Q

Database activity monitoring technology vs. SIEM tools

In this expert response, Peter Wood explains the difference between database activity monitoring systems and security information and event management (SIEM) tools.

What is the difference between database activity monitoring and security information and event management (SIEM) tools? Is one a better choice than the other?

As the name suggests, database activity monitoring (DAM) systems watch and record activity in a database and generate alerts for anything unusual. The objective is to mitigate insider misuse of databases, enforce separation of duties for database administrators (DBAs) and prevent certain types of external attacks (depending on a variety of complex factors).

In contrast, SIEM tools interface with existing logs from network devices and systems (log management), and also from a variety of supported products, such as antivirus, intrusion detection (IDS)/intrusion prevention (IPS) systems, ERP applications and databases, thus providing a much larger picture.

So whether you choose one over the other depends on your objective: If you wish to monitor specific databases, a database activity monitoring system is the best choice; if you are after all-encompassing monitoring, then a SIEM product is what you need.

Regardless, beware the cost and time overheads associated with monitoring systems. Historically, many organizations have underestimated how much effort is required to implement and run an IDS or IPS system, and a SIEM tool will require considerably more resources to be genuinely useful. The larger the system, the more complex and expensive to operate, which means SIEM tools are a bit more labour-intensive than database activity monitoring systems. But, that's not to diminish the time and effort involved in operating a DAM system, either. So in short, be sure to weigh your organisation's needs against the time, effort and cost needed to properly apply the "solution" you choose.

This was last published in May 2010

Read more on Application security and coding requirements

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close