Database Activity Monitoring

Database activity monitoring (DAM) is a database security technology for monitoring and analyzing database activity that operates independently of the database management system (DBMS) and does not rely on any form of native (DBMS-resident) auditing or native logs such as trace or transaction logs. DAM is typically performed continuously and in real-time. DAM helps businesses address regulatory compliance mandates like the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act (SOX),

According to Gartner, “DAM provides privileged user and application access monitoring that is independent of native database logging and audit functions. It can function as a compensating control for privileged user separation-of-duties issues by monitoring administrator activity. The technology also improves database security by detecting unusual database read and update activity from the application layer. Database event aggregation, correlation and reporting provide a database audit capability without the need to enable native database audit functions (which become resource-intensive as the level of auditing is increased).”[1] According to a survey by the Independent Oracle User Group (IOUG), “Most organizations do not have mechanisms in place to prevent database administrators and other privileged database users from reading or tampering with sensitive information in financial, HR, or other business applications. Most are still unable to even detect such breaches or incidents.” Accordingly, Future Data has tied up with the global leader Imperva to deliver an automated and scalable database auditing solution that monitors and audits all access to sensitive data across heterogeneous database platforms. Imperva SecureSphere helps organizations demonstrate compliance with industry regulations through automated processes, audit analysis and customizable reports. In addition, SecureSphere accelerates incident response and forensic investigation with centralized management and advanced analytics.

Key Capabilities

 

01

Database Classification: Discover critical databases and classifying data in scope for compliance and security

02

Database Audit: Continuous Auditing of Sensitive Data Usage

03 User Rights management: Effective User Rights management through all databases.
04 Virtual Patching: Assessment of Virtual Patching of databases vulnerabilities.