MCAFEE DATABASE SECURITY
Secure business-critical databases from external, internal, and intra-database threats in real time with solutions that require no architecture changes, costly hardware, or database downtime. With database security software from Intel Security, you gain complete visibility into your overall database landscape and corresponding security posture, fully align database security policy administration practices, and efficiently maintain regulatory compliance. Each of our solutions are integrated with the McAfee ePolicy Orchestrator management console to provide centralized database security management.
McAfee Data Center Security Suite for Databases
Boost your database security across physical, virtual, and cloud environments with an easy-to-deploy, highly scalable database security solution. This suite includes McAfee Database Activity Monitoring, McAfee Virtual Patching for Databases, and McAfee Vulnerability Manager for Databases.
McAfee Vulnerability Manager for Databases
Get complete visibility into your overall database security posture with a detailed risk assessment across more than 4,700 vulnerability checks. Classify database security threats into distinct priority levels and fix scripts to better prepare for audits and compliance with regulatory mandates.
McAfee Vulnerability Manager for Databases is available as a standalone database vulnerability scanner or as part of the McAfee Data Center Security Suite for Databases.
Comprehensive threat protection
Protect even your unpatched databases against zero-day attacks by blocking attacks that exploit known vulnerabilities and terminating sessions that violate your security policies.
Detailed audit trail reports
Audit trail reports are available to meet SOX, PCI, and other compliance audit requirements. During post-incident forensic analysis, this audit trail can help you understand the amount of lost data and gain greater insight into malicious activity.
Streamlined patching with no required downtime
Applying missing patches and fixing misconfigurations found by the Database Activity Monitoring vulnerability scan will improve the security posture of your databases immediately – without requiring any downtime via McAfee’s virtual patching technology.
Features & Benefits
- Get maximum protection for sensitive data, meet compliance requirements, and reduce exposure to costly breaches – Demonstrate compliance and minimize the likelihood of a breach by monitoring threats to databases from all sources, including network/application users, local privileged accounts, and sophisticated attacks from within the database itself.
- Save time and money with faster deployment and a more efficient architecture – Simplify the process of building custom security policies to audit and protect databases with preconfigured rules and templates.
- Minimize risk and liability by identifying attacks as they occur, and stopping them before they cause damage – Stop breaches by terminating suspicious sessions and quarantining malicious users with real-time monitoring and intrusion prevention for Oracle, Microsoft SQL Server, and Sybase databases.
- Increase your flexibility by deploying McAfee Database Activity Monitoring on the IT infrastructure of your choice – Install sensors on physical servers, provision sensors along with the database on virtual machines, and deploy sensors remotely on cloud servers.
- Discover databases automatically and organize them for monitoring and management – Find databases by scanning the network or by importing them from existing tools, and then group them by vendor, version, or custom tags (for example, HR, finance, or QA).
- Get out-of-the-box protection for known vulnerabilities and common threats – Receive more than 380 predefined rules that address specific issues patched by the database vendors, as well as generic attack profiles.
- Leverage templates for compliance regulations – Use a simple, step-by-step interface for building customized security policies for PCI DSS, SOX, HIPAA, GLBA, and SAS-70, as well as best practices based on experience at hundreds of customer sites.
- Receive granular protection of sensitive data at the object level, regardless of the source of the attack – Evaluate process memory to determine execution plan and affected objects, identifying policy violation even from local users or obfuscated code.
More Documentation
Uninterrupted protection for production databases
Protect older versions of database management systems, even those no longer supported by the vendor. For applications running on older versions of the database where patches are no longer provided, Virtual Patching for Databases can protect the systems from attacks, helping to satisfy governance requirements.
Actionable data to address risk
Installation is nonintrusive, as the sensor is read-only, installs as a user process, and makes no changes to the database management system software. Only minimal testing of applications is necessary.
No database downtime required
Implement patch protection without having to take down databases during installation.
Features & Benefits
- Protect sensitive databases between the release and installation of vendor patches – Safeguard databases with virtual patches. McAfee host-based software uses a small, nonintrusive sensor on each database server to detect and prevent attempted exploits of vulnerabilities.
- Get ongoing updates to defend against exploits – Trust continuous research of the evolving threat landscape to provide timely patch updates that keep organizations protected despite the changing nature of attack vectors.
- Facilitate compliance by keeping systems up to date – Meet compliance standards, including PCI DSS, HIPAA, SOX, and other corporate governance rules.
- Check password strength in the fastest and most efficient manner possible – Detect weak passwords, shared passwords, and hashes passwords while downloading data for local analysis to avoid affecting database performance.
