tag:blogger.com,1999:blog-4255193939909462606.post6120647738143795443..comments2023-07-13T06:46:05.437-04:00Comments on Ogren Group Security Vibes: Database activity monitoring lacks security liftEric Ogrenhttp://www.blogger.com/profile/12401647238457809070noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-4255193939909462606.post-7346641918084355212009-12-16T15:30:21.094-05:002009-12-16T15:30:21.094-05:00Well, AppSec is still standing and there's a l...Well, AppSec is still standing and there's a lot to be said for that, and for relying more on discovery and scanning than on DAM. I completely agree that there is more to DB security than DAM.<br /><br />There are a lot of factors that go into the multiple, however. I'd caution you about reading too much into that - the fire sale multiples and tombstones of DAM competitors are more telling.Eric Ogrenhttps://www.blogger.com/profile/12401647238457809070noreply@blogger.comtag:blogger.com,1999:blog-4255193939909462606.post-30096487961089426462009-12-16T11:47:40.738-05:002009-12-16T11:47:40.738-05:00At Application Security, Inc. we feel that IBM'...At Application Security, Inc. we feel that IBM's acquisition of Guardium (and the multiple assigned to the purchase price) does validate the importance of database security risk and compliance for enterprise customers. Breaches are escalating, data must be secured, and comprehensive database security solutions are the way to do it. However, DAM is only one component of a comprehensive database security, risk, and compliance solution. I do not believe that an enterprise organization can effectively secure sensitive data and meet compliance requirements with database activity monitoring alone. Comprehensive enterprise solutions must include integrated database discovery, classification, vulnerability assessment, prioritization, policy creation/fixing, DAM, and comprehensive analytics and reporting. DAM is important, but DAM alone is not enough - and to some degree it is a reactive notification, versus the proactive assessment and mitigation that the other components afford an organization.Thom VanHorn, VP of Global Marketing, Application Security, Inc.http://blog.appsecinc.comnoreply@blogger.com