DLP, DAM Share Common Data Security Objectives

Some security experts say database activity monitoring products could benefit from the content-aware capabilities of data leak prevention tools.

Database Activity Monitoring and Data Leak Prevention may have the same focus-securing data-but they operate in two different areas.

Still, it all comes down to data, and while that may not mean the two products will become one, DAM could benefit from the content-awareness of DLP (Data Leak Prevention) products, analysts said.

"Most every security monitoring technology would benefit from DLP content awareness, which is the ability to recognize sensitive content on the fly," said Paul Proctor, an analyst with Gartner. "DAM [Database Activity Monitoring] and DLP tools will not likely become one product because they have different buying centers and purpose, but DAM tools will likely become content-aware."

Being able to recognize sensitive data on the fly reduces the necessity of proactively tagging or classifying it, he explained. As a result, more granular and effective policies can be built to address sensitive data.

"For example, record the administrator's actions if the transaction involves SSNs or other privacy related data," Proctor said. "With current technology this is something that can only be done based on the definition and classification of the column or field. Content-aware technologies can catch sensitive data in a comment field, for example."

DLP tools use different data analysis techniques to monitor the use of sensitive content and enforce policies on data in motion, at rest and in use. The strength of DAM however is being able to watch administrator activity on the database and detect policy violations.

"DAM will definitely get content aware-in fact it's easier, because databases provide all sorts of structure and context you can't get off the network," said Ted Julian, vice president of marketing and director of strategy at Application Security. "One key thing to consider is exactly how this happens. If the customer is required to have deployed monitoring on the database in question for this to work, they'll miss stuff."