November 01, 2012
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Comprehensive feature set, solid platform, excellent documentation and support.
- Weaknesses: Some functions require the command-line interface, but that’s a nitpick.
- Verdict: A solid device we would use in our own SQL environments.
Given the importance of the data contained within any corporation's databases, the task of keeping that data safe should be a top priority for any IT security team. Fortinet's FortiDB-400c is dedicated to helping security professionals do precisely that.
For such a feature-rich device, setup was easy. After setting up the interface IPs and updating the firmware, we were ready to begin monitoring our first database. Database servers were referred to as targets during setup, and we defined these by selecting the database server type (in our case, Microsoft SQL), the server IP and the username and password of an account on that server. We were given the option to connect at a server or database level. We chose to connect at a server level, although we appreciated the granularity offered. By making use of the product's autodiscovery feature, we only had to specify an IP range, database type and a port range and the device scanned our network and automatically found and added our SQL server to the list of monitored targets.
Focusing solely on database protection, the FortiDB-400c has a wide array of features allowing administrators to control precisely when and what database services are being accessed and who is accessing those services. The device offers easy black- or whitelisting based on user, application or IP address. It monitors all database activities, including data manipulation queries, such as select, insert and update; data definition language queries, such as create, alter and drop; and data control language queries, such as grant and revoke. Based on the policies that administrators define governing those queries, the device can issue transmission control protocol (TCP) reset packets in the event of policy violations via its database firewall feature. It offers built-in vulnerability assessment tools, which can be scheduled to run at any interval, and automatically generate reports, which can be sent to database administrators or anyone responsible for database security. Report and monitoring data can be archived off the device via its archive scheduler. However, there does not appear to be a way to archive the device configuration itself without using the command line interface and an FTP server. It's a small nitpick, but we would have liked to be able to perform all device maintenance via the GUI. The device comes preconfigured with a number of auditing and compliance reports, and custom reports are easy to create. The tool supports multiple administrator profiles with roles defined for reporting, security and database target and policy management.
Fortinet offers eight-hours-a-day/five-days-a-week or 24/7 support options, which it supplies via phone or web chat. Administrators who subscribe to the Advance Support program are assigned a technical account manager, making it even easier to get the help needed. Fortinet also demonstrates a high level of confidence in its product, offering free basic-level support for proof-of-concept deployments. Adding to that, it maintains a sizeable knowledge base and user support forums on its website.
Base price for the FortiDB-400c is $14,995, plus $2,249 per year for upgrades and eight-hours-a-day/five-days-a-week support, or $3,749 per year for upgrades with 24/7 support.
SC Magazine Articles
- Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak
- USAA members hit with multiple phishing attacks
- Trust exercise: Symantec's new website security expert is reaching out to hacker community
- WikiLeaks postings of Turkish emails included active links to malware
- U.S. government extends offer to protect states from electoral cyberthreats
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- CEO sacked after aircraft company grounded by whaling attack
- Microsoft warns of new, self-propagating ransomware in the wild
- Wendy's POS breach 'considerably' bigger than first thought
- The media becomes the story as hackers focus efforts on news organizations
- Researchers quell Wildfire ransomware with decryption key
- M&A deals bring added cybersecurity risks
- Twitoor first Android malware known to leverage Twitter for command and control
- Juniper confirms leaked "NSA exploits" affect its firewalls, no patch released yet