Techopedia Explains Database Activity Monitoring (DAM)
Database activity monitoring tools are implemented as standalone configurations or as software modules loaded on the database servers. Either way, they provide real-time monitoring and data security by capturing, keeping logs, analyzing and alerting on policy violations without interfering with the systems’ performance.
Database activity monitoring is done by combining several techniques such as network sniffing, memory scraping and reading system tables and database audit logs. Regardless of the methods used, DAM tools enable data correlation so as to provide an accurate picture of all the activities in the database.
These tools also allow relevant authorities to detect, identify and take corrective measures against threats and attacks, and provide forensic evidence when a data breach occurs. Depending on the configuration of the DAM tools, an administrator or auditor may be able to reconstruct data or restore it to a previous state.
Database activity monitoring tools capture and record all SQL activities in near real time. There are several tools available, with varying levels of activity monitoring. However, the five main features that distinguish DAM tools are their ability to:
- Monitor and audit all database activity independently including SELECT transactions and privileged users’ activities, without performance degradation
- Securely store the database activity outside the monitored database
- Generate alerts whenever policy violations are detected
- Aggregate and correlate database activities from multiple heterogeneous database management systems
- Enforce separation of duties of database administrators, monitor the administrators’ activities and prevent the manipulation or tampering of recorded activities or logs
Database activity monitoring tools also enable operations monitoring, data protection and compliance control. They provide an insight on how data is viewed and by whom, including the administrator and across multiple platforms.