other leading DB Activity Monitoring products

sunhux
sunhux used Ask the Experts™
on
Besides Imperva, what are the other leading DB Activity Monitoring products that are known to
a) have least performance load on the DB/system
b) could track unusual amount of data being queried
c) could do granular control (ie ACL) of what DBAs could query
d) supports Oracle, MS SQL & MySQL databases
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
>b) could track unusual amount of data being queried
Say, we can set a threshold of the # of records being queried & if a
table containing sensitive info (eg: NRIC/social security number is
being queried), it will alert us (via email or SIEM)

ideally the cost per DB to implement is less than US$70k
AntzsInfrastructure Services
Commented:
Once you have tried Impreva SecureSphere, I dont think there are other solutions which can replace it at a lower cost.  

My company was also looking for a DAM solution last year, and we also narrowed down and evaluated Impreva.  But due to the cost, it was just not justifiable.  We will try again this year...

You can have a read at this DAM-Whitepaper-final.pdf.  It may give you some idea about which other software to try out.  

If cost is the only concern, I think it should be possible to talk to Impreva and see how they can sell you certain module or maybe run their software in a VM or something to lower down the TCO.

Author

Commented:
Truly budget has been cut
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
A low-cost, easy to implement/use (even if it's not that secure) is good enough to satisfy audit requirement:
basically merely to meet audit.  

Just browsed that SANs whitepaper.

So which of the other products  Guardium, Secerno, Sentrigo, Tizor will be under US$35k (yes, budget has
just been cut) & easy to implement/use ?
AntzsInfrastructure Services

Commented:
Since cost is the main concern, I dont think any of the products listed in the SANs whitepaper would fit into your budget.  

For something which will fit into your budget, you would probably need to look at something like the below.  But it still depends on your audit requirement, if this will satisfy what they want.

https://www.manageengine.com/products/eventlog/database-auditing.html?index

https://www.solarwinds.com/log-event-manager-software
Exec Consultant
Distinguished Expert 2018
Commented:
With such requirement, I doubt you can comply with a lack of budget support. The DAM using SecureSphere or Guardium are still candidate worth to invest as your scope of capabilities will be more and not less and why other SIEMS cannot fully handle it as replacement is because they do not have granular check on database specific queries - a true DAM does that.

The monitoring is based on Network Based (i.e. Network Sniffing) or Agent Based. And that itself will differs based on performance impact. The figures comes from vendor and they will be able to show the evidence test conducted. There will be impact but compared to the risk subjected, it is supposed to be acceptable and depending on how robust you will want to monitor and check each and every queries.

You will need to baseline what is normal for various user types (Queries and query types, Normal working hours, Size of typical data returned) and look for anomalies from the baseline (Failed access attempts, Volume of queries, Unusual queries compared to what is typically used)

Thought may be worthy to strategise how you going to get buy in from management on deploying DAM (not just for compliance solely).Look at your overall security program and see where this fits in Risks addressed and Resources required (time, money, people…)

Anticipate the concerns of the various stakeholders as you be dealing with typically the most critical databases in the organization. So plan for multiple stages by starting with minimal risk to performance and stability (i.e. basic monitoring), and progress to more enhanced monitoring as the teams become more confident

Consider the "selling" point such as features that benefit them like Virtual patching, blocking apps from using inefficient queries, data classification, server discovery, etc. Adopt a risk measured approach by having a hierarchical approach to server monitoring in term of Sites, Server Groups, Services and identify sensitive tables and columns and “Table Groups” are global objects used to define what is sensitive.

These help to stay focus and not impact performance as much and create the monitoring policies and filtering to capture what you need. Importantly, determine what you will do with the data and the forms you will need it in.

You can see the implementation is non-trivial so it is better to invest time and budget to get a proper solution so that you can focus on the design and deployment aspects.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial