SQL compliance manager

Low-impact SQL Server auditing of all user activity and data changes

• Real time auditing of all SQL Server data and object changes
• Flexible collection filters gather the data you need
• Audits changes to SQL Server data on the column level
• Customizable alerts to notify you of suspect activity
• Provides comprehensive reporting to satisfy audit requirements

Key benefits: 

Continuous, Flexible Auditing

SQL compliance manager goes beyond traditional auditing approaches by providing real-time monitoring and auditing of all data access, updates, data structure modifications and changes to security permissions. The type and detail of audit data collected is highly configurable and may be defined at the server, database and object level. No changes to applications or production databases are required.

Immediate notification of suspect activity

SQL compliance manager can be configured to alert DBAs of suspect server activity, either via e-mail or the event log. The alerting engine includes powerful features such as flexible alert definition, alert templates, custom messaging, and alert reporting and alerts can be applied across the board, or to specific servers, databases or tables, for more fine-grained control.

Tamper-proof audit data repository

SQL compliance manager has been engineered to provide a trusted, immutable source of audit data. Audit data captured is stored in a central repository for reporting, querying and forensic analysis. Its powerful self-auditing features ensure that you are alerted to any changes to data collection settings or attempts to tamper with the audit data repository.

Minimal performance impact

SQL compliance manager employs a very efficient, low-overhead data collection mechanism to minimize impact on audited servers. A lightweight agent monitors the SQL Server trace data stream in real time, collects the audit data and sends it back to the repository. SQL compliance manager does not use high-overhead approaches that can impact server performance such as profiling, ‘heavy’ tracing options or log scraping.

Powerful reporting and analytics

SQL compliance manager provides ‘out of the box’ reports to address a broad range of auditing and security reporting needs. These reports were developed in conjunction with industry experts in security, compliance and auditing policies, such as Ernst and Young and Information Shield Inc. All reports may be easily customized, plus the user-friendly schema of the audit data repository enables rapid development of ad-hoc queries and reports for detailed forensic analysis.

Data auditing

SQL compliance manager enables auditing of data changes on any table so you can compare before and after data values resulting from inserts, updates and deletions. Data auditing is facilitated by using a unique, low overhead, non-intrusive method to ensure minimal impact on SQL Server performance.

Sensitive Column Auditing

SQL compliance manager allows you to audit any combination of columns and track who has issued “SELECT” statements against any table whether they are end-users or priviledged users.

SQL compliance manager is a comprehensive SQL Server auditing solution that uses policy- based algorithms to track changes to your SQL Server objects and data.

Powerful and Flexible SQL Server Auditing

Low-overhead data collection: A lightweight agent captures data from the SQL Server trace stream in real-time. The data collected can be streamed to the repository in real-time or in scheduled batches.

Tamper-proof audit data repository: Guarantees the integrity of audit data by providing an immutable repository – any attempts at changing or tampering with the audit data can be detected. In addition, powerful self-auditing features capture and alert on all changes to auditing policies and data collection parameters.

“Auditor’s Mode”: Users can be granted auditor privileges only. Users in the auditor role have read-only permission. This supports report and query execution as well as self-audit, integrity reporting, and alerting of changes to SQL compliance manager configuration and data collection parameters.

Fine-grained filtering: Powerful filtering capabilities enable you to collect only what is important for audit and compliance; reducing data collection, transmission and storage overhead.

Customized alerting: Provides customized alerting for over 200 specific SQL Server Event types, allowing you to define rules to receive immediate notification when critical SQL server events occur. These events are stored in the audit repository, can be emailed directly to a user and/or written to an event log that feeds an in-house operations monitor system (e.g. SCOM). 

Management Console

• Windows 2000 SP3+, Windows XP SP2+, Windows Server 2003, SP1+, Windows Server 2008, Windows Vista, Windows 7 SP1+
• Microsoft .NET 2.0

Collection Server and Data Repository

• Windows 2000 SP3+, Windows XP SP2+, Windows Server 2003 SP1+, Windows Server 2008, Windows Vista, Windows 7 SP1+
• Microsoft .NET 2.0
• Repository: SQL Server 2000 (all versions/service packs), SQL Server 2005 (all versions/service packs), SQL Server 2008 SP1+, SQL Server 2008 R2 SP1+

Agent

• Windows 2000 SP4, Windows XP SP2, Windows Server 2003 SP1+, Windows Server 2008, Windows Vista, Windows 7 SP1+ ; Microsoft .NET 2.0

Supported SQL Server Environments

• SQL Server 2000, SQL Server 2005, SQL Server 2008, SQL Server 2008 R2