McAfee Deploys Guardium's Database Security and Monitoring Solution

Guardium, a database security company, announced that McAfee has deployed Guardium's real-time database security and monitoring solution to safeguard sensitive cardholder data in its high-volume McAfee.com environment.

McAfee.com processes millions of credit card transactions per year for McAfee's online stores, serving home, home office and small business consumers. The site also serves customers of McAfee's national ISP partners such as Comcast and Cox Communications, who have strict Service Level Agreements (SLAs). It is hosted in multiple geo-separated data centers hosting clustered database systems.

"McAfee needed a solution with continuous real-time visibility into all sensitive cardholder data - in order to quickly spot unauthorized activity and comply with the Payment Card Industry Data Security Standard (PCI DSS) - but given our significant transaction volumes, performance and reliability considerations were crucial," said Tony Gunn, director of security engineering, McAfee. "We were initially using a database auditing solution that collected information from native DBMS logs and stored it in an audit repository, but granular logging significantly impacted our database servers and the audit repository was simply unable to handle the massive transaction volume generated by our McAfee.com environment. The Guardium solution provided enterprise-class scalability in a solution and was deployed in less than 48 hours. In addition to safeguarding our customers' trust, Guardium's technology also automates our PCI database controls and reduces DBA workload while enforcing separation of duties to protect against both internal and external threats."

McAfee said it is now expanding its Guardium implementation to protect its SAP systems for Sarbanes-Oxley (SOX) compliance, as well as to safeguard other sensitive financial databases in the corporation. The company is also integrating Guardium with its correlation engine and enterprise-wide Security Information and Event Management (SIEM) platform to consolidate database security alerts and events into a single console.

((Comments on this story may be sent to newsdesk@closeupmedia.com))

Related terms: communications, credit card, engineering, environment, hosting, online, security, small business, technology