McAfee Database Event Monitor for SIEM
Maximum visibility into database transactions
McAfee Database Event Monitor for SIEM provides a complete audit trail of all database activities, including queries, results, authentication activity, and privilege escalations.
Maintain full session details of all transactions, so you can easily see what happened before and after any given transaction—from login to logout.
Analyze all monitored activity against a customizable set of policy rules and receive alerts on all suspicious activity. Anomaly-based detection indicates abnormal user activity, queries, and other out-of-place behavior.
Discover all database instances, including unknown or rogue databases, and identify which databases are storing credit cards, social security numbers, or other sensitive data.
Speed database event investigations by viewing an entire session—from login to logout—with a single mouse click.
Use policy-based detection rules and compliance reports for PCI DSS, HIPAA, and NERC-CIP. McAfee Database Event Monitor for SIEM delivers compliant storage and masking of sensitive data in activity logs.
Leading independent analysts have evaluated the features and performance of McAfee SIEM solutions.
McAfee Database Event Monitor requires McAfee Enterprise Security Manager (ESM) and can be deployed as a physical appliance. McAfee SIEM appliance specifications and descriptions are provided for information only, subject to change without notice, and provided without warranty of any kind, expressed or implied.
|Model Number||Maximum EPS1||Appliance Size||Local Storage2||Network Interfaces (10/100/1000)||System Requirements|
|DEM-2600||5,000||2U||1.8TB||2 + 4 monitoring ports3||Requires ESM|
|DEM-4600||15,000||2U||3TB||2 + 8 monitoring ports3||Requires ESM|
1Based on typical network environments using average event and flow aggregation. Depending on aggregation settings, collection type mix, overall SIEM activity, and related activities, the EPS levels for any given appliance, within an environment, may be lower.
2Usable event and flow data storage capacity will vary by customer event types, event rates, software version, and other factors.
3IPMI: Please note that all McAfee SIEM appliances, except DAS-50 and DAS-100, have IPMI adapters; for ERC HA, IPMI is used for the HA configuration.
Need additional technical resources? Visit the McAfee Expert Center
Many organizations deploy security products from multiple vendors that do not interact with each other. In today’s fast evolving threat landscape, this not only increases operational costs, it increases risk. Evolving security challenges require open, collaborative approaches to detect threats, reduce risk, and ensure compliance. Below is a selection of Security Innovation Alliance partners with McAfee SIEM integrated solutions that allow you to resolve more threats faster with fewer resources.See All SIEM-Integrated Partners