Over the past five years we have seen major changes in both the threats we face online, and the regulatory compliance

landscape we do business in. Both the bad guys and the regulators are now focused on our data, not just our networks.

We see breach disclosures and the regulations meant to protect them growing every year, with no end in sight. But managing this risk is more complicated than simply dropping in a firewall or installing antivirus software. Our applications and databases run in complex environments with numerous dependencies and business requirements. While we want to protect our information, we need to do it in a way that doesn’t materially interfere with doing business. To balance these needs we see new technologies arise, one of the most significant of which is Database Activity Monitoring (DAM). With an estimated market size of $40M in 2006, and approximately $60M to $80M in 2007, Database Activity Monitoring rivals Data Loss Prevention in terms of market size. DAM tools provide powerful, immediate, non-intrusive benefits for security and compliance, and a long-term platform for comprehensive protection of databases and applications.  DAM is an adolescent technology with significant security and compliance benefits. The market is currently dominated by startups, but we've seen large vendors starting to enter this space, although these products are generally not as competitive as those from smaller vendors. Database Activity Monitoring tools are also sometimes called Database Auditing and Compliance, or variations on Database Security.

Database Activity Monitors capture and record, at a minimum, all Structured Query Language (SQL) activity in real time or near real time, including database administrator activity, across multiple database platforms; and can generate alerts on policy violations. While a number of tools can monitor various level of database activity, Database Activity Monitors are distinguished by five features:

1. The ability to independently monitor and audit all database activity, including administrator activity and SELECT transactions. Tools can record all SQL transactions: DML, DDL, DCL, (and sometimes TCL) activity.

2. The ability to store this activity securely outside the database.

3. The ability to aggregate and correlate activity from multiple heterogeneous Database Management Systems (DBMSs). Tools can work with multiple DBMSs (e.g., Oracle, Microsoft, IBM) and normalize transactions from different DBMSs despite differences between SQL flavors.

4. The ability to enforce separation of duties on database administrators. Auditing must include monitoring of DBA activity, and solutions should prevent DBA manipulation or tampering with logs or recorded activity.

5. The ability to generate alerts on policy violations. Tools don't just record activity, they provide real-time monitoring and rule-based alerting. For example, you might create a rule that generates an alert every time a DBA performs a select query on a credit card column which returns more than 5 results.

To download this entire white paper, please register to the right.