This whitepaper by Securosis examines business requirements for securing databases; it also discusses how these requirements are addressed by assessment, discovery, monitoring, auditing, and blocking technologies. DSP is the next evolution after Database Activity Monitoring (DAM), integrating several new technologies into a unified platform for compliance and security, which identifies and reports on transactions that fail to meet business best practices. There are a wide variety of ways to collect information in and around relational databases, and still more to analyze and report on those findings, so this research digs into the nuts and bolts to present a comparative analysis of the technology options available – along with how they address end user requirements. This research is recommended for use in conjunction with other application security tools; because many web and traditional applications rely on database technology to store, manage, and report on data – linking compliance and security requirements.
by Adrian Lane and Rich Mogull, Securosis