DLP-DAM Convergence: Duh!

A DAM solution that can't identify sensitive content should get cut from your short list

Dark Reading Staff, Dark Reading

February 8, 2008

2 Min Read

4:28 PM -- In a recent article, analysts talk about how database activity monitoring (DAM) and data leakage prevention (DLP) are focused on security data, but that DAM needs to develop content awareness -- possibly leading to acquisitions of DAM vendors by larger vendors with DLP technology.

But the analysts’ views here are outdated. Most DAM vendors, like Guardium, Imperva, Application Security Inc., and Crossroads, have been around for a couple of years and have reached a level of maturity where they monitor not only database activity, but also the leakage of sensitive information. Approximately half of the vendors in the DAM market also have the capability of blocking leakage much like DLP solutions do.

A year ago when I reviewed DAM solutions, there wasn’t a common name for them. Some people referred to them as database monitoring solutions, database leakage protection, and database extrusion prevention. I liked the last term and stuck with it when reviewing five available solutions at the time. Each one took a similar approach of monitoring database activity -- by watching the database traffic on the network. Some of the DAM solutions included software that ran on the database server to provide a view into activity generated by the local database administrator.

The one thing that all the solutions had (except for one) was monitoring for sensitive data. They had the capability of identifying Social Security numbers and credit card numbers as they were transmitted over the wire. I’m of the mindset that if a DAM solution doesn’t have the capability to identify sensitive content, then you should mark it off your short list. It’s just one of those core features that makes a DAM solution worth having. Even if SSNs and CCs aren’t a concern for companies, most of the solutions allow administrators to define patterns to look for, notify, or block when seen.

– John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights