Fortinet Debuts Database Vulnerability Assessment Appliance for Data Theft Detection and Prevention

FortiDB-1000B Broadens, Deepens Fortinet's Reach in Application Security Market

SUNNYVALE, Calif. - Sept. 22, 2008 - Fortinet^® - the pioneer and leading provider of unified threat management (UTM) solutions - today introduced the first in a family of security appliances dedicated to database vulnerability assessment (VA). The FortiDB-1000B appliance is a mid-enterprise product designed to "harden" databases by detecting weaknesses in passwords, access privileges and configuration settings. As databases are fast becoming the next big target for cybercriminals due to the sensitive and valuable information they hold, there is an increasing need for powerful tools that can detect and help guard against data breaches. This is especially critical for vertical industries such as retail, which require compliance with the Payment Card Industry Data Security Standard (PCI-DSS) to protect customers' personal and credit card information.

"Much of the world's personal and proprietary electronic data is held in the databases of corporations and businesses, with most of it having an intrinsic monetary value in the criminal underworld," said Charles Kolodgy, research director, IDC. "So, database security tools, like Fortinet's FortiDB-1000B appliance, are no longer optional. Instead, they are a necessary component to help protect personal information that organizations are obligated to secure."

The FortiDB-1000B VA appliance provides an automated, cost-effective and centralized solution for database application security, with evaluation and remediation advice for common compliance requirements built in. By identifying weaknesses in databases that can be open for exploitation, the FortiDB appliance helps to prevent the theft of proprietary and personal data by what might appear to be legitimate users. FortiDB works by identifying the weakness, alerting system administrators of potential threats, and offering remediation advice.

The FortiDB-1000B appliance supports heterogeneous environments including Oracle, DB2, Sybase and SQL Server, with each appliance supporting up to 30 concurrent databases. Fortinet is also planning low- and high-end versions of the FortiDB product line later in 2008 and 2009, which will be able to support database instances of 10 and 60, respectively. For large organizations running thousands of databases across multiple geographies and network topologies, an enterprise software version is available today.

"Fortinet's introduction of the FortiDB appliance family is a key step in fulfilling our long-term growth strategy to broaden and deepen our portfolio of enterprise network and application security products," said Anthony James, vice president of products, Fortinet. "The FortiDB product line enables Fortinet to help secure deeper layers of the network - up to and including the application layer - and brings a much-needed product to market to help address one of the most critical security issues today: protection of consumer and corporate data."

FortiDB appliances provide the same enterprise-class database security with enterprise grade policies and reports used by Global 100 financial institutions and large audit firms. This new VA appliance is an optimized, security-hardened device that easily plugs into the network for simplified installation, deployment and management of the product.

Some of the key competitive differentiators that the FortiDB-1000B offers include the following:

• Automated security assessment, reducing database administrators' (DBA) workload from manually searching for weaknesses and limits exposures when DBAs are on leave or terminate employment;
• High number of database best-practice policies and current policy updates to address the latest database threats and regulatory/industry requirements;
• Scalability to scan large amounts of data and scale reliably up to 30 database instances per appliance;
• "Separation of Duty" implementation for role-based administration (e.g., systems administrators, security administrators, policy manager, etc.), which is a key compliance requirement.

The FortiDB-1000B is being featured at Oracle OpenWorld 2008 this week at Moscone Center West, Security, Risk Management and Compliance Pavilion, booth #3838. For more information on Fortinet's FortiDB-1000B and other products, visit: http://www.fortinet.com/products/fortinet_database.html.

About Fortinet (www.fortinet.com)
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and antispam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: Firewall, Antivirus, IPSec VPN, SSL VPN, Network IPS, and Antispam. Fortinet is privately held and based in Sunnyvale, California.

Copyright © 2008 Fortinet, Inc. All rights reserved. The symbols ^® and ™ denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates, including, but not limited to, the following trademarks: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, FortiDB, APSecure, and ABACAS. Other trademarks belong to their respective owners.