Database Activity Monitoring (DAM)
Definition - What does Database Activity Monitoring (DAM) mean?
These tools also help in detecting unusual and unauthorized, internal or external activities while still gauging the effectiveness of security tools and policies in place. In so doing, system administrators are able to improve the prevention and protection of sensitive data from intruders.
Techopedia explains Database Activity Monitoring (DAM)
Database activity monitoring is done by combining several techniques such as network sniffing, memory scraping and reading system tables and database audit logs. Regardless of the methods used, DAM tools enable data correlation so as to provide an accurate picture of all the activities in the database.
These tools also allow relevant authorities to detect, identify and take corrective measures against threats and attacks, and provide forensic evidence when a data breach occurs. Depending on the configuration of the DAM tools, an administrator or auditor may be able to reconstruct data or restore it to a previous state.
Database activity monitoring tools capture and record all SQL activities in near real time. There are several tools available, with varying levels of activity monitoring. However, the five main features that distinguish DAM tools are their ability to:
- Monitor and audit all database activity independently including SELECT transactions and privileged users’ activities, without performance degradation
- Securely store the database activity outside the monitored database
- Generate alerts whenever policy violations are detected
- Aggregate and correlate database activities from multiple heterogeneous database management systems
- Enforce separation of duties of database administrators, monitor the administrators’ activities and prevent the manipulation or tampering of recorded activities or logs