Effective database activity monitoring
Computers & Technology → Site Security
- Author Shlomo Yariv
- Published February 4, 2011
- Word count 623
There are a number of reasons for organisations to deploy Database Activity Monitoring or DAM solutions, which can range anywhere from compliance to cover overall security.
DAM is a data centre technology, which monitors how the data that is stored in core databases and file servers is being accessed; it works on analyzing access behaviour to detect data breaches, if any; and takes action accordingly to mitigate them.
Various rules and regulations, compliance laws, etc also are increasingly forcing organisations to tighten their control over sensitive data they store, and have a verifiable audit trail that can be signed off, if required, by the appropriate organisational executives.
Database Activity Monitoring Architecture
Different DAM vendors have different ways of tracking activities in a database and therefore implementation of architecture is also slightly different.
A DAM with single appliance or single server architecture provides 1-to-1 mapping of a database server with a monitoring appliance; thus it acts both as a sensor and a collector of appropriate data. DAM with this configuration is good for a small database; however, for larger databases it might not be enough effective.
Then there is DAM with 2-tier architecture, consisting of a centralised management server; this server collects information from a set of remote sensors or collection points. With this architecture there is a better degree of system scalability.
DAM with hierarchical architecture builds further onto the 2-tier architecture; this system is best suited for larger organizations; these DAMs are capable of supporting a larger number of sensors and collectors, distributed across a large enterprise.
Advanced Database Activity Monitoring Techniques
The process through which all SQL traffic to a database is monitored is called Network monitoring. Network monitoring allows monitoring multiple databases simultaneously; all the commands that are sent across to databases under scrutiny, are kept track of. The activities of users that are logged directly into the server via a local console are not recorded. Performance of a database is not affected by network monitoring, as no overhead is placed over the database directly.
In remote monitoring, a SQL collector is placed on the database with administrative privileges; the native database auditing is also enabled. The collector aggregates all activity collected by the auditing tools. This type of monitoring imposes an overhead on the database as logging is enabled on the database server, causing it to work more. The advantage of remote monitoring is that all database activities are collected, including that of a user who is logged directly into the server.
One can install local agents on each database that is being monitored, but it is not necessary that they would be successful in detecting all database activity; it would depend on how these agents have been configured, and how much closer to the database they are allowed to sit.
The agents are not very favourites of conservative DBAs, as using agent would mean loading software directly on a database server, and thus would also impact database performance. The advantage of agents, on the other hand, is that they can detect all database activities with no dependence on the local native auditing tools; the adverse affect on performance of the database is by 27%. It is up to business to decide which course to take, after evaluating both pros and cons.
As a matter of fact, it is up to each organisation to decide as to which database activity monitoring solution architecture would fit their purpose, and if a compromise should be considered between performance and security.
We see more advanced DAM solutions increasingly moving into the sphere of the database as well as application monitoring. The monitoring software can monitor all actions done against a database in more effective manner, if there are correct hooks into client applications.
GreenSQL is a leading database security company which provide state of the art database security solutions. You may find more information about database activity monitoring at:
http://www.greensql.com/solutions/uds-unified-db-security/dam-database-activity-monitoring
Article source: https://articlebiz.comRate article
Article comments
There are no posted comments.
Related articles
- A Brief Guide: The A-Z of Tailgating Attacks
- Essential Tips for Proofreading and Editing University Assignments
- Stop the Bleeding
- Top 10 Digital Forensics Tools: An In-Depth Exploration
- All You Need To Know To Secure Your Data From Phishing
- Crypto Security Guide: Everything You Need to Know to Protect Your Crypto
- Advancing Email Validation in Laravel
- Fortifying the Digital Fortress: Understanding the Foundations of Cybersecurity Architecture
- How is GenAI Changing Cybersecurity?
- AI-Enhanced Cybersecurity Trends for 2024
- The Game of Trust: A Guide to the Future of KYC in Gaming
- AI in Cybersecurity: The New Frontier in Digital Protection
- Metadata: The Attorney’s Secret Weapon in Civil Litigation
- The importance of cyber security
- 5 Reasons to Comply with CMMC
- Payless CCTV Security Camera
- How Bitdefender Protect From Pegasus Spyware
- Printer Security? Here Are 6 Tips To Keep Your Business Safe
- Why it is important to install Access control system at your business
- Powerful Keyloggers for Windows
- Website security check: Tips on how to protect your website from hackers
- How will cyber threats evolve in 2020?
- When to choose red teaming over penetration testing: A guide to a robust cybersecurity program
- Protect your files with drive image backup software
- How Cloud Management Values Change Your Business
- The U.S. Government and Zero Day Vulnerabilities
- Spyware – Yet Another Cyber Menace
- Reset lost passwords in Windows with Active@ Password Changer
- Antivirus measures you should know when your PC is infected with a virus
- Security Fit For Royalty!