Application Security DbProtect
Strengths: Easy to use with support for many database types.
Weaknesses: Can become expensive for companies with a lot of database types.
Verdict: A solid database vulnerability assessment product with a high, but certainly not prohibitive, price tag. For its solid performance and ease of use, we make this product our Recommended product this month.
SummaryApplication Security's DbProtect is an enterprise-class database security, risk and compliance suite. It combines discovery, vulnerability scanning, real-time activity monitoring, auditing and intrusion detection to help organizations reduce risk and enhance compliance throughout their database infrastructure. This product can protect databases from internal and external threats, as well as ensuring regulatory compliance.
We found this product to be a fairly simple install. The installation is comprised of three main components, including installing the console, installing the sensors on the databases, and installing scan engines. Each component installation is guided by its own easy-to-follow setup wizard, and most of the configuration is done during setup. After the components are installed, administration and scans are run from the management console application or its web-based interface. This application is intuitive and well organized with a simple tab-top navigation structure.
This product can run many types of prebuilt vulnerability and penetration scans, or scans can be custom built to your purpose. DbProtect can scan many database types, including various versions of MySQL, Microsoft SQL Server and Oracle. Setting up scans and various jobs was also simple and intuitive.
Documentation provided with this product included three PDF manuals. The installation guide illustrates the setup procedures and installation checklists for installing all the components. There is also a user guide, which provides in-depth detail of using the product, running scans and using the dashboard. All the manuals include many step-by-step instructions, screen shots and configuration examples.
Application Security offers standard 12/5 (9 a.m. to 9 p.m. EST) support included in its base price. 24/7 support is available, and custom service, training and implementation packages are also available at extra cost.
At a price starting at $30,000 for five database instances, this product may seem very expensive, but we find it to be a good value for the money based on its solid scanning and penetration ability.