Looking for Security Auditing solution

  • My company just went through PCI audit and we use Idera Sql Compliance, Lumigent was too expensive for us.  The SQL Compliance Manager satisfied the auditors requirements which log all access to the server/databases and log all activities (select, insert, update,...) to database and it cost us $1495 for the license.

  • Just for continuities sake, I don't see anyone here describing requirements, I see them offering solution (or solutionizing in management speak )

    Most people are talking about auditing access to SQL server - how does that help if all access is through a single account? How does that help you identify unauthorised changes to your data? How does that help prevent fraud?

    I put it to you that you, and in my experience the auditors as well, are assuming that by 'logging everything' you have achieved something useful and/or complian with SOX.

  • "Our mandate is to monitor the DBA's and other accounts with Admin and Owner rights and privleges."

    There is no native way of doing this - by nature the sysadmins can do anything they want with SQL Server, so their is little or no point in using SQL Server to monitor them.

    Indeed, any system for which I have full-control requires an external factor for logging and monitoring.

    The only sure fire way to control, log and audit access is by abstracting DBA work through a third-party management tool; be this an enterprise manager replacement or a remote console with keystroke logging.

    Again - how does this address SOX? SOX was created to prevent fraud. Is fraud going to be committed by a sysadmin editing an entry in field in a table, or is it going to be by accountants diverting funds into a variety of accounts?

    Move upwards a level - what is the application you're looking at? What does it do? How is user access *within the application* granted, logged and monitored? If the users can freely change stuff in the application, what has database security got to do with it?

  • Check out Teleran. They have products that can collect information by setting itself up as a proxy and sniffing requests and results. This means zero impact on the sql server being audited. It can parse the sql and give you object level information too. It can also operate as a gatekeeper and stop certain commands, users, etc... even if they are dbowners and the like.

  • DIAB (DBAinABox) from diabsqlsoftware.com has built in SOX tools to alert you if permissions have been altered. it does this without using a trace or inserting any objects on the sever / database being monitored. It is not a 100% solution to your question but it will keep SOX auditors happy and is inexpensive.

Viewing 5 posts - 16 through 20 (of 20 total)

You must be logged in to reply to this topic. Login to reply