Fortinet Builds Database Monitoring, Auditing into Portfolio

Four months after releasing a database vulnerability assessment product, Fortinet has added database monitoring and auditing technology to its portfolio. The company, traditionally a UTM vendor, is positioning itself to compete against database security vendors such as Lumigent and Application Security.

Fortinet made its first major play into the database security last year with a release centered on vulnerability assessment. Now the company has added database monitoring capabilities, essentially squaring up more directly against vendors such as Guardium, Lumigent and Application Security.

The announcement comes roughly four months after the company hit the market with FortiDB-1000B, a database vulnerability assessment appliance based on technology the company acquired from IPLocks. The move was seen as an interesting one for Fortinet, whose traditional bread and butter has been unified threat management (UTM) devices. At the time, Fortinet officials described it as an important step towards extending security to the application level.

In addition to adding scheduled-based monitoring to the family of appliances, Fortinet has also included the ability to record database activity for complete and accurate audit trails to help organizations comply with regulatory standards such as PCI-DSS.

Beyond the technology, Fortinet is also making an attempt to target different segments of the market. The company has released two new editions of the product: FortiDB-400B, which is aimed at small to midsized businesses, and FortiDB-2000B, which targets large enterprises. The FortiDB-400B supports up to 10 database instances; the 2000B model supports up to 60.

"We believe data siphoning is and will continue to be a real and imminent threat for corporations of all sizes and requires solutions with breadth and depth to ensure data integrity and regulatory compliancy," said Michael Xie, CTO of Fortinet, in a statement. "The FortiDB was designed with this in mind by combining critical database security functionality into one platform that offers the greatest value to organizations of all sizes."

All the appliances support heterogeneous environments, including Oracle, IBM DB2, Sybase and Microsoft SQL Server.