Network security appliance-maker Fortinet has made its database threat management system more compliance friendly with monitoring features that build the complete audit trail that’s needed to clear the regulatory hurdles of PCI-DSS (Payment Card Industry-Data Security Standard) and the like.
The FortiDB vulnerability assessment system secures corporate databases, which are increasingly under threat from data siphoning and other criminal activity.
Even with the security offered by suppliers of Oracle, DB2, SQL Server or Sybase databases, it is feasible that a hacker could create a legitimate database account and create a bot that performs millions of queries, siphoning off the data.
Michael Xie, CTO of Fortinet, said: “We believe data siphoning is, and will continue to be, a real and imminent threat for corporations of all sizes.”
The system will now provide all the reports needed to ensure database regulatory compliance to SOX, GLBA or HIPAA out-of-the-box, the vendor said.
As well as fortifying the appliance, the security vendor has extended its line of database threat management systems with a couple of new models to handle more and fewer database instances than the FortiDB-1000B box it released last year.
The new FortiDB-2000B for large enterprises, supports up to 60 database instances, twice as many as the 1000B, while a much smaller 400B appliance caters to ten instances.
The vulnerability assessment features of the appliance range helps harden databases by detecting weaknesses in passwords, access privileges and configuration settings and will alert a system administrator of any potential threat.
Each of the Fortinet appliances comes with hundreds of pre-populated policies which cover known exploits, configuration weaknesses, OS issues, operational risks and data access privileges.