New in Version 2.6 - Released 5/25/2010 - Release Notes

• Idera defined policy templates that check for common security vulnerabilities and combine the most well known industry standards into three distinct levels of security
  • Level1 - Basic establishes a realistic entry-level baseline for SQL Server databases whose third-party applications do not interface with the World Wide Web
  • Level 2 - Balanced (default) establishes a more secure baseline for production SQL Server databases that are configured to support external connectivity while protecting against the most popular intrusion tactics
  • Level 3 - Strong enables the most security checks for mission-critical SQL Server databases that support Web-based, B2B, B2C, or external clients to prevent unauthorized disclosure and data tampering
    
• Updated Security Templates
  • CIS – Center for Internet Security to version 1.2.0 (SQL 2005)
  • DOD- Department of Defense – Security Technical Implementation Guide- updated to version 8.1.5 for SQL server 2005
    
• 25 new security checks (login, surface area, permission, configuration, access, audit, data integrity checks)
  
• Support for clustered Repository
  
• Support for SQL Server 2008 R2
  
• Support for SQL Server 2008 (console, repository & management server)
  

New in Version 2.5

• Ability to globally identify SQL server permissions and over time track the changes made to the server objects and provide reports to the auditors
  
• Save an Assessment of the server security report card that identifies the risks associated with regulations like (CIS,SRR,SOX,HiPAA) and track the changes with an assessment comparison report
  
• Updated Security templates
  • CIS – Center for Internet Security to version 1.1.0 (SQL 2000,2005)
  • DOD- Department of Defense – Security Technical Implementation Guide- updated to version 8.1 for SQL server 2000,2005
    
• Support for SQL Server 2008 (console, repository & management server)
  

New in Version 2.0

• Policies – checks over 60 key security standards across your entire enterprise. Contains built in policies from NIST, DISA, CIS, and others. Or you can create your own.
  
• Dashboard – allows you to check and see where your enterprise of SQL Servers stands at a glance. Drill down into the details of the issues. See how to remediate problems.
  
• Alerts – upon collection assesses your security state the according to your standards and alerts you if anything fails to meet that standard.
  
• Database Roles Permission Explorer – view sub-roles, role members, assigned and effective permissions.
  
• SQL Server Files, Directories, and Registry Settings – browse and analyze all files, directories and registry settings associated with SQL Server and determine ownership as well as explicit and inherited security rights.
  
• Services – show security details of services such as logon and configuration.
  
• SQL Server Surface Area and Protocols – disables unused components to reduce exploit risks.
  
• OS Security Analysis – assess the OS setup to identify issues that would compromise SQL Server security.
  
• Security Scorecard – lists potential security concerns on your SQL Servers such as cross database chaining and gives you the ability to drill down to view the full details.
  
• Reporting Enhancements – includes new comprehensive risk assessment report, many new reports, and enhancements to all reports. Added charts for visualization. Allows you to group servers in the reports by policy group containment.