McAfee Database Activity Monitoring: Database security tool overview

Expert Ed Tittel takes a look at McAfee Database Activity Monitoring and McAfee Vulnerability Manager for Databases to see how they protect enterprises' databases and corporate data.

McAfee is a long-established company perhaps best known for its antimalware products aimed at consumers, small to midsize organizations and the enterprise. After a 2011 acquisition, McAfee incorporated the Sentrigo database security products into its product line, which are branded as Intel Security products. (McAfee is part of Intel Security.) Two of these products, McAfee Database Activity Monitoring and McAfee Vulnerability Manager for Databases, rely on the McAfee ePolicy Orchestrator (McAfee ePO) management platform as their central console.

McAfee Database Activity Manager product features

McAfee Database Activity Monitoring is a software-only solution (no special hardware or servers needed) aimed at small organizations through large enterprises. After a quick deployment (generally just an hour or less) and wizard-driven configuration, Database Activity Monitoring automatically discovers databases on the network. The management console installs autonomous client-side sensors on each database server, which send security event information continuously back to the console. As a failsafe, the console issues an alert if a sensor stops sending information. An administrator can configure the console to auto-terminate sessions that violate policy and to quarantine suspicious or malicious users to prevent data compromise.

Security event identification criteria include user, application program, Internet Protocol (IP) or host name, time of day, type of statement (SELECT, INSERT, DELETE, TRUNCATE, UPDATE, GRANT etc.), object accessed and more, along with blacklist- and whitelist-specific criteria.

McAfee Database Activity Monitoring watches for inside and external threats, as well as those from within the database. Administrators can create custom security policies and configure separation of duties to meet internal audit requirements and industry regulations.

McAfee Vulnerability Manager for Databases product features

McAfee Vulnerability Manager for Databases is available as software or bundled with an appliance. Like Database Activity Monitoring, Vulnerability Manager performs autodiscovery of databases and comes with several preconfigured base settings that let an administrator scan for PCI DSS vulnerabilities or SANS Institute/FBI Top 20 vulnerabilities, for example, or perform a full scan of all assets.

Vulnerability Manager for Databases was validated by ESG Labs in 2014.

Note: For complete database protection, McAfee and Vormetric teamed up to offer an integrated solution. It includes McAfee's database security products (including McAfee Virtual Patching for Databases, not covered in this article), as well as Vormetric's Data Security Manager, Transparent Encryption and Application Encryption.

Pricing and licensing

McAfee Database Activity Monitor, a software-only product, is licensed by CPU core. The company prefers potential customers contact McAfee or a partner for specific pricing.

McAfee Vulnerability Manager for Databases is sold as an appliance with software licensing and support. The 3100 appliance costs around $5,500 (with reseller discounts). Software is licensed based on the number of live hosts, with heavy volume discounts. For example, a perpetual license for 100 to 249 live hosts is about $100 per license; 500 to 999 hosts costs about $50 per license.

Support

In addition to an online knowledge center, free software patches and updates, community forums and an online service request portal, customers can choose from a long list of paid support packages via Intel Security. Support costs for Database Activity Monitoring are not available. A one-year support contract for McAfee Vulnerability Manager for Databases ranges from about $650 to $1,300, depending on the level of support.

Next Steps

Part one of this series examines the basics of database security in the enterprise

Part two of this series looks at enterprise deployment scenarios for database security tools

Part three of this series offers nine steps for purchasing database security software

Part four of this series compares the top database security tools in the industry

Dig Deeper on Data security and privacy