Re: Anyone Have Experience With McAfee DB Products?

  • From: Niall Litchfield <niall.litchfield@xxxxxxxxx>
  • To: srcdco@xxxxxxx
  • Date: Tue, 18 Feb 2014 08:05:10 +0000

Actually now I look at the description "Database Vulnerability Scanner"
that looks like Sentrigo functionality that we do use and I described
below.
On Feb 18, 2014 7:19 AM, "Niall Litchfield" <niall.litchfield@xxxxxxxxx>
wrote:

> We use DAM here and I'm pretty happy with it. You will likely find, much
> as anyone who has ever turned on auditing finds, a large number of alerts
> to start with until you get your rules sorted - each *use* of a privilege
> or potentially insecure feature gets flagged - so you probably want to
> limit access to the console to start with.  If you search for Sentrigo
> Hedgehog you'll no doubt find more user reviews and opinion. We don't yet
> use it against SQL and we don't use the other product you mention so I'll
> not comment on them
> On Feb 17, 2014 8:01 PM, "Scott Canaan" <srcdco@xxxxxxx> wrote:
>
>>  Our security office is looking at having the McAfee Database Activity
>> Monitor and McAfee Database Vulnerability Scanner installed on all of our
>> Oracle and SQL Server databases and servers.  This is not the standalone
>> configuration, but the configuration with the ePo server that would collect
>> all of the information from each server and database and consolidate the
>> information into a standard console that many people would have access to.
>>
>>
>>
>> Has anyone had any experience with either or both of these products?  If
>> so, do you have any concerns about the level of access the user has on the
>> server and in the database?
>>
>>
>>
>> Thank you,
>>
>>
>>
>> Scott Canaan '88 (srcdco@xxxxxxx)
>>
>> (585) 475-7886 - work
>>
>> "Life is like a sewer, what you get out of it depends on what you put
>> into it." - Tom Lehrer
>>
>>
>>
>

Other related posts: