November 01, 2013
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Feature set, quick setup, support.
- Weaknesses: None that were important.
- Verdict: A serious product for small to midsized size companies. We select this as our Best Buy.
Fortinet is well-known for its products, and those we have reviewed in the past exhibited high quality response to a variety of challenges. The FortiDB-1000C did not disappoint us in this regard. It is one of a long string of Fortinet successes.
The unit is a suitable product for smaller size companies. It is a comprehensive database security management tool that provides vulnerability assessment, auditing and monitoring for database management systems. It has 24/7 or 8/5 support available, with engineers who are helpful, knowledgeable and pleasant. The user interface is interactive and easy to operate. The product itself can monitor up to 30 databases.
The 1000C has a multitude of feature, such as activity monitoring, auditing, vulnerability assessment and sensitive data discovery. It is also compatible with several platforms.
The documentation and support were some of the best we have seen. Quick configuration and an in-depth setup guides are available online, as is a full handbook. By following the quick configuration guide, we had the server up and running in 15 minutes, whereas the in-depth configuration guide offered the same information, except it included sample input for each step.
Complete configuration is simple and comprehensive. However, the only thing that needs to be watched is that the server comes with four ports, and users only need to configure the number to be used. Policy setup, on the other hand, is straightforward and granular. Between the quick-start guide and the handbook of some 400-plus pages, users have everything needed.
The 1000C passed all of our testing with flying colors. We tested it by creating databases performing routine database tasks in our test bed, and by running attacks using sqlmap and Armitage. The device logged all of the attack events, which, of course, is important to administrators. Logging is complete and there are many features specifically targeted at compliance reporting. In addition to detecting our attempts at database compromise, the 1000C can initiate database vulnerability tests of its own.
Pricing is reasonable with the solution available as software or preloaded on hardware (as we tested it). The most economical pricing includes the software, hardware, eight-hours-a-day/five-days-a-week support and the FortiGuard Bundle coming in at just under $25,000. We found that the FortiGuard Bundle is extensive and well worth the additional cost.
As well, we found the website to be an extension of the consistently fine assistance offered by Fortinet. User forums, manual downloads and a knowledge base all were publicly available - making the site useful to owners as well as prospective buyers. This is a trend we are seeing more and more and we applaud it.
This product exceeded initial expectations and received almost no negative points. It has the potential to be a significant asset to any organization's database security. Its value for money, considered over its lifecycle, is excellent and the solid reputation of the vendor is a positive consideration.
Rebecca Weaver contributed to this review.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry