Application Security, Inc.’s DbProtect 2007 is a suite of enterprise database security products that helps organizations discover and manage database vulnerabilities. The product consists of a network-based database vulnerability assessment component, a database monitoring component and a central management console.
For testing purposes, we tested the database vulnerability scanner and central management console. The monitoring component of this product was not tested within this review as it’s more inline with real-time intrusion monitoring.
Installation of the product is fairly straightforward. The web-based management console installs on Windows server platforms 2000 and above, and requires MS SQL 2000 or 20005 as the backend.
Vulnerably scanning engines can be installed on Windows 2000 Professional, XP or any other Windows server platform 2000 or above. Overall the interfaces are easy to navigate.
This particular product does not target source code, application pages or web services, but specifically targets database servers. It is compatible with all of the popular databases that most organizations will use in production.
In our testing, the product performed flawless discovery and auditing of our databases.
Documentation is in PDF format and contains a good mix of text and screen shots. However, screen shots within the help files are often difficult to read.
The product comes with standard support, which is offered on a 12/5 basis. Also available are 24/7 support, as well as additional services. The support website has a customer section, as well as a good inventory of technical information.
Pricing for DbProtect starts at $3,000 for each database instance. The overall cost will be exponentially higher for larger environments that often contain numerous unique development, test and production database instances. Pricing is on the high side because of the inclusion of database monitoring within DbProtect, which we did not test for this review.