According to techopedia.com, database activity monitoring (DAM) is a fairly established technology, existing over a decade, which is in charge of observing, identifying, and reporting a database's activities. DAM tools use real-time security technology to provides alerts and reports to analyze configured activities independently.
These tools also help detect irregular activities, whether internal or external, helping system administrators to enhance the prevention and protection of sensitive data.
One of the most important components of a database activity monitoring tool is that the information of the database it is monitoring is stored outside such a database, so the people under monitoring cannot tamper with the data. Another essential element is the capability to send real-time alerts so any violation of policy can be handled immediately.
DAM tools are deployed as software modules loaded on the database servers, providing real-time monitoring and data security by keeping logs, examining, and informing on policy breaches without meddling with the systems' execution.
DAM monitoring is carried out by merging certain techniques such as network sniffing, memory scraping, reading system tables, and database audit logs. No matter which method you use, database activity monitoring tools allow data correlation to present an exact picture of all the events in the database.
These tools also let appropriate specialists recognize, identify, and take corrective actions against threats and attacks, and provide evidence when a data breach occurs. Depending on the settings of the database activity monitoring tools, an administrator may be able to reconstruct or restore data to its previous state.
The five main features that set database activity monitoring tools apart are their capacity to:
- Monitor all database activity, including SELECT transactions and privileged users’ activities, without causing performance degradation
- Securely store the database activity outside the monitored database
- Create alerts whenever policy breaches are identified
- Aggregate and correlate database activities from multiple database management systems
- Implement separation of responsibilities of database administrators, control the administrators’ activities and prevent the tampering of recorded events or logs
