Definition - What does Database Activity Monitoring (DAM) mean?
Database activity monitoring (DAM) is the process of observing, identifying and reporting a database's activities. Database activity monitoring tools use real-time security technology to monitor and analyze configured activities independently and without relying on the DBMS auditing or logs.
These tools also help in detecting unusual and unauthorized, internal or external activities while still gauging the effectiveness of security tools and policies in place. In so doing, system administrators are able to improve the prevention and protection of sensitive data from intruders.
Database activity monitoring tools are implemented as standalone configurations or as software modules loaded on the database servers. Either way, they provide real-time monitoring and data security by capturing, keeping logs, analyzing and alerting on policy violations without interfering with the systems’ performance.
Database activity monitoring is done by combining several techniques such as network sniffing, memory scraping and reading system tables and database audit logs. Regardless of the methods used, DAM tools enable data correlation so as to provide an accurate picture of all the activities in the database.
These tools also allow relevant authorities to detect, identify and take corrective measures against threats and attacks, and provide forensic evidence when a data breach occurs. Depending on the configuration of the DAM tools, an administrator or auditor may be able to reconstruct data or restore it to a previous state.
Database activity monitoring tools capture and record all SQL activities in near real time. There are several tools available, with varying levels of activity monitoring. However, the five main features that distinguish DAM tools are their ability to:
Monitor and audit all database activity independently including SELECT transactions and privileged users’ activities, without performance degradation
Securely store the database activity outside the monitored database
Generate alerts whenever policy violations are detected
Aggregate and correlate database activities from multiple heterogeneous database management systems
Enforce separation of duties of database administrators, monitor the administrators’ activities and prevent the manipulation or tampering of recorded activities or logs
Database activity monitoring tools also enable operations monitoring, data protection and compliance control. They provide an insight on how data is viewed and by whom, including the administrator and across multiple platforms.