If you deploy or are considering data security technology from Websense, Fidelis, Verdasys , Guardium, Imperva or Sentrigo – do you give a DAM ?
It seems that DLP (data loss prevention) vendors are moving up the food chain into DAM (database activity monitoring)? As customers deploy two products in parallel (for example Imperva and Fidelis) for DLP and DAM – the opportunity for reducing TCO (total cost of ownership) seems to be a clear imperative.
Both Websense and Fidelis Security provide DLP functionality for structured data in databases (Fidelis calls it internal DLP) and Websense provides fairly granular fingerprinting of combinations of relational table columns using their PreciseID technology.
Although Websense focuses on deep content analysis and stays away from application security, Verdasys provides application logging at the end point and Fidelis provides application analysis via the network session in addition to the deep content inspection. Both are functions strongly related to database activity monitoring.
Here are the goals I would put down for database activity monitoring, due to the high level of interaction with client/sever and Web applications
- Perform monitoring of ERP, CRM, HR, BI/data warehouse, financial application access to the data model in order to detect irregular patterns indicative of fraud (for example – repetitive access to celebrity account numbers)
- Audit database segregation of duties (SOD) – for example, detecting select all statements by the database administration on schema involving customer data.
- Measure the extent of database vulnerabilities in order to quantify probability of occurrence
- Do it without having to touch the database management system software – for example, by sniffing of database network traffic and decoding the protocols – like Oracle OCI.
