November 01, 2012
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Comprehensive feature set, solid platform, excellent documentation and support.
- Weaknesses: Some functions require the command-line interface, but that’s a nitpick.
- Verdict: A solid device we would use in our own SQL environments.
Given the importance of the data contained within any corporation's databases, the task of keeping that data safe should be a top priority for any IT security team. Fortinet's FortiDB-400c is dedicated to helping security professionals do precisely that.
For such a feature-rich device, setup was easy. After setting up the interface IPs and updating the firmware, we were ready to begin monitoring our first database. Database servers were referred to as targets during setup, and we defined these by selecting the database server type (in our case, Microsoft SQL), the server IP and the username and password of an account on that server. We were given the option to connect at a server or database level. We chose to connect at a server level, although we appreciated the granularity offered. By making use of the product's autodiscovery feature, we only had to specify an IP range, database type and a port range and the device scanned our network and automatically found and added our SQL server to the list of monitored targets.
Focusing solely on database protection, the FortiDB-400c has a wide array of features allowing administrators to control precisely when and what database services are being accessed and who is accessing those services. The device offers easy black- or whitelisting based on user, application or IP address. It monitors all database activities, including data manipulation queries, such as select, insert and update; data definition language queries, such as create, alter and drop; and data control language queries, such as grant and revoke. Based on the policies that administrators define governing those queries, the device can issue transmission control protocol (TCP) reset packets in the event of policy violations via its database firewall feature. It offers built-in vulnerability assessment tools, which can be scheduled to run at any interval, and automatically generate reports, which can be sent to database administrators or anyone responsible for database security. Report and monitoring data can be archived off the device via its archive scheduler. However, there does not appear to be a way to archive the device configuration itself without using the command line interface and an FTP server. It's a small nitpick, but we would have liked to be able to perform all device maintenance via the GUI. The device comes preconfigured with a number of auditing and compliance reports, and custom reports are easy to create. The tool supports multiple administrator profiles with roles defined for reporting, security and database target and policy management.
Fortinet offers eight-hours-a-day/five-days-a-week or 24/7 support options, which it supplies via phone or web chat. Administrators who subscribe to the Advance Support program are assigned a technical account manager, making it even easier to get the help needed. Fortinet also demonstrates a high level of confidence in its product, offering free basic-level support for proof-of-concept deployments. Adding to that, it maintains a sizeable knowledge base and user support forums on its website.
Base price for the FortiDB-400c is $14,995, plus $2,249 per year for upgrades and eight-hours-a-day/five-days-a-week support, or $3,749 per year for upgrades with 24/7 support.
Sign up to our newsletters
SC Magazine Articles
- 'MEDJACK' tactic allows cyber criminals to enter healthcare networks undetected
- Samsung devices, including Galaxy S6, vulnerable to remote code execution
- Dridex banking malware spreading through new spam campaign
- U.S., China agree to cybersecurity code of conduct
- Suspicious activity on LastPass network, data compromised
- Former Georgia-Pacific sysadmin charged with damaging protected computers
- Harvard University announces network intrusion, possible data exposure
- Saboteurs leverage RIPv1 for DDoS reflection attacks
- More than 440K new Android malware strains found in Q1, study finds
- Apple releases OS X 10.10.4 and iOS 8.4, numerous bugs addressed