- Secure your databases with an easy-to-implement solution – Save time with less frequent patches, reducing the effort required for application regression testing and physical patch installation.
More Documentation
Clear visibility into database vulnerabilities
By improving visibility into database vulnerabilities and providing expert recommendations for remediation, Vulnerability Manager for Databases reduces the likelihood of a damaging breach, and saves money through better preparation for audits and compliance with regulatory mandates.
Risk evaluation from all known threat vectors
Unlike other products that overwhelm you with a myriad of minor threats hiding the critical issues that must be addressed, Vulnerability Manager for Databases evaluates risk from all known threat vectors and clearly classifies threats into distinct priority levels, provides fix scripts, and includes recommendations.
Features & Benefits
- Get unparalleled visibility into database security posture – Know exactly where risks are and how to minimize the likelihood of a breach by automatically discovering databases on the network, and conducting more than 3,000 checks for vulnerabilities.
- Save time and money by reducing the need for external database security consultants – Get recommendations for remediation for the most high-priority vulnerabilities, in many cases augmented with fix scripts you can run to address any issues.
- Gain access to more than 3,000 security verifications – Get comprehensive and up-to-date checks of the most popular database platforms reporting on meaningful criteria such as version/patch level, changed objects, modified privileges, and forensic traces from common hacker tools.
- Discover databases and sensitive tables automatically – Find databases by scanning the network or by importing from existing tools, and identify tables containing restricted information based on preset patterns.
- Check passwords quickly and efficiently – Use a variety of techniques to detect weak passwords and shared passwords, including hashed passwords (SHA-1, MD5, and DES), by downloading data for local analysis to avoid affecting database performance.
- Get out-of-the-box regulatory compliance reports and custom reporting – View reports for PCI DSS and other regulations, as well as specific reports for various stakeholders such as database administrators (DBAs), developers, and InfoSec users.
- Get recommendations and fix scripts for high-priority items – Organize items by priority and provide actionable recommendations for remediation based on input from leading security researchers.
- Integrate directly with McAfee ePolicy Orchestrator (ePO) – Plug McAfee Vulnerability Manager for Databases directly into the ePO platform to get centralized reporting and summary information for thousands of databases from one consistent dashboard.
More Documentation
McAfee Security Scanner for Databases
Automatically find databases on your network, determine if the latest patches have been applied, and test for weak passwords, default accounts, and other common threats – making it easier to demonstrate compliance to auditors and improve protection of critical data assets.
For a more in-depth, ongoing vulnerability management solution with additional capabilities such as scheduled database vulnerability scans, scan history, and integration with McAfee ePolicy Orchestrator, please see McAfee Vulnerability Manager for Databases, available as a standalone product or part of McAfee Data Center Security Suite for Databases.
Maximum visibility into security posture
Security Scanner for Databases gives auditors, pen testers, consultants, and database administrators a solution for gaining unmatched visibility into an organization’s security posture by conducting a thorough check of more than 3,500 potential database vulnerabilities.
Actionable data to address risk
With Security Scanner for Databases, you can review expert recommendations to address these risks, helping to build an effective database security policy and meet regulatory mandates.
Features & Benefits
- Prepare for and perform well during a security audit – Detect altered data, including modifications of privileges and user tables, while spotting security issues such as SQL injection vulnerabilities.
- Accelerate time to compliance and minimize audit cycles – Use out-of-the-box compliance reports to uncover potential issues before an audit, minimizing the time and cost involved in confirming remediation post-audit.
- Deliver speedy fixes to help address vulnerabilities while prioritizing issues – Organize items by priority and review actionable recommendations for remediation. The database browser interface allows for quick application of fixes across multiple databases.
- Check password strength in the fastest and most efficient manner possible – Detect weak passwords, shared passwords, and hashes passwords while downloading data for local analysis to avoid affecting database performance.
More Documentation
Also See
Database Security and Compliance with DB Shield
More Documentation
- McAfee Database Security (539 KB)
- Not all Database Security Solutions are Created Equal (417 KB)
- Top Five Reasons to Deploy a Dedicated Database Security Solution (535 KB)
- Database Friendly Security (718 KB)
- Defend Legacy Databases and Operating Systems (790 KB)
- Database Activity Monitoring Best Practices (756 KB)
- Practical Guide to Database Compliance (1.6 MB)
- Real-Time Database Monitoring, Auditing and Intrusion Prevention (1.7 MB)
- Why Virtual Patching Matters (315 KB)