For enterprises looking to protect against data loss but who require a more efficient and cost-effective solution, a combination of application monitoring and database activity monitoring can provide the necessary information, while a content-aware SIEM can track and analyze that information.
The NitroView platform combines Security Information & Event management (SIEM), Database Monitoring (DAM), and Application/Protocol Monitoring (ADM). As a result, NitroView is able to provide many data loss detection functions, in addition to its many security operations, forensics, and compliance capabilities. The result is a single platform that solves multiple business needs through a common system, using a single interface - further reducing costs through a reduction in operational costs.
NitroView's data loss prevention capabilities extend further than what is offered by other SIEMs - rather than relying on database and application logs to detect threats against your data, we're able to provide active monitoring: providing full database session visibility to know exactly what data is being accessed, when, and by who; and going beyond surface visibility of application logs to detect sensitive data within the applications themselves.
The result? The ability to detect data leakage at an affordable price: more powerful than other SIEM-based loss prevention, more affordable than traditional data loss detection systems, and easy to use as well.
Because most sensitive data is stored in a database of some kind, an effective database monitoring strategy is an important component to an effective Data Loss Prevention strategy. Beyond database log analysis, true database monitoring provides full session detail, and provides monitoring of administrative user activity and system-level operations— providing more comprehensive database security, without the performance impact of native logging. Among other details, Database Monitoring informs you of:
Application Monitoring provides full visibility into applications used on the network. Full layer-7 deep packet inspection provides a comprehensive understanding of how applications are used. Application and Protocol Monitoring (ADM) takes a step beyond application log analysis, which provides only summary information about an application's activity, and allows for full content analysis.
For example, a database monitor might clearly show that an authorized user is accessing personal information within healthcare patient records; there is no threat behavior int his activity, as it is within the parameters of that users role within the organization. However, that same user might be sending that information outside of the company in batches using an instant messaging application or email application. Monitoring at the application level allows you to trigger an event based upon many conditions, including:
Database, application, and protocol information needs to be inspected in order to detect data loss, but a common system for the correlation and management of that information is required to gain the full benefit of that information. In the above example, knowing that the IM session and the legitimate database access were initiated from the same PC would clearly indicate a deliberate data theft. Using correlation to detect such scenarios in advance would go even further, allowing the breach to be detected early, providing the time to mitigate the theft and reduce loss.
Log in
