November 01, 2011
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Easy deployment, easy to use.
- Weaknesses: Monitoring and auditing, and vulnerability assessment lack some integration. User interface was a bit hard to maneuver.
- Verdict: This tool covers a lot of database platforms. Admins can get it up and running quickly, and automatically discover databases. The product provides additional protection for a decent price.
Fortinet FortiDB-400B provides a suite of functions, including database activity monitoring, audit and compliance reporting, and vulnerability assessment. The tool is available either as an appliance or as client-side software.
The offering is easy to get installed and running. One browses to the default address for initial configuration. The user interface is not as clean or intuitive as we would like, but we were able to work through what we needed to get running, which is a good thing since the documentation is a bit lacking. The main screen brings one to a box to select either "vulnerability assessment" or "monitoring and auditing." These appear to be separate, discrete functions requiring separate logins.
FortiDB captures all types of database activities - from administrative to end-user events. One also can create rules to alert on things like user access, applications and IP addresses. Admins can log this access, and there are built-in compliance policies and canned reports available to support audit needs. The audit policies are also updated regularly to keep admins current with compliance reports.
FortiDB also provides a vulnerability assessment tool, which has its own knowledge base and many out-of-the-box base policies. One benefit is the ability to automatically discover databases on the network. The documentation discusses a data leakage prevention capability for monitoring personally identifiable data, but we were unable to test that.
There is support for Oracle, Sybase, MS SQL and MySQL databases. The product did appear to favor Oracle database systems, as there were multiple collection methods for logs in that environment. SQL Trace is used to collect information on MS SQL databases.
Compliance reporting is good, though alerting was lacking, at least from what we were able to test. But, if one needs to add a layer of protection to out-of-the-box database security protection, the Fortinet FortiDB-400B is a nice, easy-to-deploy and reasonably priced offering.
Sign up to our newsletters
SC Magazine Articles
- RSA Conference 2015: Prepare for the IoT before it's too late, Sorebo warns
- Study: Open Source Software use increasing in enterprises but without vulnerability monitoring
- 'Aaron's Law' returns to Congress
- RSA 2015: Tension continues to grow between govt, cryptographers
- CozyDuke APT group believed to have targeted White House and State Department
- Study: Conficker declared top threat of 2014, but N. America targeted mainly by AnglerEK
- RSA 2015: Straight talk about encryption, bulk surveillance and IoT
- RSA 2015: In the healthcare industry, security must innovate with business
- RSA 2015: Unintended use of aircraft systems next challenge for counterterrorism community
- RSA 2015: Bug hunting and responsible vulnerability disclosure