Login  |  Register  |  Contact

ADMP: Application and Database Monitoring and Protection

Last Updated: Tuesday, April 07, 2009

Applications and Database Monitoring and Protection: ADMP. What is it? It’s a different way to think about security for applications. It’s a unified approach to securing applications by examining all of the components at once, viewing security as an operational issue, and getting tools to talk to each other. It means looking at application security in context of the business rules around transaction processing, and not just from a generic network traffic perspective. It is also a bit of prognostication, recommendation, and evangelism on our part, all rolled up into one unified theory. This approach also defocuses from some of the more traditional network and platform security models, and looks at the data and how applications process transactions and data.

ADMP is essentially the data center branch of information-centric security, and it combines elements of data and application security into a consistent and specific architecture. The goal is to watch application transactions from the browser through the database, and apply security controls that actually ‘understand’ what’s going on.

Our definition is:

Products that monitor all activity in a business application and database, identify and audit users and content, and, based on central policies, protect data based on content, context, and/or activity.

Papers and Posts

  1. The lead-in to this series of thought is Rich’s posts on The Future Of Application and Database Security, Part 1 and Part 2.
  2. Definitions: Content Monitoring and Protection And Application and Database Monitoring and Protection.
  3. What is my motivation, or Why Are We Talking About ADMP.
  4. ADMP and Assessment: Linking preventative and detective technologies.
  5. ADMP: A Policy Driven Example.
  6. Web Application Security: We Need Web Application Firewalls to Work. Better.
  7. It’s Time To Move Past Vulnerability Scanning To Anti-Exploitation.

Presentations

Podcasts, Webcasts and Multimedia

We do not currently have any multimedia for this topic.

| | Next entry: SIM, SIEM, and Log Management