Fortinet Begins Database Security Push with New Appliance

Fortinet has entered the database security space with a new appliance based on technology it acquired from IPLocks. The product - which supports IBM DB2, Oracle, Microsoft SQL Server and a host of other databases - is targeted at mid-level enterprises looking to address database security concerns. Fortinet also has plans to release other versions of the appliance to support both larger and smaller database environments down the road.

Fortinet has officially added database security to its repertoire with the first member of a family of appliances based on technology acquired from IPLocks earlier this year.

With the release of FortiDB-1000B, Fortinet is making good on its promise to extend its security focus to the database layer.

"After the acquisition we put a concerted effort around putting the software and technology into an appliance form factor," said Anthony James, vice president of products at Fortinet. "What we're announcing [today] is the introduction of the first range of family of appliances you IPLocks' vulnerability assessment product pre-installed on one of our appliances."

Fortinet's decision to purchase IPLocks' database vulnerability assessment tool raised some eyebrows initially, as it represented a departure from Fortinet's traditional focus on unified threat management devices. However, Fortinet officials say the new appliance represents a step towards its larger goal of extending security to the application level. By detecting weaknesses in passwords, access rights and configuration settings, the FortiDB appliance can harden databases against attacks, Fortinet officials contend.

"It will verify operating system resiliency, the vulnerabilities that may be found in the operating system," James said. "If it's running on Oracle or [IBM] DB2 [for example] there are signatures, if you will, that will verify if any of the known vulnerabilities for those database applications are still open. Then it goes beyond that and will actually allow you to build policies to verify access to data."

The current version of the appliance supports up to 30 concurrent databases. Fortinet, however, has plans to offer low- and high-end versions of the product in the future that will be able to support 10 and 60 database instances, respectively. It also will sell software to meet the needs of large organizations running thousands of databases across multiple geographies and network topologies.

Fortinet's entrance into the database security market puts it up against companies such as Application Security, Imperva and Guardium. It also comes at a time when data breaches have heightened awareness of the need for tighter database controls. A recent survey by the Independent Oracle Users Group of 316 of its members found that 53 percent viewed database security as a "high" security priority. Another 35 percent classified it as "medium," while just 7 percent said it was a "low." The rest were unsure.

"Much of the world's personal and proprietary electronic data is held in the databases of corporations and businesses, with most of it having an intrinsic monetary value in the criminal underworld," said Charles Kolodgy, research director at IDC, in a statement. "So, database security tools, like Fortinet's FortiDB-1000B appliance, are no longer optional. Instead, they are a necessary component to help protect personal information that organizations are obligated to secure."