Why Are CISOs Shutting Down Legacy DAM Agents?

Why are CISOs shutting down Legacy DAM DB Agents for shifting defense into offense, as proven in the latest Australia breaches?
In recent discussions with large FSI CISOs, they noted that they are shutting down legacy DAM agents.
The cost of legacy DAM solutions with its agents on databases has put a burden on CISOs’ budgets. It also requires skills and FTEs to maintain the agents for every database upgrade – creating “Agent fatigue” while eroding the CISOs power with endless fights with overworked DBAs and Ops team.
This is being revisited in light of the fundamental flaws in legacy DAM tools:
- Blindness for all critical activity to the databases performed by APIs/applications (as they connect using one service account to the DBs)
- Cloud protection irrelevance with the fast adoption of Database as a Service (where agents cannot be deployed) – processing DaaS activity logs hours after a possible breach happened.
- Unsatisfactory functionality – mere monitoring activity of DBAs without the ability to Dynamically Mask, filter results, apply ABAC or enforce de-Identification (e.g., FPE Encryption).
These capabilities are now part of the new ZeroTrust 2.0 focus on Data-Centric capabilities released by the US Department of Defence.
Turning off legacy DAM agents enables them to refocus CISO attention, budgets and skills from ineffective defense to offense using new unified Data-Centric Platform with a superset of tools – DAM, UEBA, ABAC and de-Identification (FPE Encryption, Masking) for protecting Hybrid operational and analytics environments.