Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Looking for Security Auditing solution


Looking for Security Auditing solution

Author
Message
Jack Henry
Jack Henry
Forum Newbie
Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)Forum Newbie (1 reputation)

Group: General Forum Members
Points: 1 Visits: 1

I am looking for a security auditing solution. Any feedback on 3rd party vendors that supply these solutions?

Thanks,

Jack


Site Owners
Site Owners
SSChampion
SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)

Group: General Forum Members
Points: 10095 Visits: 1
No one has responded to this topic yet. Even if you don't have a complete answer, the original poster will appreciate any thoughts you have!
Erich Brinker
Erich Brinker
SSC Veteran
SSC Veteran (215 reputation)SSC Veteran (215 reputation)SSC Veteran (215 reputation)SSC Veteran (215 reputation)SSC Veteran (215 reputation)SSC Veteran (215 reputation)SSC Veteran (215 reputation)SSC Veteran (215 reputation)

Group: General Forum Members
Points: 215 Visits: 633
I know there is something from Idera called SQL Compliance Manager that is designed for meeting SOX requirements. It is around 975.00 per server and will hit for a 5%(according to their sales folks) rise in CPU processing.
Carl Federl
Carl Federl
SSCrazy
SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)

Group: General Forum Members
Points: 2342 Visits: 4349
What do you mean by an Security Auditing solution ?
Some possibilites include:

Process and procedures to managing SQL Server Security rights such as creating logins, changing passwords, granting roles, etc.

Tracking security activity on the SQL server such as login successes and login failures.

Tracking environmental changes such as changes to tables, views, stored procedures, etc.

SQL = Scarcely Qualifies as a Language
Mike-263299
Mike-263299
Valued Member
Valued Member (51 reputation)Valued Member (51 reputation)Valued Member (51 reputation)Valued Member (51 reputation)Valued Member (51 reputation)Valued Member (51 reputation)Valued Member (51 reputation)Valued Member (51 reputation)

Group: General Forum Members
Points: 51 Visits: 38

We're looking at Lumigent's AuditDB solution right now...

http://www.lumigent.com/products/auditdb_sql.html

Might want to check it out...


David Brountas
David Brountas
Grasshopper
Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)

Group: General Forum Members
Points: 16 Visits: 1

This depends solely on the type of business you are in. I am curious as to the level of auditing as well. Can you clarify the goals you are looking to accomplish?

Is this specifically a SQL security project or are you looking for a full level security audit which might include infrastructure assessments, server and router hardening etc.

David.


Joseph Mulhall
Joseph Mulhall
SSC Veteran
SSC Veteran (298 reputation)SSC Veteran (298 reputation)SSC Veteran (298 reputation)SSC Veteran (298 reputation)SSC Veteran (298 reputation)SSC Veteran (298 reputation)SSC Veteran (298 reputation)SSC Veteran (298 reputation)

Group: General Forum Members
Points: 298 Visits: 42
You an achieve virtually any audit requirement with native tools; make sure what your requirements are before you get the checque book out.
Mike-263299
Mike-263299
Valued Member
Valued Member (51 reputation)Valued Member (51 reputation)Valued Member (51 reputation)Valued Member (51 reputation)Valued Member (51 reputation)Valued Member (51 reputation)Valued Member (51 reputation)Valued Member (51 reputation)

Group: General Forum Members
Points: 51 Visits: 38

Joseph: Yeah, I was very surprised at how little Lumigent did...I thought the auditing was at a much different level, but from what the sales guy said I wasn't impressed and agree that you can do it with native tools for the most part.

As to our goals...It's an enterprise wide issue. We have HIPPA and PCI regulations that we need to follow as well as SOX, etc. The DB monitoring is just one piece to the puzzle.


Linda Johanning
Linda Johanning
Old Hand
Old Hand (333 reputation)Old Hand (333 reputation)Old Hand (333 reputation)Old Hand (333 reputation)Old Hand (333 reputation)Old Hand (333 reputation)Old Hand (333 reputation)Old Hand (333 reputation)

Group: General Forum Members
Points: 333 Visits: 620
We're also looking for an auditing application because running Profiler adds too much overhead. I found Apex SQL Audit and have downloaded it, but haven't done any testing. I also haven't tested the other two products mention although I've downloaded them. So far, I'm not too impressed about what I've read on various products. Have you checked out DBGhost? Has anyone found a 3rd party product that they would recommend?



Joseph Mulhall
Joseph Mulhall
SSC Veteran
SSC Veteran (298 reputation)SSC Veteran (298 reputation)SSC Veteran (298 reputation)SSC Veteran (298 reputation)SSC Veteran (298 reputation)SSC Veteran (298 reputation)SSC Veteran (298 reputation)SSC Veteran (298 reputation)

Group: General Forum Members
Points: 298 Visits: 42
You've read the thread; so what are your auditing and security requirements?

If you think there's a piece of software that has the solution, you've failed to understand the problem.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search