Management Associates - Analyst Brief on the Agentless DAM
Activity Monitoring (DAM) should be a part of the security strategy for
every organization using databases for critical information. However, in
determining the level of need and the representative investment for the
solution, decision makers should consider three key things when
generating their requirements and estimating their investment.
DAM is a highly robust and reliable solution option
agentless DAM does not need to touch the databases, deployment and
lifecycle management are far easier and less complex than agent-based
DAM provides security services beyond traditional DAM and thus offer
Analyst Brief discusses these issues and why the release of Agentless DAM
will make a significant impact on database dependent organizations.
found that only 19 percent of organizations have what the organization
considers to be “excellent“ visibility into their data and database
assets. This level of visibility is necessary to rapidly identify a data
breach. Furthermore, 47 percent of those surveyed do not have an assigned
team or even an individual to oversee the security of their
In addition to most survey respondents lacking excellent visibility into
their organizations’ data and databases, 59% of respondents lack a high
degree of certainty about which applications, users and clients are
accessing their databases. When asked what database security issues are
of most concern, compromised credentials was the top concern of half of
the survey respondents. The next biggest concern was the potential for
the organization to experience a major data breach, followed by the
inability to identify data breaches until it’s too late.
Ponemon Research survey found the SQL threat is taken very seriously
because 65 percent of organizations represented in this study experienced
a SQL injection attack that successfully evaded their perimeter defenses
in the last 12 months. Almost half of respondents (49 percent) say the
SQL injection threat facing their company is very significant. On
average, respondents believe 42 percent of all data breaches are due, at
least in part, to SQL injections.
Study of Database Attack at the Large Retailers
Ponemon Research survey found fifty percent of respondents believe cyber
syndicates are to blame for the large retail data breaches. Only 16
percent believe an individual perpetrated the attack. Many respondents
believe notification of victims is better later than sooner. Thirty-six
percent of respondents would prefer to wait to notify victims until a
thorough investigation was conducted.
Fifty-three percent of respondents said it appeared SQL injection was
very likely used to steal sensitive and confidential information.
Sixty-five percent of respondents indicated continuous monitoring of the
database network followed by advanced database activity monitoring are
the best approaches to avoiding a mega data breach.