McAfee Database User Identifier

McAfee Database User Identifier Overview:

You store your most valuable and sensitive data in a database, but visibility into the actions of those individuals who access sensitive data has historically been incomplete or even nonexistent. Every week, there is yet another announcement of a major data breach, and research shows that the largest breaches, representing 75 percent of records, according to Verizon's 2009 study, come from databases. McAfee® Database User Identifier accurately identifies end-user activity in the database, making it possible to hold users accountable for their transactions and helping to bring organizations into compliance with regulations such as PCI DSS and Sarbanes-Oxley, while enabling the enforcement of corporate security policy on individuals.

Description:

McAfee Database User Identifier accurately identifies end-user activity when using pooled connections from the application to the database, making it possible to hold users accountable for their transactions and helping to bring organizations into compliance with regulations. With Database User Identifier, you can gain visibility into risks to sensitive data and gather actionable information to address these risks.

Dependable end-to-end user tracking — Database User Identifier is installed on JavaEE and .NET application servers as a separate container, where it injects the end-user information into the pooled database connection and associates every database session, SQL statement, and command with individual users.

Software-only solution, non-intrusive, and easy to deploy and maintain — As a software component, Database User Identifier is installed on the application servers and does not require any change to the underlying applications or database management system.

Actionable alerting on specific end-user activity — Information from Database User Identifier can be used by McAfee Database Activity Monitoring to create granular rules to specifically alert or block users based on application activity.

Benefits and Features:

• Capture the identity of individual users accessing the database
  Identify every user action and name, including user details, the URL used, and the client IP address.
  
  
• Deliver a superior level of accuracy in end-user identification
  Get a reliable audit log by appending the application end-user credentials to every transaction hitting the database.
  
  
• Speed deployment while minimizing overhead and simplifying compliance issues
  Avoid development costs associated with changes to underlying applications or database management systems and provide a complete audit trail of user activity.
  
  
• Gain compliance with regulations that deal with end-user access
  Meet strict compliance regulations and standards such as PCI DSS, SOX, HIPAA, and SAS 70 that focus on controlling individual access to sensitive data.

Solutions:

Increased database security through end-user identification and accountability

With McAfee Database User Identifier, organizations gain visibility into risks associated with their most valuable and sensitive data and receive actionable information that not only helps them address these risks more easily, but also aids them in meeting compliance audit requirements while improving overall security for their critical information.

McAfee Database User Identifier supplies accurate identification information about end users who access databases containing sensitive information, helping organizations in their security compliance efforts.

Accurate Information on End Users Who Access the Database

With McAfee Database User Identifier, organizations gain visibility into risks associated with their most valuable data while receiving accurate, dependable, and actionable information to address these risks, more easily meet compliance audit requirements, and strengthen the overall protection of their most sensitive and critical information.

With McAfee Database User Identifier, organizations can:

• Monitor and track who is doing what in the database, a crucial issue in multitier environments with pooled connections to the database that serve to obscure user identity
• Prevent application spoofing while enjoying enhanced authentication capability and increasing their level of security for enterprise resource planning (ERP), financial services, manufacturing, human resources, and other back-office application environments
• Use standard containers like Weblogic, Websphere, JBoss, Tomcat, as well as Oracle Forms and Microsoft SQL Server Reporting Services
• Integrate with such applications as Oracle E-Business Suite, PeopleSoft, Siebel, SAP, and other applications

Captures All Data Needed for Accurate

In capturing every user action, as well as user details, such as the URL used, client ID, and client IP, McAfee Database User Identifier not only brings organizations into sync with corporate policies that require authorization based on the identity of the user, but also with regulations and auditors that require information on "who did what" with

Increases the level of end-user accountability
By delivering accurate identity information, McAfee Database User Identifier solves an important problem common to multitier environments. Because applications often connect to the database using a single DBMS user (commonly known as a pooled connection or "super user"), the association of individual users with their activities inside the database is obscured. When organizations use McAfee Database User Identifier, they don't have to configure each and every application to pass the client ID through the database connection, saving time and money.

Broad support for most containers and applications
Extending the value of its core technology for user identification, McAfee Database User Identifier works seamlessly with standard containers (including Weblogic, Websphere, JBoss, and Tomcat), as well as Oracle JDBC, Oracle Forms, and Microsoft SQL Server Reporting Services. McAfee Database User Identifier also integrates with applications such as Oracle E-Business Suite, PeopleSoft, Siebel, and SAP, while easily adding additional applications, including those that are developed in-house.

Robust end-user tracking from application to database management systems
By associating every database session, SQL statement, or command with individual users, McAfee Database User Identifier delivers an extremely accurate tracking mechanism that helps organizations to not only comply with regulations such as PCI DSS, but also to make it easier for them to enforce corporate IT policy. Further, this software-only solution is non-intrusive to the database while being easy to deploy and maintain.

System Requirements:

These are minimum system requirements only. Actual requirements will vary depending on the nature of your environment.

Minimum System Requirements

• McAfee ePolicy Orchestrator 4.5
• Microsoft Windows Server 2003 with Service Pack 2 (SP2) or higher
• Microsoft SQL Server 2005 with SP1 or higher
• 2 GB RAM
• 1 GB free disk space
• Browser (for management console): Firefox 2.0 or later, or Microsoft Internet Explorer 7.0 or later

Supported Databases for User Identification

• Oracle version 8.1.7 or later, running on Sun Solaris, IBM AIX, Linux, HP-UX, Microsoft Windows
• Microsoft SQL Server 2000 or later on any supported Windows platform
• Sybase ASE 12.5 on all supported platforms

Documentation:

Download the McAfee Database User Identifier Datasheet (PDF).