Guardium has joined forces with a number of log and security information and event management vendors to improve visibility and analysis into security events.
Guardium, which specializes in DAM (database activity monitoring), has integrated its technology with products from CA, Cisco Systems, ArcSight, LogLogic and EMC’s RSA security division.
The integration allows organizations to send information obtained from Guardium’s DAM product to security information and event management systems, combining information about database activities with data regarding network and IT infrastructure events from firewalls and other sources.
The approach is meant to help users of SIEM (security information and event management) products deal with the challenge of importing raw logs generated by internal DBMS utilities.
Officials at Guardium contend that DBMS utilities typically produce large amounts of unfiltered information or fail to capture critical activities, such as unauthorized or suspicious queries to sensitive information.
In addition, native utilities are unable to identify end-user fraud and other abuses that occur via multi-tier enterprise applications-such as Oracle e-Business Suite, PeopleSoft, SAP and Business Intelligence-rather than via direct access to the database, according to Guardium.
“Information-centric security is now a major theme within enterprises, and the ability to have visibility and reporting capabilities that tie enterprise information access with IT resource usage is becoming critical,” said Upesh Patel, vice president of business development for Guardium, in a statement.
“Our integration with the leading SIEM and log management platforms provides our customers the technology they need to safeguard their businesses and reduce the cost and effort of compliance.”
Guardium is not alone in its approach. NetForensics, for example, sells both database monitoring and security information management products. Forrester Research analyst Noel Yuhanna said integration between DAM and SIEM makes sense as organizations struggle with information security.
“Having information in one place for security is definitely very important, because you can relate audit and monitoring activities, and also implement policies, controls and procedures more easily and effectively,” he said.
“The goal is definitely to deal with information security more centrally…[and] monitor and audit activities across your organization, across any type of data, application and system, and also implement control, policies and procedures as well.”