What is your e-mail address?
My e-mail address is:

Do you have a password?
Forgot your password? Click here
close


    Appliance sniffs out database exploits

    • By Jabulani Leffall
    • Oct 13, 2008

    Fortinet, a unified threat management concern, hopes its new
    database vulnerability detection product can help database
    administrators sniff out exploits on enterprise systems before they
    can do any damage.


    The Sunnyvale Calif.-based independent service vendor announced
    the launch of the FortiDB-1000B, a new security appliance to
    protect businesses against data theft from their corporate
    databases.


    The device is designed as a diagnostic tool to identify and give
    notifications via the operating system about weaknesses in
    passwords, access privileges and configuration settings. It also
    has built-in evaluation and remediation advice for common
    compliance requirements such as Sarbanes-Oxley 404 and The Payment
    Card Industry Data Security Standards, which were recently
    renewed.


    Jason Wright, Fortinet's senior product manager for the product,
    said that for now FortiDB-1000B is slated to mesh well with
    medium-sized enterprises and allows database administrators to
    establish an audit trail and monitor possible weaknesses.


    "It's another mode of security that hardens the OS," Wright
    said. "Since the company has a rich history in network security,
    the logical step is to look at the database specifically,
    strategically and comprehensively from a security perspective."


    The release comes at an appropriate time with a slew of
    high-profile thefts aimed at that database and with other ISVs such
    as Sentrigo Inc., deploying database protection products of their
    own to complement Windows enterprise environments. For its part,
    the Fortinet product is compatible with Microsoft SQL Server,
    Oracle, IBM DB2, Sybase and other database management systems,
    applications and services. Each Forti-DB appliance is said to have
    the capacity to support up to 30 concurrent databases.


    "We're also planning both low- and high-end versions of the
    FortiDB product line later in 2008 and 2009, which will be able to
    support database instances of 10 and 60," said Jason Wright.


    Most enterprises hold personal and proprietary electronic data
    on database programs such as Redmond's SQL Server database
    application, whose security has been a recent priority for
    Microsoft due to an increase in SQL injection attacks.


    In this environment, said Charles Kolodgy, security analyst for
    IDC, preventative and detective database products are no longer
    optional.


    "Instead, they are a necessary component to help protect
    personal information that organizations are obligated to secure,"
    he said.


    More information



    Reader Comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Your Name:(optional)
    Your Email:(optional)
    Your Location:(optional)
    Comment:
    Please type the letters/numbers you see above

    GCN eNewsletters

    eSeminar