Organizations store their most valuable and sensitive data in a database, but perimeter protection and basic security provided with the database don't protect you from sophisticated hackers or potential threats from rogue insiders. Research shows that more than 92-percent of records breached involved a database, with more than 87-percent based on exploits requiring significant technical skills. McAfee Database Activity Monitoring automatically finds databases on your network, protects them with a set of preconfigured defenses, and helps you build a custom security policy for your environment - making it easier to demonstrate compliance to auditors and improving protection of critical data assets.
With McAfee Database Activity Monitoring, organizations gain visibility into all database activity, including local privileged access and sophisticated attacks from within the database. McAfee Database Activity Monitoring helps them protect their most valuable and sensitive data from external threats and malicious insiders. In addition to providing a reliable audit trail, McAfee Database Activity Monitoring also prevents intrusion by terminating sessions that violate security policy.
McAfee Database Activity Monitoring cost effectively protects your data from all threats by monitoring activity locally on each database server and by alerting or terminating malicious behavior in real time, even when running in virtualized or cloud computing environments.
Protection from all database threat vectors
Attacks targeting valuable data stored in databases can come from across the network, from local users logged into the server itself, and even from inside the database itself via stored procedures or triggers. McAfee Database Activity Monitoring uses memory-based sensors to catch all three types of threats with a single, nonintrusive solution. This information can then be used to demonstrate compliance for audit purposes and to improve security overall for an organization's most valuable data.
Identify threats as they occur, reducing risk and liability
Unlike basic auditing or log analysis, which only tell you what happened after the fact, real-time monitoring and intrusion prevention capabilities stop breaches before they cause damage. Alerts are sent directly to the monitoring dashboard with full details of the policy violation for remediation purposes. High-risk violations can be configured to automatically terminate suspicious sessions and quarantine malicious users, allowing time for the security team to investigate the intrusion.
Virtual patching protects from known exploits and many zero-day threats
It's not always possible to install vendor patches immediately, as they often require applications testing and downtime to apply the update. And some applications still use older releases of the databases, for which patches are no longer provided. McAfee Database Activity Monitoring detects attacks attempting to exploit known vulnerabilities as well as common threat vectors and can be configured to either issue an alert or terminate the session in real time. Virtual patching updates are provided on a regular basis for discovered vulnerabilities, and can be implemented without database downtime, protecting sensitive data until a patch is released by the database vendor and can be applied.
Deploy quickly and nonintrusively with minimal resources
McAfee Database Activity Monitoring can be implemented and begin protecting databases in under one hour, without the need for special hardware or additional servers. Further accelerating deployment, McAfee Database Activity Monitoring automatically scans the network for databases and uses wizard-driven templates for various regulatory environments to guide the user in quickly creating custom security policies to meet audit requirements. By distributing the responsibility for implementing security policy to autonomous sensors running on each database server, McAfee Database Activity Monitoring scales cost effectively to support the largest enterprises.
Supports modern it infrastructure, including virtualization and cloudProduct Highlights
Other systems for database monitoring rely on analysis of network traffic to identify policy violations, something that is either impossible or inefficient in the highly dynamic and distributed architectures used for data center virtualization and cloud computing. In contrast, McAfee sensors can be configured to automatically provision along with each database, request the security policy based on the data it hosts, and then begin sending any alerts to the management server. Even if network connectivity is interrupted, data is still protected as the sensor implements the security policy locally, and alerts are queued for delivery when the management server is reachable again.
- Maximizes visibility and protection from all sources of attacks
- Monitors external threats, privileged insiders, and sophisticated threats from within the database
- Minimizes risk and liability by stopping attacks before they cause damage
- Saves time and money with faster deployment and a more efficient architecture
- Gives you the flexibility to easily deploy on the IT infrastructure you choose
- Quickly build a custom security policy to meet industry regulations or internal IT governance standards
- Log access to sensitive data for audit purposes, including complete transaction details
- Terminate sessions violating policies and quarantine suspicious users, preventing data from being compromised
- Maintain separation of duties as required by many regulations