appliance or as client-side software.
The offering is easy to get installed and running. One browses to the default address for initial configuration. The user interface is not as clean or intuitive as we would like, but we were able to work through what we needed to get running, which is a good thing since the documentation is a bit lacking. The main screen brings one to a box to select either "vulnerability assessment" or "monitoring and auditing." These appear to be separate, discrete functions requiring separate logins.
FortiDB captures all types of database activities - from administrative to end-user events. One also can create rules to alert on things like user access, applications and IP addresses. Admins can log this access, and there are built-in compliance policies and canned reports available to support audit needs. The audit policies are also updated regularly to keep admins current with compliance reports.
FortiDB also provides a vulnerability assessment tool, which has its own knowledge base and many out-of-the-box base policies. One benefit is the ability to automatically discover databases on the network. The documentation discusses a data leakage prevention capability for monitoring personally identifiable data, but we were unable to test that.
There is support for Oracle, Sybase, MS SQL and MySQL databases. The product did appear to favor Oracle database systems, as there were multiple collection methods for logs in that environment. SQL Trace is used to collect information on MS SQL databases.
Compliance reporting is good, though alerting was lacking, at least from what we were able to test. But, if one needs to add a layer of protection to out-of-the-box database security protection, the Fortinet FortiDB-400B is a nice, easy-to-deploy and reasonably priced offering.
SC Magazine Articles
- Cerber ransomware strain now targeting Office 365 users
- Critical infrastructure in Europe exposed to hackers
- Deal with the devil: Ransomware experiment proves you can negotiate price down
- WordPress Summer of Pwnage: 64 holes in 21 days
- Cerber ransomware C&C server shut down by research firm and CERT-Netherlands
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Hard Rock Hotel & Casino Las Vegas hit with POS breach
- X-ray and MRI machines among devices used as springboards for data breach attacks
- Brexit shakeup: How will the U.K.'s exit from the EU affect the technology sector?
- Hacker purportedly selling over 650,000 stolen medical records on dark web marketplace
- For the incoming federal CISO: Focus on the human side of cybersecurity
- Audit: FBI's threat prioritization process too subjective and sluggish
- 2.3 million 'Warframe,' 'Clash of Kings' accounts compromised
- MS-ISAC official: Ransomware top priority
- Microsoft EOP exposes users to data breaches, whitepaper