other leading DB Activity Monitoring products

Besides Imperva, what are the other leading DB Activity Monitoring products that are known to
a) have least performance load on the DB/system
b) could track unusual amount of data being queried
c) could do granular control (ie ACL) of what DBAs could query
d) supports Oracle, MS SQL & MySQL databases
sunhuxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sunhuxAuthor Commented:
>b) could track unusual amount of data being queried
Say, we can set a threshold of the # of records being queried & if a
table containing sensitive info (eg: NRIC/social security number is
being queried), it will alert us (via email or SIEM)

ideally the cost per DB to implement is less than US$70k
AntzsInfrastructure ServicesCommented:
Once you have tried Impreva SecureSphere, I dont think there are other solutions which can replace it at a lower cost.  

My company was also looking for a DAM solution last year, and we also narrowed down and evaluated Impreva.  But due to the cost, it was just not justifiable.  We will try again this year...

You can have a read at this DAM-Whitepaper-final.pdf.  It may give you some idea about which other software to try out.  

If cost is the only concern, I think it should be possible to talk to Impreva and see how they can sell you certain module or maybe run their software in a VM or something to lower down the TCO.
sunhuxAuthor Commented:
Truly budget has been cut
10 Holiday Gifts Perfect for Your Favorite Geeks

Still have some holiday shopping to do for the geeks in your life? While toys, clothing, games, and gift cards are still viable options for your friends and family, there’s more reason than ever to consider gadgets and software.

sunhuxAuthor Commented:
A low-cost, easy to implement/use (even if it's not that secure) is good enough to satisfy audit requirement:
basically merely to meet audit.  

Just browsed that SANs whitepaper.

So which of the other products  Guardium, Secerno, Sentrigo, Tizor will be under US$35k (yes, budget has
just been cut) & easy to implement/use ?
AntzsInfrastructure ServicesCommented:
Since cost is the main concern, I dont think any of the products listed in the SANs whitepaper would fit into your budget.  

For something which will fit into your budget, you would probably need to look at something like the below.  But it still depends on your audit requirement, if this will satisfy what they want.

https://www.manageengine.com/products/eventlog/database-auditing.html?index

https://www.solarwinds.com/log-event-manager-software
btanExec ConsultantCommented:
With such requirement, I doubt you can comply with a lack of budget support. The DAM using SecureSphere or Guardium are still candidate worth to invest as your scope of capabilities will be more and not less and why other SIEMS cannot fully handle it as replacement is because they do not have granular check on database specific queries - a true DAM does that.

The monitoring is based on Network Based (i.e. Network Sniffing) or Agent Based. And that itself will differs based on performance impact. The figures comes from vendor and they will be able to show the evidence test conducted. There will be impact but compared to the risk subjected, it is supposed to be acceptable and depending on how robust you will want to monitor and check each and every queries.

You will need to baseline what is normal for various user types (Queries and query types, Normal working hours, Size of typical data returned) and look for anomalies from the baseline (Failed access attempts, Volume of queries, Unusual queries compared to what is typically used)

Thought may be worthy to strategise how you going to get buy in from management on deploying DAM (not just for compliance solely).Look at your overall security program and see where this fits in Risks addressed and Resources required (time, money, people…)

Anticipate the concerns of the various stakeholders as you be dealing with typically the most critical databases in the organization. So plan for multiple stages by starting with minimal risk to performance and stability (i.e. basic monitoring), and progress to more enhanced monitoring as the teams become more confident

Consider the "selling" point such as features that benefit them like Virtual patching, blocking apps from using inefficient queries, data classification, server discovery, etc. Adopt a risk measured approach by having a hierarchical approach to server monitoring in term of Sites, Server Groups, Services and identify sensitive tables and columns and “Table Groups” are global objects used to define what is sensitive.

These help to stay focus and not impact performance as much and create the monitoring policies and filtering to capture what you need. Importantly, determine what you will do with the data and the forms you will need it in.

You can see the implementation is non-trivial so it is better to invest time and budget to get a proper solution so that you can focus on the design and deployment aspects.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Databases

From novice to tech pro — start learning today.