McAfee provides database security software. To support open source databases like MySQL and PostgreSQL, McAfee developed plugins that hook into the database internals. The MySQL plugin has been available since 2011 and the PostgreSQL plugin since 2016. Both are open source under GPL licenses. The plugins allow McAfee to collect detailed information from the databases to monitor for threats. Developing plugins requires less effort than traditional methods and leverages the open source code. The plugins have been well received by customers and have helped McAfee gain new business while maintaining support for existing customers using open source databases.

1. 1June 5 2017, Database Security MCAFEE – Public Release
McAfee – Public Release
Open Source For
Fun and Profit
Aharon Robbins I Senior Software Engineer
Aharon_Robbins@McAfee.com
Mixing Proprietary and Open Source Code
June 5, 2017

2. 2June 5 2017, Database Security MCAFEE – Public Release
A Little Bit About Me
▪ Aharon Robbins:
▪ Software engineer with M.S. degree and over 35 years (!) experience
▪ (I’m older than I look ☺)
▪ In Israel since 1997
▪ Working for McAfee since late 2015
▪ Worked for Intel for 7.5 years before that
▪ Etc…
▪ Arnold Robbins (my secret identity):
▪ Free Software developer for FSF / GNU Project
▪ GNU Awk (gawk)
▪ Since 1989 (!!!!)
▪ Author / co-author of numerous books from O’Reilly and Prentice Hall

3. 3June 5 2017, Database Security MCAFEE – Public Release
Who we are and what we do
About McAfee Database Security
Originally a small startup company in Kfar Saba (“Sentrigo”).
Purchased by McAfee in 2010, shortly before McAfee was purchased by Intel.
Now part of “the New McAfee”.
▪ Database security:
▪ Scanning of SQL statements being executed
▪ Test statements against known problems and against user-defined rules
▪ Send alerts, quarantine a session, terminate a session
▪ Commercial DBMS:
▪ Oracle, Sybase, DB2, Teradata, SAP Hana, MSSQL
▪ Linux, Windows, Solaris, AIX, HP/UX
▪ Open Source DBMS:
▪ MySQL, PostgreSQL, MongoDB

4. 4June 5 2017, Database Security MCAFEE – Public Release
Why is Database Security Important?
Think about it. Data in database systems are the “crown jewels”:
▪ Government:
▪ Employee records
▪ Citizen tax records
▪ Army records
▪ Banks:
▪ Accounts
▪ Credit cards
▪ Employees
▪ Companies:
▪ Customers
▪ Inventory
▪ Orders
▪ Shipping
All this stuff is very valuable and needs to be protected from internal and external threats

5. 5June 5 2017, Database Security MCAFEE – Public Release
What are the issues?
Problem / Opportunity
Customers:
▪ Customers who have traditionally used Big-$$ DBMSs like Oracle are increasingly
moving to Open Source alternatives like MySQL, PostgreSQL and MongoDB
▪ Existing customers want to continue to use our Database Access Monitor (DAM) on their
Open Source DBMSs
▪ Supporting these DBMSs gives us access to new customers
▪ Old customers + new customers = $$ ☺
But how?
Can we leverage the fact that we can see the source for Open Source
DBMSs?

6. 6June 5 2017, Database Security MCAFEE – Public Release
The Solution: Plugins!
▪ MySQL and PostgreSQL both have plugin mechanisms. A plugin:
▪ Lets us hook into DBMS internals to get the info we need
▪ Lets us collect as much or as little info as we want, and change what we collect over time
▪ Requires much less development effort than our traditional mechanisms do
▪ Since the DBMS source is right there, we can often leverage it to do things above and beyond
what the DBMS plugin mechanism might normally allow

7. 7June 5 2017, Database Security MCAFEE – Public Release
The Solution: Plugins!
▪ MySQL and PostgreSQL both have plugin mechanisms. A plugin:
▪ Lets us hook into DBMS internals to get the info we need
▪ Lets us collect as much or as little info as we want, and change what we collect over time
▪ Requires much less development effort than our traditional mechanisms do
▪ Since the DBMS source is right there, we can often leverage it to do things above and beyond
what the DBMS plugin mechanism might normally allow
▪ Here’s what it looks like:

8. 8June 5 2017, Database Security MCAFEE – Public Release
How To Go About It - Development
What’s involved in writing a plugin?
▪ Research the database
▪ Read the doc
▪ Read the code
▪ Look at other plugins
▪ Write the plugin
▪ Code, Build scripts, Tests, Documentation
▪ License it under the appropriate license
▪ This is the potentially scary part, especially for traditional software companies (McAfee, Intel, …)
▪ Are we giving away valuable Intellectual Property (I.P.) in our plugin?
▪ Solution: Be generic in what the plugin does
▪ Works standalone and with our product

9. 9June 5 2017, Database Security MCAFEE – Public Release
How To Go About It - Publishing
What’s involved in publishing a plugin?
▪ Publish code on Github
▪ Wiki, ChangeLog, etc.
▪ Publish binaries on Bintray.com
▪ This turns out to be very important. Many users don’t want to compile code themselves ☹
▪ Start a “buzz” (blogs etc.)
▪ This is something of an art, which we’re still learning how to do

10. 10June 5 2017, Database Security MCAFEE – Public Release
Lots of goodness
Results
▪ MySQL plugin available since 2011
▪ Open Source – GPL licensed since MySQL is GPL licensed
▪ Source on GitHub, binaries on bintray.com
▪ Generic: Plugin can log JSON to a file, so has active users outside of our product
▪ In use by many paying customers ($$)
▪ Supports MySQL and MariaDB out of the box
▪ Other MySQL forks (e.g., Percona) supported but with more work involved by the end user
▪ PostgreSQL plugin available since 2016
▪ Leveraged earlier pgaudit plugin which understands PostgreSQL internals
▪ Open Source – GPL licensed, since it also uses bits of our MySQL plugin, which is GPL
▪ Source on GitHub, binaries on bintray.com
▪ Also generic, able to log JSON to a file
▪ Starting to see some interest from community and also paying customers
▪ Supports PostgreSQL 9.2, 9.3, 9.4, 9.5, 9.6
▪ Please star us: http://github.com/mcafee and get involved!

11. 11June 5 2017, Database Security MCAFEE – Public Release
Lessons Learned
Some take-aways for people doing proprietary software
▪ Bridging Open Source products to proprietary products is possible and generally
welcomed by customers
▪ Creating a community around such a product as a plugin is not only possible but
beneficial
▪ Even a small community of technical users (developers) can fuel considerable innovation. (Many
bugs were found by users “out in the wild” and features suggested by them have been included.
There are a few forks of the MySQL plugin.)
▪ Being attentive and responsive to the community encourages its growth and interaction
with McAfee and the product
▪ Don’t be afraid to Open Source license pieces of the puzzle that can positively impact
the total picture

12. 12June 5 2017, Database Security MCAFEE – Public Release
McAfee, the McAfee logo and [insert <other relevant McAfee Names>] are trademarks or registered trademarks of McAfee LLC or its subsidiaries in the U.S. and/or other
countries. Other names and brands may be claimed as the property of others. Copyright © 2017 McAfee LLC.

13. 13June 5 2017, Database Security MCAFEE – Public Release
McAfee – Public Release

14. 14June 5 2017, Database Security MCAFEE – Public Release
What are the issues?
Problem / Opportunity
Customers:
▪ Customers who have traditionally used Big-$$ DBMSs like Oracle are increasingly
moving to Open Source alternatives like MySQL, PostgreSQL and MongoDB
▪ Existing customers want to continue to use our Database Access Monitor (DAM) on their
Open Source DBMSs
▪ Supporting these DBMSs gives us access to new customers
▪ Old customers + new customers = $$ ☺
But how?
▪ Supporting new DBMSs with memory scanning and/or network protocol parsing requires
serious development and maintenance effort
▪ Both mechanisms are passive; there’s little flexibility in the kind of information we can
collect
▪ Can we leverage the fact that we can see the source for Open Source DBMSs?

15. 15June 5 2017, Database Security MCAFEE – Public Release
Why is this important?
About McAfee Database Security
Think about it. Data in database systems are the “crown jewels”:
▪ Government:
▪ Employee records
▪ Citizen tax records
▪ Army records
▪ Banks:
▪ Accounts
▪ Credit cards
▪ Employees
▪ Companies:
▪ Customers (and their credit cards!)
▪ Inventory
▪ Orders
▪ Shipping
All this stuff is very valuable and needs to be protected from internal and external threats

16. 16June 5 2017, Database Security MCAFEE – Public Release
How do we do it?
About McAfee Database Security
We use a variety of technologies, whose combination gives a very thorough picture of
what’s happening
▪ Memory scanning
▪ Network traffic sniffing
▪ Kernel module for local communication (pipe, socket)
▪ Plugins for Open Source DBMSs

17. 17June 5 2017, Database Security MCAFEE – Public Release
Lots of goodness
Results
▪ MySQL plugin available since 2011
▪ Open Source – GPL licensed since MySQL is
▪ Source on GitHub, binaries on bintray.com
▪ Generic: Plugin can log JSON to a file, so has active users outside of our product
▪ In use by many paying customers ($$)
▪ Supports MySQL and MariaDB out of the box
▪ Other MySQL forks (e.g., Percona) supported but with more work involved by the end user

18. 18June 5 2017, Database Security MCAFEE – Public Release
Lessons Learned
Some take-aways for people doing proprietary software
▪ Bridging Open Source products to proprietary products is possible and generally
welcomed by customers
▪ Creating a community around such a product as a plugin is not only possible but
beneficial
▪ Even a small community of technical users (developers) can fuel considerable innovation. (Many
bugs were found by users “out in the wild” and features suggested by them have been included.
There are a few forks of the MySQL plugin.)

19. 19June 5 2017, Database Security MCAFEE – Public Release
McAfee, the McAfee logo and [insert <other relevant McAfee Names>] are trademarks or registered trademarks of McAfee LLC or its subsidiaries in the U.S. and/or other
countries. Other names and brands may be claimed as the property of others. Copyright © 2017 McAfee LLC.