Unlike the logging capabilities built into database products, stand-alone database monitoring tools are optimized for security and have less of an impact on performance, said Phil Neray, a vice president at Guardium. Stand-alone products such as Guardium's are also more difficult to turn off by privileged users and are able to generate real-time, policy-based alerts, he said.

Extending the same kind of monitoring to all network and system assets could help detect suspicious activity more quickly, Shah said. "The problem is that monitoring generates a tremendous amount of logs," he said. The challenge lies in "getting the right information as quickly as we can," from the log data.

Some vendors such as LogLogic Inc. are beginning to offer more efficient ways to sift through voluminous log data and focus on the issues that matter, Maness said. Such products can complement security event management tools, he said.

LogLogic's hardware appliances are designed to automatically capture and store log data from firewalls, routers, servers, applications, operating systems and other devices, said Andy Lark, a spokesman for the San Jose-based company. The appliances can be configured to generate near-real-time alerts when the logs show violations of predefined polices, such as those associated with Payment Card Industry standards, he said.

Products from vendors such as Vericept Inc. and Vontu Inc. that allow companies to monitor the content flowing across their networks can also be useful, Maness said. The products work by inspecting every packet flowing across a network and sending an alert when prohibited or sensitive data is found, he said.