Strengths: Easy to use, with support for many database types
Weaknesses: Can become expensive
Verdict: A solid database vulnerability assessment product with a high price tag. For its solid performance and ease of use, we rate it Recommended
Application Security's DbProtect is an enterprise-class database security, risk and compliance suite. It combines discovery, vulnerability scanning, real-time activity monitoring, auditing and intrusion detection, to help organisations reduce risk and enhance compliance throughout their database infrastructure. It can protect databases from internal and external threats, as well as ensuring regulatory compliance.
We found this product to be a fairly simple install. It has three main components: installing the console, installing the sensors on the databases and installing scan engines. Each component installation is guided by its own easy-to-follow setup wizard and most of the configuration is done during setup. After installation, administration and scans are run from the management console application or its web interface. This application is intuitive and well organised, with a simple tab top navigation structure.
DbProtect can run many types of pre-built vulnerability and penetration scans, or scans can be custom-built. It can scan many database types, including MySQL, SQL Server and Oracle. Setting up scans and various jobs was also simple and intuitive.
Documentation provided with this product included three PDF manuals. The installation guide illustrates the setup procedures and checklists for installing all the components. There is a user guide that provides detail on using the product, running scans and using the dashboard. Finally, an administrator guide details how to use advanced features. The manuals include step-by-step instructions, screenshots and configuration examples.
Application Security offers standard support included in the base price. Custom service, training, implementation and 24/7 support packages are also available. There is a support area on the website that includes downloads, technical documentation and a customer portal with a knowledgebase.
At a price starting at £15,000 for five database instances, this product may seem expensive, but we find it to be good value for the money, based on its solid scanning and penetration ability.