Gartner Research

Enhancing Compliance and Audit with Database Activity Monitoring

Published: 30 January 2009

ID: G00203652

Analyst(s): Trent Henry

Summary

Databases are under attack by both internal and external threats and are under deep scrutiny by auditors. However, database protection is frequently found to be inadequate in the face of continuing information breaches and compliance mandates. The result is increased interest in database activity monitoring (DAM) solutions. In this report, Burton Group Analyst Trent Henry explains how these technologies have improved over time as the vendor landscape continues to evolve.

Table Of Contents

Summary of Findings

Analysis

  • Drivers
  • Evolving Architecture
  • Solution Capabilities
    • Event Management
    • Policy Creation and Management
    • Behavioral Analysis
    • Knowledgebase (Attacks and Policy Violations)
    • Alerts and Actions (Blocking)
    • Reporting
    • Database and Data Discovery
    • User Identification
    • Other Security “Suite” Elements: Vulnerability Scanning, Hardening, and Virtual Patching
  • Market Impact
    • Vendor Landscape
    • Segments
    • Market Dynamics
  • Customer Perspectives
    • Involve Database Team
    • DBMS Platform Tools Aren't Necessarily Homogeneous
    • Database Consolidation Hampers PCI Zoning
    • Discovery Is Important
    • Can't Ignore the Mainframe
    • Passive Monitoring for the Time Being
  • Recommendations
    • Follow a Prudent Project Path
    • Prepare for a Blended Deployment
    • Do the Testing, but with a Grain of Salt
    • Use At-Rest Discovery, but Understand Limitations
    • Press for Change Control Features
    • Collaborate with Application Architects and DBAs

The Details

  • Vendor Solutions
    • Database Platform Vendors
    • DAM Vendors
    • Others

Conclusion

©2019 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.