Strengths: Flexible configuration options, good integration with other DbProtect tools
Weaknesses: May preclude some customers with specific web application needs
Verdict: A top enterprise-class database security management solution, we rate DbProtect 2007 Recommended
Application Security's DbProtect 2007 is a suite of enterprise database security products that helps organisations discover and manage database vulnerabilities. The product consists of a network-based database vulnerability-assessment tool, a database-monitoring element and a central management console.
We tested the database vulnerability scanner and central management console. The monitoring component of this product was not part of this group review.
Installation is fairly straightforward. The web-based management console installs on Windows server platforms 2000 and above, and requires MS SQL 2000 or 20005 as the backend. Vulnerability scanning engines can be installed on Windows 2000 Professional, XP or any Windows server platform 2000 or above. Overall, the interfaces are slick and easy to navigate.
This particular product does not target source code, application pages or web services, but is specifically aimed at database servers. It is compatible with all the popular databases that most organisations will use in production. In our testing, the product performed flawless discovery and auditing of our databases. The list of vulnerabilities and possible configuration weaknesses found within the supported target databases is impressive.
The centralised management and role based access control over user privileges provides true enterprise-management capabilities. Reporting and compliance templates are top-quality, along with very flexible tuning and customisation. Non-intrusive penetration testing is a nice value-added feature.
Documentation is in PDF format and is useful, containing a good mix of text and screenshots. However, screenshots within the help files are often difficult to read and sometimes even illegible, which somewhat reduces their usefulness.
The product comes with standard support covering office hours, with 24/7 support as well as additional services available for purchase. The support website has a customer portal section, plus a good inventory of technical information and resources.