Database Activity Monitor (DAM)
Database activity monitoring (DAM) is the process of observing, identifying and reporting a database’s activities. Database activity monitoring tools use real-time security technology to monitor and analyze configured activities independently and without relying on the DBMS auditing or logs.
These tools also help in detecting unusual and unauthorized, internal or external activities while still gauging the effectiveness of security tools and policies in place. In so doing, system administrators are able to improve the prevention and protection of sensitive data from intruders. Database activity monitoring tools are implemented as standalone configurations or as software modules loaded on the database servers. Either way, they provide real-time monitoring and data security by capturing, keeping logs, analyzing and alerting on policy violations without interfering with the systems’ performance.
Database activity monitoring is done by combining several techniques such as network sniffing, memory scraping and reading system tables and database audit logs. Regardless of the methods used, DAM tools enable data correlation so as to provide an accurate picture of all the activities in the database. These tools also allow relevant authorities to detect, identify and take corrective measures against threats and attacks, and provide forensic evidence when a data breach occurs. Depending on the configuration of the DAM tools, an administrator or auditor may be able to reconstruct data or restore it to a previous state.
Database activity monitoring tools also enable operations monitoring, data masking, data protection and compliance control. They provide an insight on how data is viewed and by whom, including the administrator and across multiple platforms.