Database Activity Monitoring (DAM)
Another security layer of a more sophisticated nature includes real-time database activity monitoring, either by analyzing protocol traffic (SQL) over the network, or by observing local database activity on each server using software agents, or both. Use of agents or native logging is required to capture activities executed on the database server, which typically include the activities of the database administrator. Agents allow this information to be captured in a fashion that can not be disabled by the database administrator, who has the ability to disable or modify native audit logs.
Analysis can be performed to identify known exploits or policy breaches, or baselines can be captured over time to build a normal pattern used for detection of anomalous activity that could be indicative of intrusion. These systems can provide a comprehensive Database audit trail in addition to the intrusion detection mechanisms, and some systems can also provide protection by terminating user sessions and/or quarantining users demonstrating suspicious behavior. Some systems are designed to support separation of duties (SOD), which is a typical requirement of auditors. SOD requires that the database administrators who are typically monitored as part of the DAM, not be able to disable or alter the DAM functionality. This requires the DAM audit trail to be securely stored in a separate system not administered by the database administration group.
Read more about this topic: Database Security
Famous quotes containing the word activity:
“The mob is man voluntarily descending to the nature of the beast. Its fit hour of activity is night. Its actions are insane like its whole constitution. It persecutes a principle; it would whip a right; it would tar and feather justice, by inflicting fire and outrage upon the houses and persons of those who have these. It resembles the prank of boys, who run with fire-engines to put out the ruddy aurora streaming to the stars.”
—Ralph Waldo Emerson (1803–1882)