SQL Server Database Audit
Do you work in the Healthcare industry? Do you work in the Banking industry? Do you work for a company managing credit card transactions, stock trading, or any other financial services? If so, then you know auditing is a fact a life. You anticipate the yearly ritual of auditors arriving on-site, demanding reports on various aspects of your databases. They want know who has access, and who has elevated rights. They may want to see system settings and the last time these settings were changed, or they may want to know when the last time objects were dropped, altered, or accessed.
What should a good database auditing tool supply? Here is my list in no particular order:
✔ One-Stop Shopping for All the Data: a good tool will give you a dashboard look and easy navigation to the information you need. If you have an auditor looking over your shoulder, you’ll want to get to the data fast. In many cases, auditors will throw requests on the fly and it helps to have a tool with a good user interface.
✔ Fine-Grained Threshold Customization: chatter is a big problem with any monitoring tool. A good auditing tool will allow you to fine-tune or simply tune out the chatter. Usually after a few audits, you get an idea of what they need. A good tool will allow you stream-line the data over time.
✔ Real-time Notification: if something has been breached, I want to know about it immediately. A good tool will tell me.
✔ Trending Capabilities: real-time auditing is great, but what is especially important is trending. You’ll want to be able to look back in time to track issues and also get a sense of how things might have improved after implementing key changes.
✔ Reporting, Reporting, Reporting: who doesn’t like great reports? I know auditors (and managers) love them. Any tool worth more than a penny needs to have a great reporting feature.
With this baseline in mind, let’s take a look at Idera’s SQL compliance manager. SQL Compliance Manager is a comprehensive auditing solution that uses policy-based algorithms to track changes to your SQL Server objects and data. SQL Compliance Manager gives you detailed visibility to determine who did “what”, “when”, “where”, and “how”, whether the event is initiated by privileged users or hackers. SQL Compliance Manager also helps ensure compliance with regulatory and data security requirements such as SOX, PCI, GLBA, HIPAA(HITECH), and Basel l and II. SQL Compliance Manager goes beyond traditional auditing approaches by providing real-time monitoring, alerting, and auditing of all data access, selects, updates, schema modifications and permission changes to SQL Server databases.
SQL compliance manager isn’t an upstart to the auditing game. Created 8 years ago, Idera has been working closely with Ernst & Young to develop auditing requirements. E&Y is the auditing firm that conducts audits at my business location so it helps to have an auditing tool inspired by the auditors themselves. The reporting features certainly are geared toward handing detailed information in a readable format to people who need it.
Install and Setup
If you have ever worked with any other Idera product like SQL safe or SQL diagnostic manager, you’ll be familiar with the install. The software has four primary components: repository server, client server, administrator console, and management server. In most cases, the repository and the management server will be the same. The administrator console is any system running the central management console. The client is any system you will be auditing.
SQL Compliance manager architecture
Once the initial install completes, you will want to begin setting up activities to monitor. Activities are at the heart of SQL compliance manager. You can define activities for servers or users. Keep in mind that as with any similar applications or trace tools, the more you capture the more overhead you’ll incur. The list of what auditors may want to see is potentially long and sometimes not fully planned out even by the auditors. Their lack of clarity forces a DBA to plan for the unexpected. You capture data based on what you think the auditors need. The golden rule is to always capture more rather than less data. An auditor has never complained to me that we were giving them too much data.
With this in mind, Idera has done a good job at keeping overhead low. Initial overhead is less than 5%. This is possible due to a close relationship with Microsoft, who has provided them unique access to low-level trace API’s. This access, along with the lightweight agent, allows for more efficient collection management. When you first register a new database for auditing, you’ll have the opportunity to configure the alerts you need. These alerts include failed logins, security changes, DDL statements, and administrative activities like DBCC.
Audit Activity options
If you need to audit individual user actions as well as system activities, this is also defined on initial setup. You simply add a privileged user account and now you can audit all activity by that particular user. You can also define audit levels on the database or object level. For example, if you have a database containing a table with salary information or a database with confidential patient information you can audit access only to the table containing the sensitive information. Keep in mind this fine granularity can carry a high performance price, but it is still a useful option when needing to audit specific sensitive data.
The SQL compliance manager interface gives you the ability to view system-wide monitoring information at a glance. The system-wide dashboard interface allows you to quickly diagnose real-time audit violations across all your servers. Alerts can be categorized by severity and further filtered so you see only the alerts which have relevance to your audit requirements.
System-wide dashboard view
Improve Any SQL Server Audit
Audit Sensitive Data - see who did what, when, where, and how
Track and Detect - monitor and alert on suspicious activity
Satisfy Audits - for PCI, HIPAA, FERPA and SOX requirements
Generate Reports - 25 built-in reports to validate SQL Server audit trails
Minimize Overhead - light data collection agent minimizes server impact
Read a Review from SQL Authority
Request for pricing quotation email us at Idera@ensbn.com