Database activity monitoring (DAM) is the observation of actions in a database. DAM tools monitor, capture and record database events in near-real time and provide alerts about policy violations.
Database activity monitoring can be accomplished through a combination of several methods, including network sniffing, reading of database audit logs and/or system tables and memory scraping. Regardless of the methodology chosen, the data must be correlated in order to detect and get a more accurate picture of what's going on within the database. Vendor DAM tools can help simplify that correlation and provide the administrator with the ability to detect attacks as well as provide forensic evidence in the case of an actual data breach.
DAM product features are designed to enable compliance controls as well as provide operations monitoring and data protection. Unlike simple audit tools that help a database administrator see what data has been changed, DAM software products seek to provide administrators with insight across multiple platforms into how data is viewed and who is viewing it, including administrators. The goal is to differentiate between normal operations and an attack.
Adrian Lance discusses how enterprises and organizations can use database security tools for data security and monitoring.