Fortinet FortiDB-400B provides a suite of functions, including database activity monitoring, audit and compliance reporting, and vulnerability assessment. The tool is available either as an appliance or as client-side software.
The offering is easy to get installed and running. One browses to the default address for initial configuration. The user interface is not as clean or intuitive as we would like, but we were able to work through what we needed to get running, which is a good thing since the documentation is a bit lacking. The main screen brings one to a box to select either "vulnerability assessment" or "monitoring and auditing." These appear to be separate, discrete functions requiring separate logins.
FortiDB captures all types of database activities - from administrative to end-user events. One also can create rules to alert on things like user access, applications and IP addresses. Admins can log this access, and there are built-in compliance policies and canned reports available to support audit needs. The audit policies are also updated regularly to keep admins current with compliance reports.
FortiDB also provides a vulnerability assessment tool, which has its own knowledge base and many out-of-the-box base policies. One benefit is the ability to automatically discover databases on the network. The documentation discusses a data leakage prevention capability for monitoring personally identifiable data, but we were unable to test that.
There is support for Oracle, Sybase, MS SQL and MySQL databases. The product did appear to favor Oracle database systems, as there were multiple collection methods for logs in that environment. SQL Trace is used to collect information on MS SQL databases.
Compliance reporting is good, though alerting was lacking, at least from what we were able to test. But, if one needs to add a layer of protection to out-of-the-box database security protection, the Fortinet FortiDB-400B is a nice, easy-to-deploy and reasonably priced offering.
