Tuesday, December 15, 2009

Database activity monitoring lacks security lift

Posted to SearchSecurity ...

The IBM acquisition of Guardium Inc., a privately-held database activity monitoring (DAM) vendor, is far from a validation statement of DAM as a viable security market segment.

Vendors including Embarcadero Technologies Inc., IPLocks (acquired by Fortinet Inc.), Lumigent Technologies Inc., Symantec Corp. and Tizor Systems Inc. (acquired by Netezza Corp.), have already given up on the DAM space, leaving companies such as Application Security Inc., Imperva Inc., Secerno Inc. and Sentrigo Inc. fighting to divvy up a total annual market of well less than $100 million. The IBM acquisition of Guardium helps the company gain information management technology and a capability to drive professional service revenues in the data center.
Posted by at

2 comments:

  1. Thom VanHorn, VP of Global Marketing, Application Security, Inc.December 16, 2009 at 11:47 AM

    At Application Security, Inc. we feel that IBM's acquisition of Guardium (and the multiple assigned to the purchase price) does validate the importance of database security risk and compliance for enterprise customers. Breaches are escalating, data must be secured, and comprehensive database security solutions are the way to do it. However, DAM is only one component of a comprehensive database security, risk, and compliance solution. I do not believe that an enterprise organization can effectively secure sensitive data and meet compliance requirements with database activity monitoring alone. Comprehensive enterprise solutions must include integrated database discovery, classification, vulnerability assessment, prioritization, policy creation/fixing, DAM, and comprehensive analytics and reporting. DAM is important, but DAM alone is not enough - and to some degree it is a reactive notification, versus the proactive assessment and mitigation that the other components afford an organization.

    ReplyDelete
  2. Eric OgrenDecember 16, 2009 at 3:30 PM

    Well, AppSec is still standing and there's a lot to be said for that, and for relying more on discovery and scanning than on DAM. I completely agree that there is more to DB security than DAM.

    There are a lot of factors that go into the multiple, however. I'd caution you about reading too much into that - the fire sale multiples and tombstones of DAM competitors are more telling.

    ReplyDelete

Subscribe to: Post Comments (Atom)