What is dbMonitor?
dbMonitor is a system consisting of several services to collect and analyze meta data of database server systems. The first version of dbMonitor focuses on Microsoft SQL Server. The second release of dbMonitor will support Oracle. The collected data contains information about the use and usage of the database. The data can be analyzed in various ways and serves the purpose of security audits, develop usage patterns, analyze performance impasses and the testing of new applications to avoid performance bottlenecks on server backend's.
To use an analogy from the banking sector, it can be said that dbMonitor is for a database system what a policeman is standing inside the vault of a bank. The policeman watches who takes what amount of valuables from the vault; dbMonitor watches who does what with the data contained in the databases of the customer.
Why is dbMonitor necessary?
Databases are silent worker in the background of applications. Although the purpose is understood – storing and retrieving data – the impact of them is often neglected. The data is the wealth of an organization. This wealth must be protected from harm no matter where this harm originates from. There can be external entities that are interested in this data. Those are easier to spot by traditional defense such as firewalls, anti-virus programs and other network defense means, than internal parties that have access to the data seemingly legitimately. Most of the data theft happens from members of the organization. Administrators, DBA’s and programmers who have unhindered access to the data can easily retrieve data and walk out of the door. dbMonitor protocols each and every access to the data of an organization and creates an incorruptible record about how many records of which table of which database has been retrieved by whom.
dbMonitor is designed from the ground up to adhere to a strict set of rules. dbMonitor is extensible, incorruptible, secure, centrally managed, failsafe and forensically sound. The system doesn’t have a single bottleneck and adjusts to future demand. The system is meta-data driven and completely parameterized. dbMonitor can monitor all present and future applications because it resides with the Database and not with any application.
Features of dbMonitor
Microsoft SQL Server 2008 and higher
Oracle 11g and higher
- Monitors 639 types of events. dbMonitor tracks every transaction in a database, including logins, select statements, table structure changes, and the creation/modification/deletion of objects such as procedures, tables, and views. It reports on these actions and who initiated them and when. It also records SQL commands and the number of affected records.
- Constant trace file. dbMonitor creates a constant trace file for analysis. You tell it what to analyze. dbMonitor analyzes the trace file within minutes and, if necessary, triggers an alarm immediately after the analysis. The trace file is encrypted and archived in a proprietary format so that you can restore and re-analyze the file as needed. The archived files are immutable and therefore, admissible as court evidence.
- Notification system. dbMonitor includes a notification system that you can customize with rules that will flag certain events or monitor certain thresholds; and send alerts to specific personnel when data is flagged or a threshold has been tripped.
- Immediate defensive actions. Based on conditions you specify, you can instruct dbMonitor to take immediate automatic defensive actions to protect the database, such as shutting down servers, or restricting access to the database.
- Anonymous information. All the user information collected is anonymous and can only be decoded when a security officer and (if necessary) a union representative agree to identify a individual in a data breach. This means that your staff is protected from unfair surveillance at work, while possible criminal activity can be identified.
- Custody of evidence. dbMonitor gathers information under a defined process of custody of evidence. The information is forensically sound and usable in a court of law.
- Compliance requirement. You can customize compliance requirements according to the jurisdiction you company resides in. The dbMonitor rules engine allows you to customize its operation to adhere to local corporate laws. This adds an additional layer to protect C-level company officers.
- Customizable operation. You can adjust dbMonitor to your company’s needs by customizing its parameters and rules engine. With this feature, in addition to database protection, you can customize your routine database audits to analyze performance or test the performance impact of new applications.
- Templates for customizing operations. dbMonitor provides templates you can use to set up various types of auditing and monitoring. This means you can be up and running quickly with dbMonitor.
- Reporting. of all sensitive record changes, including summaries by date/time with the ability to drill-down to individual events
- Heuristic tables. dbMonitor creates heuristic tables that are populated by historic results, thereby anticipating shifting requests to the database.
- Extensible. dbMonitor can monitor more than 32,000 database servers with a single installation. A second dbMonitor can monitor an additional 32,000 database servers.
- Globalization. dbMonitor uses Unicode, so it can be set up in all languages. Adapting a new language takes less than one week.
- Licensing system. To protect your investment, dbMonitor uses a highly sophisticated and secure licensing system. This system ensures that the dbMonitor license can only be used by designated personnel and cannot be stolen by a third party. An intrinsic algorithm avoids the use of a license belonging to customer A by customer B.
- Independent monitoring system. For security, dbMonitor is independent—it does not reside within your environment. No one, including administrators, can tamper with dbMonitor without the action being noticed. Any unauthorized shut down would be recorded and an alarm sent to the appropriate personnel in your organization.
- Cloud service. You can choose between an on-site installation of dbMonitor’s analytical feature or a cloud installation. A cloud installation will keep your capital commitment low, while providing the full services of dbMonitor.