McAfee Vulnerability Manager for Databases
A comprehensive assessment of the risk to your most sensitive data

Features & Benefits:

Get unparalleled visibility into database security posture
Know exactly where risks are and how to minimize the likelihood of a breach by automatically discovering databases on the network, and conducting more than 4,700 checks for vulnerabilities.

Save time and money by reducing the need for external database security consultants
Get recommendations for remediation for the most high-priority vulnerabilities, in many cases augmented with fix scripts you can run to address any issues.

Gain access to more than 4,700 security verifications
Get comprehensive and up-to-date checks of the most popular database platforms reporting on meaningful criteria such as version/patch level, changed objects, modified privileges, and forensic traces from common hacker tools.

Discover databases and sensitive tables automatically
Find databases by scanning the network or by importing from existing tools, and identify tables containing restricted information based on preset patterns.

Check passwords quickly and efficiently
Use a variety of techniques to detect weak passwords and shared passwords, including hashed passwords (SHA-1, MD5, and DES), by downloading data for local analysis to avoid affecting database performance.

Get out-of-the-box regulatory compliance reports and custom reporting
View reports for PCI DSS and other regulations, as well as specific reports for various stakeholders such as database administrators (DBAs), developers, and InfoSec users.

Get recommendations and fix scripts for high-priority items
Organize items by priority and provide actionable recommendations for remediation based on input from leading security researchers.

Integrated directly with McAfee ePolicy Orchestrator (ePO)
McAfee Vulnerability Manager for Databases is directly managed with the ePO platform, providing centralized reporting and summary information for thousands of databases from a single, consistent dashboard.

The Fastest Path to Database Compliance

With a set of features designed to speed initial scans and out-of-the-box reports to address most compliance requirements, McAfee Vulnerability Manager for Databases delivers audit-ready results with minimal resources.

To get your first assessment completed quickly, McAfee Vulnerability Manager for Databases:

• Automates discovery of databases on the network.
• Locates and identifies tables containing sensitive information.
• Conducts a quick port scan providing database version and patch status.
• Presents findings in preconfigured reports for various compliance standards.

High-Speed, High-Efficiency Password Checking

Compromised passwords are responsible for a significant percentage of data breaches and hackers have become much more automated in their attacks based on simply guessing passwords. Basic security principles include avoiding weak passwords and preventing sharing of passwords across users and accounts, but how do you know it’s happening?

McAfee Vulnerability Manager for Databases offers the fastest weak password detection methods available, flagging accounts with simple passwords, default passwords, and shared passwords. It can even scan hashed passwords, stored, for example, in SHA-1, MD5, or DES.

By using direct connections to databases, password checking is accomplished without significant load on the database server and does not lock out users for excessive login attempts.

Built on Proven Database Security Expertise

Database management systems are complex, introducing their own set of security risks, some of which are similar to other system software (such as patch updates, password strength, and others) and some of which are unique to databases (such as threats from SQL injection or buffer overflow exploits). McAfee Vulnerability Manager for Databases comes from the team that’s credited with contributions in seven of the last 10 critical patch updates (CPUs) that Oracle released. It leverages the expertise of leading database security practitioners to:

• Identify susceptibility to database-specific risks, including SQL injection, buffer overflow, and malicious or insecure PL/SQL code.
• Prioritize findings and highlight the “real” issues needing immediate attention.
• Provide actionable intelligence on how to address risks, including fix scripts whenever possible.
• Allow security and compliance users with limited database knowledge to quickly understand risks to sensitive data and how to remediate them.

Integration with the McAfee ePolicy Orchestrator Platform for Maximum Visibility

McAfee Vulnerability Manager for Databases is fully integrated with the McAfee® ePolicy Orchestrator® dashboard, providing centralized reporting and summary information for all your databases from a consolidated dashboard. It delivers detailed information and scan configuration as well as direct links to invoke the vulnerability scanning management console with granular control over every operation.

System Requirements:

These are minimum system requirements only. Actual requirements will vary depending on the nature of your environment.

• McAfee ePolicy Orchestrator (ePO) 4.6 — 5.1
• Microsoft Windows Server 2003 with Service Pack 2 (SP2) or higher
• Microsoft SQL Server 2005 with SP1 or higher
• 2 GB RAM
• 1 GB free disk space
• Browser (for management console): Firefox 2.0 or later, or Microsoft Internet Explorer 7.0 or later

Supported Databases for Scanning

• Oracle 8i or later
• Microsoft SQL Server 2000 or later
• Microsoft SQL Azure
• IBM DB2 8.1 or later for Linux, Unix, and Windows
• MySQL version 4.0 or later
• PostgreSQL version 8.3 or later
• Sybase ASE version 12.5 or later
• Teradata v12, v13, v14 — Database discovery, sensitive data discovery, custom checks, and password cracking
• Informix v10.0, v11.1, v11.5, v11.7 — Database discovery, sensitive data discovery and custom checks
• SAP HANA v1 — Database discovery, data discovery and custom checks

Documentation:

Download the McAfee Vulnerability Manager for Databases Datasheet (PDF).