The DAM (Database Activity Monitoring) solution is developed to provide automated monitoring and auditing of activities with databases and business applications. The system allows a company to track all the user requests to a database comprising sensitive data, get alerted to the different types of requests, to how much data is exported and what the file with the exported data contains, in order to detect downloading of confidential information and prevent a data breach.

Database Monitor identifies adding, removing or changing of information in a database 24/7 and informs about a suspicious user activity: uploading or exporting of big amount of data, unauthorised editing, attempts to download data the access to which is limited. The software conducts automated indexing of requests to a database and makes them available for search and analysis. There are various kinds of search in the system – by phrases, regular expressions, attributes, queries. They can be combined and the preciseness of entry data for searching can be tweaked. Database Monitor generates detailed reports in real time based on the collected information:

Security policies can also be configured in the system in order to ensure automated control of user requests to particular categories of sensitive data (for example, passport or payroll, bank details) and certain events in a database (for example, a large amount of requests from one user).

Database Monitor identifies with the help of which applications users send requests to databases. This allows a company to see the whole picture of employee operations on corporate storages and detect the database load. Besides, the function facilitates discovery of spyware in the corporate network which can connect to databases. Privileged users can be monitored as well – system administrators who access databases directly are controlled. Database Monitor makes sure that DBMS functions accurately – it creates a report on the speed of request processing and errors during their execution.

The solution can be integrated with other information security and risk management systems, including DLP, file auditing, SIEM. When using Database Monitor together with SearchInform products a specialist can control security events at each level of IT infrastructure within one interface. This ensures a complex approach to data protection in databases: allows you to investigate incidents easily and gather evidence.

“DAM solutions are needed to detect anomalous events in databases promptly. We went further and added investigating functions to the monitoring in order to fully protect databases from insider threats. Any request to databases can be found manually or automatically in Database Monitor: by phrase, by user, by computer or IP address from which it was sent. The same way the system analyses which information a database sends in response and allows to search by the content of the responses. For example, the cases when passport numbers are exported from a database can be found with the help of the search by a typical sequence of digits – thanks to this a customer can control all the dangerous events whether it is an export of confidential data or a large amount of requests from one user. The system will save all the details and alert to the possible incident,” comments Alexey Parfentiev, leading analyst at SearchInform.