McAfee and Sentrigo Data Security {3}

by Andrew H
For my last blog post I read an article by Leena Rao called, “Intel’s McAfee Acquires Sentrigo to Boost Database Security Offerings.” The article talks about how McAfee announced the acquisition of Sentrigo. Sentrigo had raised $19 million in venture funding and offers host based software that protects enterprise databases. It does so by monitoring all of the databases activity in real time and the providing alerts, audit trail, virtual patching, and automatic intrusion capabilities. This is was all done via a program called Hedgehog which has a very small footprint and allows for complete monitoring of all database activities with no interference of any kind. McAfee had actualy partnered with Sentrigo in 2010 and in 2011 they acquired them. Mcafee’s Vulnerability Manager is a product that both companies had worked on before the acquisition, it automatically discovers all databases on a network, scans them, collects a full inventory of configuration details and determines if the latest patches have been applied. Their Database Activity Monitoring (DAM) not only tracks the changes in the database but protects the data from external threats as well with real time alerts and session termination. read more...

Oracle’s Approach to Database Security {Comments Off on Oracle’s Approach to Database Security}

by Daniel L
Last week my blog post talked about McAfee’s database security offerings and how they were handling the security concerns of businesses.  Since database security is a key issue these days, especially with all these server breaches making the headlines, I wanted to cover another company’s approach at database security.  Oracle, the company known for its database management systems, has teamed up with F5 Networks to deliver a database firewall to the market.  Oracle is gearing this service to go up against database activity monitoring services offered by companies like Imperva and IBM.  The way the firewall works is by creating a barrier around the database, scrutinizing any of the SQL statements coming its way, ultimately determining if any immediate action should be taken to block the statement.  The firewall is capable of logging statements, sending out alerts if they are out of the ordinary, and it can even substitute SQL statements.  A company using the firewall can set up whitelist and blacklist policies which play the role of gatekeeper to the database.  Companies shouldn’t worry if they aren’t using a database system built by Oracle, the firewall is compatible with non-Oracle database platforms.  Moreover, Oracle and F5 have also developed a web application firewall. read more...

Database Security and McAfee {1}

by Daniel L
The number of databases getting hacked or compromised keeps going up, but the question is, are there any counter-measures being used against these database breaches?  The answer to this question lies in the approach to database security McAfee has taken, providing businesses with protective countermeasures capable of thwarting the influx of potentially harmful intrusions.  McAfee offers businesses protection of data in every state, whether it is at rest or in use, through the combination of network and server security, along with encryption and file permission controls.  It is understood that safeguarding databases is one of the most difficult things to do, and this is where McAfee is trying to make a difference through their offerings.  The security solutions that McAfee offers include database discovery and assessment, protection of data, database management tools, and activity monitors.  First and foremost, information about all the databases belonging to an organization are collected, which ultimately determines if security patches have been properly deployed and installed, scanning for any possible vulnerabilities along the way.  Furthermore, McAfee ensures that critical data will be protected through the use of a firewall along with access restrictions of the users or applications with insufficient permissions.  Real time monitoring alerts are also used to warn database administrators of a possible intrusion attempt, giving them the ability to terminate sessions accordingly. read more...

More Database Protection {Comments Off on More Database Protection}

by Alexander V

Most people have probably heard of McAfee and their security solutions for personal computers. Now, they recently announced a database security solution that would protect databases with no loss in performance.  According to the article, McAfee’s database solution will be based on their Security Connected Initiative which means that data will be protected in all states and all centrally managed. A survey by Evaluserve showed that databases were the most difficult part of IT to protect. This can be seen from the recent outbreaks in data breaches. In addition to that, the article states that a large amount of data breaches involved a database, and the majority of those breaches required technical skills to execute. McAfee’s approach to database security includes: “automated discovery and assessment”,” protection”, and “manage and monitor.” “Automated discovery and assessment” uses McAfee Vulnerability Manager which scans the network for databases and checks if they are up to date and whether they have any vulnerabilities.  Their “protection” involves three layers of protection: a network firewall, application whitelisting and  host intrusion prevention, and protection of the data. Last of all is “manage and monitor,” customer’s use McAfee’s Database Activity Monitoring software so they can monitor their databases and be alerted of real-time data breaches. read more...