News

Fortinet Helps DBAs Sniff Out DB Exploits

Fortinet, a unified threat management concern, hopes its new database vulnerability detection product can help database administrators sniff out exploits on enterprise systems before they can do any damage.

The Sunnyvale Calif.-based independent service vendor announced the launch of the FortiDB-1000B, a new security appliance to protect businesses against data theft from their corporate databases.

The device is designed as a diagnostic tool to identify and give notifications via the operating system about weaknesses in passwords, access privileges and configuration settings. It also has built-in evaluation and remediation advice for common compliance requirements such as Sarbanes-Oxley 404 and The Payment Card Industry Data Security Standards, which were recently renewed.

Jason Wright, Fortinet's senior product manager for the product, said that for now FortiDB-1000B is slated to mesh well with medium-sized enterprises and allows database administrators to establish an audit trail and monitor possible weaknesses.

"It's another mode of security that hardens the OS," Wright said. "Since the company has a rich history in network security, the logical step is to look at the database specifically, strategically and comprehensively from a security perspective."

The release comes at an appropriate time with a slew of high-profile thefts aimed at that database and with other ISVs such as Sentrigo, Inc., deploying database protection products of their own to complement Windows enterprise environments. For its part, the Fortinet product is compatible with Microsoft SQL Server, Oracle, IBM DB2, Sybase and other database management systems, applications and services. Each Forti-DB appliance is said to have the capacity to support up to 30 concurrent databases.

"We're also planning both low- and high-end versions of the FortiDB product line later in 2008 and 2009, which will be able to support database instances of 10 and 60," said Jason Wright.

Most enterprises hold personal and proprietary electronic data on database programs such as Redmond's SQL Server database application, whose security has been a recent priority for Microsoft due to an increase in SQL injection attacks.

In this environment, said Charles Kolodgy, security analyst for IDC, preventative and detective database products are no longer optional.

"Instead, they are a necessary component to help protect personal information that organizations are obligated to secure," he said.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

comments powered by Disqus

Featured

  • Compare New GitHub Copilot Free Plan for Visual Studio/VS Code to Paid Plans

    The free plan restricts the number of completions, chat requests and access to AI models, being suitable for occasional users and small projects.

  • Diving Deep into .NET MAUI

    Ever since someone figured out that fiddling bits results in source code, developers have sought one codebase for all types of apps on all platforms, with Microsoft's latest attempt to further that effort being .NET MAUI.

  • Copilot AI Boosts Abound in New VS Code v1.96

    Microsoft improved on its new "Copilot Edit" functionality in the latest release of Visual Studio Code, v1.96, its open-source based code editor that has become the most popular in the world according to many surveys.

  • AdaBoost Regression Using C#

    Dr. James McCaffrey from Microsoft Research presents a complete end-to-end demonstration of the AdaBoost.R2 algorithm for regression problems (where the goal is to predict a single numeric value). The implementation follows the original source research paper closely, so you can use it as a guide for customization for specific scenarios.

  • Versioning and Documenting ASP.NET Core Services

    Building an API with ASP.NET Core is only half the job. If your API is going to live more than one release cycle, you're going to need to version it. If you have other people building clients for it, you're going to need to document it.

Subscribe on YouTube