Dynamic data activity monitoring, usually abbreviated as DAM refers to a database security technology purposed for monitoring and analyzing database activity that operate independent of the database management system (DBMS) and does not depend on any form of native (DBMS-resident) auditing or native logs such as trace or transaction logs.
Database activity monitors captures and records database events, which at a minimum includes all Structured Query Language (SQL) activity, in near real-time, including database administrator activity, across multiple database platforms and generates alerts on policy violations. What does this imply? DAM is the only tool that sees everything that takes place within your database. This means every action by an application, user or administrator can be collected, analyzed and can prompt a reaction if the query violated a policy.
Database activity monitor monitors all activity on the database and provides alerts and reports on that activity. Every time an admin logs in to the database, every activity is recorded. As a matter of fact, suppose the admin does not log in, that too is reported, so you are able to identify people with permissions who aren’t using them. Depending on the product you use and the configuration, you will get different types of reports and alerts.
One of the most crucial elements of Dynamic data masking activity monitor is that the data about database use is stored outside the database it is monitoring, hence, the people who are being monitored cannot tamper with the data. Another crucial element is the ability to send real-time alerts, so that as soon as a violation of policy is detected, it can be handled immediately.
In most of the product descriptions available in the market, you are likely to find that dynamic data firewall vendors say that DAM will detect and protect against threats to your dynamic data. In many cases, what that means is that you receive reports or alerts about activity that has already occurred, and you can take action to handle the incident. For example, you might find out someone has copied the entire database to a hard drive, by successfully executing a backup command, and then you can investigate and take away admin privileges from that individual.
It sounds like a great experience, save for the fact that data leak already took place. Preventive measures would have denied the ability to copy the database in real-time.