Database activity monitoring technology vs. SIEM tools

Ask the Expert

Database activity monitoring technology vs. SIEM tools

What is the difference between database activity monitoring and security information and event management (SIEM) tools? Is one a better choice than the other?

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
  • By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

  • Safe Harbor

As the name suggests, database activity monitoring (DAM) systems watch and record activity in a database and generate alerts for anything unusual. The objective is to mitigate insider misuse of databases, enforce separation of duties for database administrators (DBAs) and prevent certain types of external attacks (depending on a variety of complex factors).

In contrast, SIEM tools interface with existing logs from network devices and systems (log management), and also from a variety of supported products, such as antivirus, intrusion detection (IDS)/intrusion prevention (IPS) systems, ERP applications and databases, thus providing a much larger picture.

So whether you choose one over the other depends on your objective: If you wish to monitor specific databases, a database activity monitoring system is the best choice; if you are after all-encompassing monitoring, then a SIEM product is what you need.

Regardless, beware the cost and time overheads associated with monitoring systems. Historically, many organizations have underestimated how much effort is required to implement and run an IDS or IPS system, and a SIEM tool will require considerably more resources to be genuinely useful. The larger the system, the more complex and expensive to operate, which means SIEM tools are a bit more labour-intensive than database activity monitoring systems. But, that's not to diminish the time and effort involved in operating a DAM system, either. So in short, be sure to weigh your organisation's needs against the time, effort and cost needed to properly apply the "solution" you choose.

This was first published in May 2010


COMMENTS powered by Disqus  //  Commenting policy