McAfee Works with Raz-Lee to Monitor DB2 for i
March 5, 2013 Alex Woodie
The IBM i pros at Raz-Lee Security are working with counterparts at security giant McAfee to integrate portions of Raz-Lee’s iSecurity suite with McAfee’s enterprise security solutions–specifically, its Database Activity Monitor (DAM) solution. The work will extend DAM to include DB2 for IBM i monitoring capabilities that are not currently offered by McAfee.
McAfee offers a range of database-related solutions for enterprise customers running relational database management systems, such as DB2 for LUW, Oracle, SQL Server, and MySQL. This includes Vulnerability Manager, which scans databases for more than 45,000 known threats; Virtual Patching, which detects and prevents intrusions at the database level through patching; and DAM, a Windows-based software product that monitors databases (even unpatched ones) for signs of activity that violates security policies, and keeps an audit trail for SOX, HIPAA, et al.
According to Raz-Lee, the integration between iSecurity and DAM will entail collecting DB2 for i activity and forwarding it to DAM for analysis. The McAfee sensor will receive activity from the pertinent iSecurity module and will evaluate the activity and communicate with the DAM server to apply policy rules and report on activity, Raz-Lee says.
The fact that joint iSecurity-DAM customers will be able to monitor and evaluate potential threat activity on DB2 for i alongside the same data collected and evaluated on other databases–including SQL Server, Oracle, MySQL Server, DB2 for LUW, DB2 for z/OS, MySQL, PostgreSQL, Sybase, and Teradata–will be a boon for holistic security coverage at the database level.
“The use of iSecurity solutions will enable multi-platform users of McAfee’s DAM software to incorporate database and security-related information originating from IBM i systems,” states Raz-Lee CEO and CTO Shmuel Zailer in a press release. “Implementing jointly integrated solutions will help mutual customers enjoy faster time to deployment and lower total cost of ownership.”
McAfee welcomed Raz-Lee as a new member of its Security Innovation Alliance SIA) partner program. “Our partnership with Raz-Lee Security will enable IBM i customers to leverage the benefits of McAfee’s DAM solutions by delivering an integrated and comprehensive security and database monitoring solution,” stated Ed Barry, vice president of McAfee’s SIA program.
McAfee acquired DAM and other components of its database security suite in 2011 through its acquisition of Sentrigo, which developed a way to monitor for malicious database activity by pulling SQL queries out of memory. Initially it targeted the Oracle database, but Sentrigo and McAfee eventually expanded the solution to support practically every major database–that is, except for DB2 for i.
Raz-Lee has partnerships with many third-party developers of security information and event management (SIEM) systems to feed those SIEMs with IBM i data, including: IBM‘s Q1Labs; EMC‘s RSA Envision; Hewlett-Packard‘s ArcSight; Splunk; GFI; and Imperva, with whom it has an OEM agreement.
DB2 for i support will be offered by McAfee in DAM by the end of March, says Eli Spits, Raz-Lee vice president of business development. For more information, see www.razlee.com.