Q: What is database activity monitoring (DAM)?
A:  Database activity monitoring discovers and classifies unencrypted data; monitors and logs access to data; detects and alerts (and sometimes blocks) suspicious and unauthorized data access; and catches the transmission of unencrypted core data.

Q: What is the relationship between DAM and data encryption?
A: DAM is complementary to encryption. DAM can be used when encryption is too difficult to implement or not possible. It can be used as a compensation control for encryption for regulatory compliance. It can also enhance the effectiveness encryption.

Q: What does data discovery have to do with encryption?
A: Data discovery makes is easier to deploy data encryption by identifying targeted unencrypted data as it is being accessed by users. It also provides intelligence on how data is being used—to aid in identifying data that requires encryption.

Q: How can DAM be used as a compensating control for encryption?
A: DAM creates a logical protection layer between users and stored data. By monitoring access based on users, commands, data fields, amount of data retrieved, etc, DAM provides visibility into how data is being retrieved/used or changed. It detects anomalies (such as potential data theft) in real-time so that the appropriate action can be taken to protect data.

Q: What are some examples of DAM plus encryption usage?
A: Here are a few examples of the synergy between DAM and encryption:

• Acceleration of data encryption can be achieved by using data discovery to find and classify unencrypted data—helps identify data for encryption
• With DAM plus encryption, data security can be extended to authorized users who have the keys needed to decrypt
• DAM can detect core data leakage. It “sees” unencrypted data leaving the core data servers—a test of whether encryption had been applied where it is needed.

Q: What is the value of DAM? How does DAM enhance encryption?
A: DAM can provide a substitute for encryption to comply with PCI 3, it can also extend, enhance and improve the effectiveness of encryption by “discovering” data for encryption and ensuring that encryption is up-to-date in terms of data/databases covered. DAM also extends data security to unencrypted data and authorized users by providing a real-time window into how and by whom data is being accessed and detecting suspicious and unauthorized activity with data. DAM is highly effective at detecting insider threats and is very easy to deploy and use—requiring no changes to databases or other applications.


Q: What are the drawbacks of using data encryption?
A: Field-level encryption within databases and file servers is difficult to implement. Common challenges include: invasive changes to the transactional integrity, potential changes to indexing and keys, performance impact, operational issues tied to management of keys, inability to encrypt large batch updates, inserts in real-time and inability to offer encryption seamlessly across applications

Q: What are the compensating control clauses in PCI?
A: PCI 3 calls for encryption to be used to render cardholder data unreadable to anyone who is not authorized. In appendix B, PCI 1.1 defines data auditing as a compensating control for data encryption. Also see DSS 1.1, clause 3.4 vs. Compensating Control in appendix. These are the four clauses of the compensating control for data-level encryption:

1. Provide additional segmentation/abstraction (for example, at the network layer
2. Provide ability to restrict access to cardholder data or databases based on the following criteria: IP address/Mac address, application/service, user accounts/groups, data type (packet filtering)
3. Restrict logical access to the database, independent of Active Directory or Lightweight Directory Access Protocol (LDAP)
4. Prevent/detect common application or database attacks