Effective database activity monitoring
- Author Shlomo Yariv
- Published February 4, 2011
- Word count 623
There are a number of reasons for organisations to deploy Database Activity Monitoring or DAM solutions, which can range anywhere from compliance to cover overall security.
DAM is a data centre technology, which monitors how the data that is stored in core databases and file servers is being accessed; it works on analyzing access behaviour to detect data breaches, if any; and takes action accordingly to mitigate them.
Various rules and regulations, compliance laws, etc also are increasingly forcing organisations to tighten their control over sensitive data they store, and have a verifiable audit trail that can be signed off, if required, by the appropriate organisational executives.
Database Activity Monitoring Architecture
Different DAM vendors have different ways of tracking activities in a database and therefore implementation of architecture is also slightly different.
A DAM with single appliance or single server architecture provides 1-to-1 mapping of a database server with a monitoring appliance; thus it acts both as a sensor and a collector of appropriate data. DAM with this configuration is good for a small database; however, for larger databases it might not be enough effective.
Then there is DAM with 2-tier architecture, consisting of a centralised management server; this server collects information from a set of remote sensors or collection points. With this architecture there is a better degree of system scalability.
DAM with hierarchical architecture builds further onto the 2-tier architecture; this system is best suited for larger organizations; these DAMs are capable of supporting a larger number of sensors and collectors, distributed across a large enterprise.
Advanced Database Activity Monitoring Techniques
The process through which all SQL traffic to a database is monitored is called Network monitoring. Network monitoring allows monitoring multiple databases simultaneously; all the commands that are sent across to databases under scrutiny, are kept track of. The activities of users that are logged directly into the server via a local console are not recorded. Performance of a database is not affected by network monitoring, as no overhead is placed over the database directly.
In remote monitoring, a SQL collector is placed on the database with administrative privileges; the native database auditing is also enabled. The collector aggregates all activity collected by the auditing tools. This type of monitoring imposes an overhead on the database as logging is enabled on the database server, causing it to work more. The advantage of remote monitoring is that all database activities are collected, including that of a user who is logged directly into the server.
One can install local agents on each database that is being monitored, but it is not necessary that they would be successful in detecting all database activity; it would depend on how these agents have been configured, and how much closer to the database they are allowed to sit.
The agents are not very favourites of conservative DBAs, as using agent would mean loading software directly on a database server, and thus would also impact database performance. The advantage of agents, on the other hand, is that they can detect all database activities with no dependence on the local native auditing tools; the adverse affect on performance of the database is by 27%. It is up to business to decide which course to take, after evaluating both pros and cons.
As a matter of fact, it is up to each organisation to decide as to which database activity monitoring solution architecture would fit their purpose, and if a compromise should be considered between performance and security.
We see more advanced DAM solutions increasingly moving into the sphere of the database as well as application monitoring. The monitoring software can monitor all actions done against a database in more effective manner, if there are correct hooks into client applications.
GreenSQL is a leading database security company which provide state of the art database security solutions. You may find more information about database activity monitoring at:http://articlebiz.com
There are no posted comments.
- Protect your files with drive image backup software
- How Cloud Management Values Change Your Business
- The U.S. Government and Zero Day Vulnerabilities
- Spyware – Yet Another Cyber Menace
- Reset lost passwords in Windows with Active@ Password Changer
- Antivirus measures you should know when your PC is infected with a virus
- Security Fit For Royalty!
- Global VPN Use Is Booming But So Is Cyber-Censorship
- Things to do to make your business, cyber secure
- The new European data protection system
- Avoiding Disaster: Make Website and Business Asset Backups Mandatory
- 12 Ways to Keep Your Data & Identity Safe Online
- Associate With Avast Support USA To Shield PC Against Viruses And Malware
- Microsoft Office Customer Service for Office Setup
- What is All-czech browser hijacker and how to remove it
- Methods to delete Web-start.org from computer and browser
- What is Odin ransomware, how to decrypt .odin files
- How to remove Loadstart browser hijacker
- How to remove Tech-connect.biz from Google Chrome and all other browsers
- How to remove Alma Locker ransomware virus
- How to remove SOEASYSVC adware from your browser
- How to get rid of SafeSurf virus
- How to remove Cryp1 virus and to restore the encrypted files
- What is Social2Search, and how it differs from other adware
- How to remove Hohosearch adware from computer and browser
- Browser Hijackers, the Methods Of their Action And the Ways to Remove Them
- 5 Website Security Issues You Should Be Aware Of?
- What is a denial of service attack?
- How to Remove VISUAL SHOPPER completely
- Just a few Thinkings In relation to File and Document Management Systems Protection