Database Activity Monitoring (DAM)

Database activity monitoring (DAM) is a real-time database security technology that monitors and analyzes database activity, helping to protect sensitive databases from external attacks. This technology does not rely on any form of native auditing or logs working independently of the database management system to monitor, analyze, and alert.

The prevention extension also blocks unauthorized activities

Common uses for database activity monitoring:

Monitoring privileged users who typically have unrestricted access to databases. This is important to protecting databases against internal threats. Most organizations think about protecting their systems from external attack but not about protecting them internally. The monitoring of privileged users is critical to both data privacy and data governance mandates.

Monitoring application activity to detect abuses and provide end-user accountability. Application activity monitoring allows identification of end-users This is important since most multi-tier enterprise applications mask the identity of the end-user at the database level. End-user accountability is often required for data governance mandates.

DAM provides protection from cyberattacks by monitoring application activity and creating a baseline to compare other application behavior to. Hackers often use applications based of SQL statements (SQL injection) to infiltrate a database; getting unauthorized access then adding malicious information, deleting or stealing sensitive information.

"DAM provides privileged user and application access monitoring that is independent of native database logging and audit functions. It can function as a compensating control for privileged user separation-of-duties issues by monitoring administrator activity. The technology also improves database security by detecting unusual database read and update activity from the application layer."

Mark Nicolett, VP Distinguished Analyst Gartner Research,
Avivah Litan, VP Distinguished Analyst Gartner Research,
Paul E. Proctor, VP Distinguished Analyst ,Service Director Security & Risk Management Gartner Research