Special Edition: SQL Server auditing and compliance

Welcome to SQLsmarts, Idera’s newsletter for SQL Server Professionals!

We welcome your questions, comments or suggestions. Tell us more about how you’re using any of Idera’s products and we’ll send you a
free Idera “SQL Server Professional v2.0” t-shirt!
Email us: SQLsmartseditor@Idera.com.

 
In this issue:

Product News
Try new SQL compliance manager v1.1 FREE for 30 days
Just announced: SQLschedule v2.0 now available

In the News
eWeek: Continental Airlines uses SQL compliance manager to ease compliance with FAA regulations

Tips & Tricks
Use SQL compliance manager pre-defined reports or create your own using Microsoft® Visual Studio®

Try new SQL compliance manager v1.1

Are auditors breathing down your neck to get SQL Server in check?
Are regulatory requirements keeping you up at night?
Or do you need to track who does what when on key databases?

If so, you need Idera's new product, SQL compliance manager. It will literally blow your "SOX" off... not to mention your auditor's! Idera has spent the last few months working with Ernst and Young and other SQL Server auditing experts to build a product that will help companies more effectively meet requirements for internal audits or external standards such as Sarbanes-Oxley, GLBA, HIPAA, BASEL II and The USA Patriot Act. Easy to install, use, and maintain, SQL compliance manager audits your SQL Server databases in real time, ensures continuous compliance, and allows you to audit only what you need. Simply use SQL compliance manager's library of pre-defined reports or build your own in a few simple steps. Even auditors will find SQL compliance manager easy to use through a special auditor's console.

SQL compliance manager provides these key benefits:

• Real-time Auditing & Continuous Compliance – SQL compliance manager approaches auditing as an on-going activity versus an overwhelming once a year task -- saving you time, effort, and expense on formal audits. SQL compliance manager tracks & records in real time all data accesses, updates, data-structure modifications, changes to security permissions, and more that occurs across your SQL Server enterprise. All audit data can be analyzed from a single, easy-to-use interface.
• Immutable & Self-auditing Database – All audit data captured by SQL compliance manager is stored in a central audit data repository for fast reporting, querying and forensic analysis. This database provides an immutable source of audit data that even the most skeptical auditors will trust. Every access or change to the audit data repository is tracked, and alerts are sent if any change to policies or contents is attempted.
• “Out of the box” reporting and analytics – Using guidelines provided by compliance experts such as Ernst and Young, SQL compliance manager will provide powerful, pre-defined compliance reports upon installation. All reports may also customized, queried, or sorted to meet your specific compliance needs and for fast forensic analysis.

 
SQL compliance manager also provides these features:

• Low overhead data collection using no triggers, profiling, “heavy” tracing or log scraping
• Deploys quickly and is easy to manage
• Central enterprise-management console provides streamlined enterprise auditing
• Central repository of audit data
• Use pre-defined reports or customize your own reports
• Fault-tolerant architecture that continues auditing even in the event of network outage
• Does not require extensive SQL Server expertise, can be used and understood by auditors
• More affordable than traditional audit solutions on the market today

Learn more about SQL compliance manager v1.1
Request a 30-day evaluation

Just announced: SQLschedule v2.0 now available

New, improved, enterprise-scale job scheduling and management for SQL Server!

Important features in this release include:

• MDI GUI Design
• Enhanced Global Calendar
• SQL Server Group Calendars
• Custom Event Views
• Reporting Services Support
• Advanced Chaining Interface
• Global Audit Logging
• HTML Reports
• Additional non-SQL Server connectors

Learn more about SQLschedule v2.0
Download a 30-day evaluation

Continental Airlines, a major international air carrier, has deployed SQL compliance manager to audit its aircraft maintenance databases. "Ensuring compliance with our internal audit standards and provides a way to model our compliance after FAA regulations which is critical to operations," said Patrick Rios, Senior Planner, Technical Operations Division at Continental Airlines. "SQL compliance manager ensures that we have a complete audit trail of all access and updates to our aircraft maintenance data, and makes it easy for us to provide comprehensive compliance reports. It also helps us rapidly identify problems, improves our processes, and makes us more efficient."

Read the eWeek article

Use SQL compliance manager pre-defined reports or create your own using Microsoft® Visual Studio®

SQL compliance manager gathers a wealth of critical auditing data by tracking DDL, DML, DCL, failed logins, logins, select statements and more on any of the SQL Servers you specify. The data can be sorted, searched and exported as an RDL file – giving you the flexibility to create any customized report you require using a variety of tools. One popular method leverages your existing MS® Visual Studio®.NET IDE. And, it's easy to use regardless of your level of development expertise.
Find out how
 

SQL compliance manager provides a comprehensive library of pre-defined reports that will help you audit and meet regulatory requirements with ease.

Key reports include the following:

• List all activity by application

• Bulk data movement activity
• Backup, restore and DBCC activity
• Backup, restore and DBCC activity for last N days
• Bulk data movement activity
• Bulk data movement activity for last N days
• Activity for specified objects

• Schema changes made to specified databases
• Schema changes made to specified databases in last N days

• Activity for specified hosts

• Activity for SQL Compliance Manager Agent
• Changes to SQL Compliance Manager audit settings
• Integrity check violations

• Security changes for specified objects
• Security changes for specified objects in last N days
• Security changes performed by specified users
• Ac tivity for which permission was denied
• Login activity for specified users

• Login creation activity
• Login creation activity in last N days
• Login deletion activity
• List all login deletion activity in last N days
• Activity for specified users

We want to hear from you!

Have an interesting story about how Idera product(s) have helped you?
Want to share a product tip, trick or hint?
Have product suggestions or questions?

Your feedback helps us ensure that our solutions continue to best serve your SQL Server management and administration needs. You may even find your input published here in future newsletters.

Send us your comments and suggestions to SQLsmartseditor@idera.com and we’ll send you a free Idera “SQL Server Professional v2.0” t-shirt!

• Visit Idera at a SQL Server 2005 Roadshow, coming to a city near you and get a free copy of SQLsafe:
  - Kansas City, Aug 9
  - St. Louis, Aug 11
  - Minneapolis, Aug 16
  - Wash, DC, Aug 18
  - Phoenix, Aug 23
  - Denver, Aug 25
  - Atlanta, Aug 30
  - Tampa, Sept 1
  - Los Angeles, Sept 8
  - Detroit, Sept 13
  - Philadelphia, Sept 15
  - Cincinnati, Sept 20
  - Columbus, Sept 22
   
• SSWUG Webcast: SQL Server Security - What You Need To Know, August 17
   
• 2005 PASS Community Summit, Visit Idera at:
  Booth 409
  Sept 27-30
   

SQL compliance manager was designed with advice from Information Shield,
publisher of Information Security Policies Made Easy, offering over 1360 pre-written security policies based on 25 years of experience. Take the work out of creating, writing, and implementing policies.

More information >>