DAM may combine data from network-based monitoring and native audit information to provide a comprehensive picture of database activity.
The data gathered by DAM is used to analyze and report on database activity, support breach investigations, and alert on anomalies.
DAM helps businesses address regulatory compliance mandates like the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act (SOX), U.S. government regulations such as NIST 800-53, and EU regulations.
According to Gartner, “DAM provides privileged user and application access monitoring that is independent of native database logging and audit functions.
[1] Privileged User Monitoring: Monitoring privileged users (or superusers), such as database administrators (DBAs), systems administrators (or sysadmins), developers, help desk, and outsourced personnel – who typically have unfettered access to corporate databases – is essential for protecting against both external and internal threats.
Multi-tier enterprise applications such as Oracle EBS, PeopleSoft, JD Edwards, SAP, Siebel Systems, Business Intelligence, and custom applications built on standard middle-tier servers such as IBM WebSphere and Oracle WebLogic Server mask the identity of end-users at the database transaction level.
New auditor guidance from the Public Company Accounting Oversight Board for SOX compliance has also increased the emphasis on anti-fraud controls.
Cyberattack Protection: SQL injection is a type of attack used to exploit bad coding practices in applications that use relational databases.
As defined by Gartner, “DAM tools use several data collection mechanisms (such as server-based agent software and in-line or out-of-band network collectors), aggregate the data in a central location for analysis, and report based on behaviors that violate the security policies and/or signatures or indicate behavioral anomalies.
What DAM systems do is find places where they can view the communication stream and get the requests and responses without requiring participation from the database.
[3] In the latest versions of this technology a lightweight sensor runs on the host and attaches to the process at the OS level to inspect private data structures.