As the name suggests, database activity monitoring (DAM) systems watch and record activity in a database and generate...
alerts for anything unusual. The objective is to mitigate insider misuse of databases, enforce separation of duties for database administrators (DBAs) and prevent certain types of external attacks (depending on a variety of complex factors).
In contrast, SIEM tools interface with existing logs from network devices and systems (log management), and also from a variety of supported products, such as antivirus, intrusion detection (IDS)/intrusion prevention (IPS) systems, ERP applications and databases, thus providing a much larger picture.
So whether you choose one over the other depends on your objective: If you wish to monitor specific databases, a database activity monitoring system is the best choice; if you are after all-encompassing monitoring, then a SIEM product is what you need.
Regardless, beware the cost and time overheads associated with monitoring systems. Historically, many organizations have underestimated how much effort is required to implement and run an IDS or IPS system, and a SIEM tool will require considerably more resources to be genuinely useful. The larger the system, the more complex and expensive to operate, which means SIEM tools are a bit more labour-intensive than database activity monitoring systems. But, that's not to diminish the time and effort involved in operating a DAM system, either. So in short, be sure to weigh your organisation's needs against the time, effort and cost needed to properly apply the "solution" you choose.
Related Q&A from Peter Wood, network security
When sensitive documents are frequently travelling back and forth between a company and its business partners, email security becomes very important....continue reading
There are a few different ways to approach mobile encryption. In this expert response, Peter Wood discusses the pros and cons of different mobile ...continue reading
In this expert response, Peter Wood outlines some alternatives to NAC systems, and explains why, sometimes, NAC systems really are the best choice.continue reading