Past Winners

McAfee for McAfee Database Security Winner Winner

Enterprises store their most sensitive information in databases – yet breaches announced publicly almost weekly tell us that perimeter protection and the basic security that comes with these systems is not enough. McAfee's database security solutions include vulnerability assessment, comprehensive audit and database activity monitoring, virtual patching with real-time intrusion prevention, integrity monitoring/change control and end-user accountability. By implementing the McAfee database security solutions, customers gain visibility into where their databases are, which ones contain sensitive information, and how secure they are, as well as comprehensive protection against all database threats. Out-of-the-box templates and reports for PCI-DSS, HIPAA/HITECH, Sarbanes-Oxley and other regulations, allow organizations to quickly and easily meet compliance standards governing sensitive data, while minimizing the risks of a damaging breach.

By delivering a complete family of products, fully integrated through McAfee ePolicy Orchestrator's dashboard, McAfee significantly simplifies the deployment and monitoring of the security infrastructure. McAfee Vulnerability Manager for Databases provides the most comprehensive testing, with more than 4,000 checks of potential weaknesses across the most popular database platforms. McAfee Database Activity Monitoring is less intrusive than other solutions as it requires no changes to the database itself, and no configuration changes to the network, and yet can provide real-time alerting or session termination with minimal overhead. The unique memory-based sensor model catches threats from all potential sources, included privileged users, and the fully distributed architecture also can be deployed in virtualized environments and in the cloud. McAfee Virtual Patching for Databases identifies and blocks attempts to exploit known vulnerabilities on unpatched servers, as well as common threat vectors of many zero-day attacks.


The reality is that most organizations have implemented strong perimeter security, and often additional network security solutions, but if a hacker gets past these there is little protection on the database servers themselves – leaving the most sensitive information in the enterprise open to attack. In addition, the privileged users in most enterprises – systems and database administrators and developers – can easily make unauthorized copies of databases without detection, or introduce backdoors that bypass existing security. By implementing an additional layer of advanced database security, organizations reduce the likelihood of a data breach, avoiding significant expenses in remediation, and damage to the company reputation. For those enterprises subject to compliance regulations, demonstrating effective controls over sensitive information – including segregation of duties to prevent insider threats – is a key part of satisfying auditor requirements.

With McAfee's approach of continuous compliance, the cost of preparing for and supporting an audit is significantly reduced as the organization has the necessary information available at all times, and can easily prepare required reports and ad hoc data to satisfy regulatory requirements. Compared to manual processes for tracking databases, evaluating current patch levels, conducting penetration testing and more, customers will see significant savings. The McAfee database security solutions are software-only, and can be installed in under an hour and configured quickly. Out-of-the-box rules and wizard-driven templates speed time to compliance while requiring minimal resources, resulting in lower total cost of ownership compared to competitive offerings.

Regulations require that enterprises protect information, including customer data, financial records and other sensitive assets. Even without these regulations, the cost of a major breach would be disastrous. By reducing the costs and resources required to maintain compliance, and by minimizing the risks of a breach, McAfee database security solutions deliver value in any enterprise security infrastructure.

There is limited data for specific market share of the database security vendors, however, McAfee is considered one of the top three vendors by analysts and customers in both vulnerability assessment and database activity monitoring. The Virtual Patching solution was the first in the market to address this important database security challenge, and is the most widely deployed.

Category description:

Protecting its critical information is the number one priority for many organizations. An integral component of this is to secure corporate databases. Entries here should include solutions that help customers safeguard mission-critical database environments. Features of these offerings can run the gamut – from encryption to access management to logging and monitoring. Be sure to explain the specific ways the solution protects these corporate crown jewels and the features present to ensure exposures are mitigated.