Looking for Security Auditing solution

  • Jack Henry

    Grasshopper

    Points: 23

    I am looking for a security auditing solution. Any feedback on 3rd party vendors that supply these solutions?

    Thanks,

    Jack

  • This was removed by the editor as SPAM

  • Erich Brinker

    SSCrazy

    Points: 2973

    I know there is something from Idera called SQL Compliance Manager that is designed for meeting SOX requirements.  It is around 975.00 per server and will hit for a 5%(according to their sales folks) rise in CPU processing. 

  • Carl Federl

    One Orange Chip

    Points: 25384

    What do you mean by an Security Auditing solution ?

    Some possibilites include:

    Process and procedures to managing SQL Server Security rights such as creating logins, changing passwords, granting roles, etc.

    Tracking security activity on the SQL server such as login successes and login failures.

    Tracking environmental changes such as changes to tables, views, stored procedures, etc.

    SQL = Scarcely Qualifies as a Language

  • Mike-263299

    Ten Centuries

    Points: 1169

    We're looking at Lumigent's AuditDB solution right now...

    http://www.lumigent.com/products/auditdb_sql.html

    Might want to check it out...

  • David Brountas

    SSC Enthusiast

    Points: 194

    This depends solely on the type of business you are in. I am curious as to the level of auditing as well. Can you clarify the goals you are looking to accomplish?

    Is this specifically a SQL security project or are you looking for a full level security audit which might include infrastructure assessments, server and router hardening etc.

    David.

  • Joseph Mulhall

    SSCarpal Tunnel

    Points: 4672

    You an achieve virtually any audit requirement with native tools; make sure what your requirements are before you get the checque book out.

  • Mike-263299

    Ten Centuries

    Points: 1169

    Joseph:  Yeah, I was very surprised at how little Lumigent did...I thought the auditing was at a much different level, but from what the sales guy said I wasn't impressed and agree that you can do it with native tools for the most part.

     

    As to our goals...It's an enterprise wide issue. We have HIPPA and PCI regulations that we need to follow as well as SOX, etc.  The DB monitoring is just one piece to the puzzle.

  • Linda Johanning

    SSCertifiable

    Points: 6727

    We're also looking for an auditing application because running Profiler adds too much overhead.  I found Apex SQL Audit and have downloaded it, but haven't done any testing.  I also haven't tested the other two products mention although I've downloaded them.  So far, I'm not too impressed about what I've read on various products.  Have you checked out DBGhost?  Has anyone found a 3rd party product that they would recommend?

  • Joseph Mulhall

    SSCarpal Tunnel

    Points: 4672

    You've read the thread; so what are your auditing and security requirements?

    If you think there's a piece of software that has the solution, you've failed to understand the problem.

  • Linda Johanning

    SSCertifiable

    Points: 6727

    I need something that doesn't add tables or triggers to the database being audited.  I prefer something that doesn't use trace procedures due to performance, but would consider it.  The main area of concern is auditing users connecting to databases with 'outside' applications like Access, Excel, Query Analyzer, etc. and removing certain ODBC sources is out of the question.  I also need to monitor at least 10 of the SQL servers so price is also a consideration.  I am currently looking at Apex SQL Log which uses live transaction logs or T-log backups, but of course the database has to be in full recovery mode--and I'm not through testing yet.  Any suggestions are welcomed 🙂

  • Curtis M

    SSC Veteran

    Points: 200

    At one point I was looking into LogPI (http://www.logpi.com) but they have since been bought out by a company called Goldengate. I am not getting much feedback from them. I am wondering if anyone out here has any more info on LogPI or Goldengate? Thanks.

    Curtis

  • devereauxj

    Hall of Fame

    Points: 3263

    We are looking at Lumigent.  We are a utility company and have to comply with SOX.  The problem we have is that we use Tivoli by IBM and a tape robot to do backups.  The log files go directly to tape and we can't get them back. 

    Our mandate is to monitor the DBA's and other accounts with Admin and Owner rights and privleges.

    Even with those aside, we have been able to get around much of the Lumigent monitoring as DBA.  I am no hacker and not very good at, but was able to spoof it so those doing the queries and running report did not pick up on my changes.

    Now, all mute point because of it need log backups.

    Any other products that can read the log and db files live and do the same type of thing?

  • Peldin Fernandes

    SSC Enthusiast

    Points: 186

    Check BizRights From approva Systems. http://www.approva.net the leading provider of enterprise controls management software. its the True Cross-Platform Continuous Controls Compliance Software. for any ERP PeopleSoft, Oracle, SAP .

    Regards,
    Peldin Fernandes

  • devereauxj

    Hall of Fame

    Points: 3263

    My company needed a solution to watch activity and logging on SQL Server Databases and Oracle databases.  Many of the items needed in Oracle were already there with a job and couple triggers along with the built in Auditing.  It passes SOX scrutiny, but now SQL had to show the same.  (btw: the budget for this was axed, we gave management a 165K purchased solution : current budget, my time as DBA, full salary...so it does not matter how many hours)

    Anyway.  I came up with a multi-part solution that has satisfied the auditors for now.  Any person with real IT experience will see wholes big enought to drive a mack truck through it, but like I said, it was to suffice the auditors.

    First I used created my own audit trace.  I narrowed down the events to what we wanted to track and the information we wanted to store.  If the sql server stops/starts it automatically starts again.  The records are processsed twice a day from the flat files into a database table.  From there I wrote procedures/views to process the data I need to report on.  I crossed the view with a rules table to kick out records that need to be shown on the report.  I then set up SSRS (sql server reporting services) 2005 to generate the report.  Each morning the report is generated along with the rules, so auditors can compare the rules (ever changing) with the report.  I send a copy to the server and email the affected parties, directing them to look at the report.  If your name shows up, you have to initial the report, put in a comment.  The report is printed by IS security, and people on the report have to initial with pen.

    Lots of holes, some good infor came from it, and it got SOX auditors off our back.  Until next quarter at least.

     

    joe

Viewing 15 posts - 1 through 15 (of 20 total)

You must be logged in to reply to this topic. Login to reply