Security teams use database activity monitoring (DAM) to see what is happening with their critical data assets and to detect anomalies that can indicate misuse, theft, or tampering. As a process, DAM involves “observing, identifying, and reporting a database’s activities.” DAM can be done manually using spreadsheets and logs, but it’s a tedious, time-consuming effort primed for human error to miss something critical.
By applying a DAM technology solution, you can automatically access and monitor behavior information from multiple databases, reducing the potential for alert fatigue and human error. Some DAM solutions also deliver extended capabilities that assist with data compliance, classification, and closed-loop integration that can improve an organization’s overall data protection stance.
But before adding another tool to your security stack, it’s a good idea to ensure your data protection program and environment are ready and capable of advancing to the next level to maximize your solution investment.
When is it time for a DAM solution?
A proactive approach to data protection is ideal, with an organization evaluating DAM products before a problem needs resolution. But most organizations react to a failed audit or an auditor’s recommendation.
Organizations in heavily regulated industries, such as financial or healthcare, must comply with stringent industry requirements, which can be difficult without a DAM solution. Compliance mandates such as the Sarbanes-Oxley Act, PCI DSS, and HIPAA can trigger the need for data monitoring.
A more mature data security program is generally ready for the next steps, but maturity can also start with selecting a DAM solution.
Other organizations have complex database management systems (DBMs) that are difficult and time-consuming to monitor effectively, and a DAM solution simplifies and automates the process.
Setting the stage for success
Optimized DAM implementation improves maturity, takes less effort and time, increases efficiency, and lowers the risk of missed anomalies. There can also be gains in performance if DAM uncovers poor data hygiene practices in databases or other systems that can be fine-tuned. We’ve done hundreds of data monitoring implementations over the years, and we’ve learned that correctly setting the stage before installation can make a significant difference in the value gained.
Because stumbles out of the gate impact effectiveness and the overall protection delivered, Converge uses a preflight checklist developed through the lessons learned in helping our clients integrate DAM technology to ensure the project can be delivered on time and on budget.
The proper pre-planning gets you off the starting block smoothly, helping avoid challenges that come from lack of preparation:
- Discord between teams
- Lack of leadership buy-in
- Lack of trust in the solution, purpose, and outcome
- insufficient technical preparation
Preparing your environment for DAM
Knowing your environment and ensuring it’s correctly prepped to integrate with DAM technology is necessary for pre-planning. Where will the software be deployed? Where are the different ports that need to be opened on your firewall (port requirements)? Are hardware resources sufficient?
You can avoid the most common hurdles we see using this pre-implementation requirement checklist. Validating that you have the necessary resources to deploy a DAM solution, including appliances co-located with agents, is just as important as knowing what data you want to monitor.
And deciding what data to monitor is an essential part of the process because monitoring everything all the time creates too much data, overloading the process and your team. Know what’s important to monitor and what’s important not to monitor. Getting the full value from your DAM means knowing what needle you are looking for in the haystack, not creating stacks of needles.
Socialize your selected technology with stakeholders and reassure application owners and others about this project’s importance for data protection and the business’ overall security stance.
Step 1: Establish the project team
Input and participation from multiple groups in your organization will be necessary for success. Identify who should be on the project team, including your selected consultant, and hold a pre-engagement kickoff meeting to bring everyone to the table for resource planning and availability.
- Executive sponsor
- Project manager
- DAM solution administrator
- Database administrators
- System administrators
- Hypervisor administrator
- Virtual desktop administrator
- SIEM administrator
- Network administrator
- Cloud administrator
- IAM administrator
- Project manager
- DAM solution architect
- DAM solution engineer
- Data protection engineer
These teams are responsible for preparing the right VPN or remote access for implementation for a DAM implementation partner, defining the project timeline, identifying appropriate contacts for each area, and outlining security requirements (digital and physical) needed for your organization.
Step 2: Know your data
Gather detailed information about the databases and database hosts to be monitored. You must understand the DBMs and operating system types and versions to ensure the installation of the correct DAM agents.
Detailed essentials include parameters like:
- Type of database server
- Version of database servers
- Type of database server OS
- Version of database server OS
- TCP ports used for remote traffic
Step 3: Confirm network prerequisites
- Make sure that database hosts are segmented from administrator workstations and firewalls. If there are firewalls between network segments, additional port-open requests will need to be made.
- Review your current firewall policies for the appropriate port access between your DAM, database servers, and administrative workstations, and update if needed.
Step 4: Appliance prerequisites
- Assign static IP addresses for all anticipated appliances.
- Download the necessary images and license keys.
- Validate that your DAM software is current on patches and updates.
- Determine where to store system backups, data backups, and export reports.
- Identify servers such as DNS, NTP, SNMP, SMTP, syslog/SIEM.
- Know necessary authentication and user import information, including IPs, ports, SSL information, AD/LDAP credentials, and user-name attributes.
Step 5: Capability requirements
If you are implementing an advanced solution, such as IBM Guardium, additional prerequisites are needed to optimize all capabilities purchased. Setting up a database account may be necessary to take advantage of the following:
- Vulnerability assessments
- Sensitive data discovery/classification
- Entitlement reporting
- Change ticket integration
Bring it all together
This checklist provides a general foundation for the information and discovery needed for implementing a DAM solution. A skilled consulting partner should be able to expand on each of these areas for more detailed essentials.
By 2024, it’s estimated that the data of 75% of the world’s population will be covered by regulations. Data privacy efforts are underway in the US across state and local levels, and five US states—California, Colorado, Connecticut, Utah, and Virginia—are implementing new laws this year inspired by the EU’s General Data Protection Regulation (GDPR).
Expanding data privacy regulations and increasing compliance and regulatory requirements should be the only nudge organizations need to expand their programs, processes, and management to prepare for what’s next.
Converge has extensive experience implementing data activity monitoring, including IBM Guardium. We guide clients through our complete, custom pre-engagement checklist to ensure that everything needed for efficient implementation is collected and compiled. We also have well-established managed services that assist in maintaining your DAM solution after implementation. Contact us today to get started.