COLUMN

Database activity monitoring lacks security lift

By Eric Ogren 10 Dec 2009 | SearchSecurity.co.UK Security UK News Digg This!     StumbleUpon     Del.icio.us

The IBM acquisition of Guardium Inc., a privately-held database activity monitoring (DAM) vendor, is far from a validation statement of DAM as a viable security market segment.

Vendors including Embarcadero Technologies Inc., IPLocks (acquired by Fortinet Inc.), Lumigent Technologies Inc., Symantec Corp. and Tizor Systems Inc. (acquired by Netezza Corp.), have already given up on the DAM space, leaving companies such as Application Security Inc., Imperva Inc., Secerno Inc. and Sentrigo Inc. fighting to divvy up a total annual market of well less than $100 million. The IBM acquisition of Guardium helps the company gain information management technology and a capability to drive professional service revenues in the data center.

While the database activity monitoring segment has been hyped, it is a functionality that has only a marginal impact on data security and ultimately should be supplied by the database vendors to make it easy for IT to audit activity. Imperva Inc., a Guardium competitor, commissioned a research survey asking respondents to select technologies that enable PCI DSS compliance and then to rate the relative cost effectiveness with respect to achieving PCI DSS compliance.

According to the report, only 18% considered database scanning and monitoring highly cost effective for PCI DSS compliance -- ranking 15 out of 18 security technologies surveyed. In fact, almost half (49%) gave DAM a low rating for cost effectiveness in enabling PCI DSS compliance. Database activity monitoring had its roots in inspection of SQL traffic for indications of data loss. However, most database access is through an application path which has its own security mechanisms. There are other ways of looking at this acquisition other than an endorsement of DAM features.

IBM security acquisitions drive service revenues. IBM's most recent security acquisitions, Consul Risk Management Inc., Datapower, Internet Security Systems, Ounce Labs Inc. and Watchfire Corp., generate data that can be used by IBM consultants in business context and eventually can be integrated into core IBM products. Guardium helps discover databases and profiles, identify troublesome connection requests and anomalous usage patterns that can add technical controls that enhance IBM's information management business.

Sometimes industry analysts and the trade press get it wrong. The DAM market was hyped well ahead of actual customer requirements and well beyond the track record of early entrants to the space. The requirements shifted from appliances augmenting IBM DB2, Microsoft SQL Server and Oracle auditing to software agents enforcing tight controls over privileged operators. While there are useful security features, for the most part the market definition and expectations set by analysts did not match the reality of the enterprise IT.

Security technology needs to evolve into the infrastructure to be effective and efficient. New security concepts are often necessarily layered on existing infrastructures to lessen side-effects on applications while the security technology and administration procedures mature. However, over time selective capabilities such as database activity monitoring should be assimilated into database systems and application designs to improve performance and reduce overhead costs.

The acquisition of Guardium by the information management practice at IBM is a good move for both companies. The timing is right as Guardium would be challenged to grow to the next level and IBM can solve customer problems within an IBM-based data center. This move by IBM and the recent Fortinet IPO are terrific news for security entrepreneurs looking forward to a profitable exit. Imperva has an interesting and comprehensive approach to application and information security, but it now has to wonder if it is the last vendor standing when the DAM music ends.

Tags: Database Security Tools and Techniques,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Database Security Tools and Techniques Multifunction security device safeguards SOA, streamlines company's infrastructure Safend expands data leakage prevention product to plug more gaps How to prevent memory dump attacks Report: Firms avoid encrypting backup tapes, databases Cryptography for the rest of us Recent breaches show data theft prevention basics lacking Unpatched vulnerability discovered in Microsoft SQL Server How to use Excel for security log data analysis SQL injection continues to trouble firms, lead to breaches Monitoring program data and internal controls for risk management

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary