Fortinet Debuts Database Vulnerability Assessment Appliance for Data Theft Detection and Prevention

FortiDB-1000B Broadens, Deepens Fortinet’s Reach in Application Security Market

MALAYSIA, 23 September 2008 – Fortinet – the pioneer and leading provider of unified threat management (UTM) solutions – today introduced the first in a family of security appliances dedicated to database vulnerability assessment (VA). The FortiDB-1000B appliance is a mid-enterprise product designed to “harden” databases by detecting weaknesses in passwords, access privileges and configuration settings. As databases are fast becoming the next big target for cybercriminals due to the sensitive and valuable information they hold, there is an increasing need for powerful tools that can detect and help guard against data breaches. This is especially critical for vertical industries such as retail, which require compliance with the Payment Card Industry Data Security Standard (PCI-DSS) to protect customers’ personal and credit card information. “Much of the world’s personal and proprietary electronic data is held in the databases of corporations and businesses, with most of it having an intrinsic monetary value in the criminal underworld,” said Charles Kolodgy, research director, IDC. “So, database security tools, like Fortinet’s FortiDB-1000B appliance, are no longer optional. Instead, they are a necessary component to help protect personal information that organizations are obligated to secure.”




The FortiDB-1000B VA appliance provides an automated, cost-effective and centralized solution for database application security, with evaluation and remediation advice for common compliance requirements built in. By identifying weaknesses in databases that can be open for exploitation, the FortiDB appliance helps to prevent the theft of proprietary and personal data by what might appear to be legitimate users. FortiDB works by identifying the weakness, alerting system administrators of potential threats, and offering remediation advice.

The FortiDB-1000B appliance supports heterogeneous environments including Oracle, DB2, Sybase and SQL Server, with each appliance supporting up to 30 concurrent databases. Fortinet is also planning low- and high-end versions of the FortiDB product line later in 2008 and 2009, which will be able to support database instances of 10 and 60, respectively. For large organizations running thousands of databases across multiple geographies and network topologies, an enterprise software version is available today.

“Fortinet’s introduction of the FortiDB appliance family is a key step in fulfilling our long-term growth strategy to broaden and deepen our portfolio of enterprise network and application security products,” said Anthony James, vice president of products, Fortinet. “The FortiDB product line enables Fortinet to help secure deeper layers of the network – up to and including the application layer – and brings a much-needed product to market to help address one of the most critical security issues today: protection of consumer and corporate data.”

FortiDB appliances provide the same enterprise-class database security with enterprise grade policies and reports used by Global 100 financial institutions and large audit firms. This new VA appliance is an optimized, security-hardened device that easily plugs into the network for simplified installation, deployment and management of the product.




Some of the key competitive differentiators that the FortiDB-1000B offers include the following:
Automated security assessment, reducing database administrators’ (DBA) workload from manually searching for weaknesses and limits exposures when DBAs are on leave or terminate employment;

High number of database best-practice policies and current policy updates to address the latest database threats and regulatory/industry requirements;
Scalability to scan large amounts of data and scale reliably up to 30 database instances per appliance;
“Separation of Duty” implementation for role-based administration (e.g., systems administrators, security administrators, policy manager, etc.), which is a key compliance requirement.

The FortiDB-1000B is being featured at Oracle OpenWorld 2008 this week at Moscone Center West, Security, Risk Management and Compliance Pavilion, booth #3838. For more information on Fortinet’s FortiDB-1000B and other products, visit: http://www.fortinet.com/products/fortinet_database.html.