Transcript

Expand

Design in partnership with major auditing firms and leading security experts. SQL Compliance Manager provides a powerful auditing and compliance solution for Microsoft SQL Server to help users meet the stringent requirements of today’s internal and external security standards. Security standards such as Sarbanes-Oxley, payment card industry (PCI) and Health Insurance Portability and Accountability Act (HIPAA) to name the three. They require reports and evidence of transactions to ensure guidelines are properly met, and people’s personal and confidential information isn’t a risk. This can be extremely time-consuming and potentially inaccurate. When you think a combination of native tools and bespoke reporting compliance managers flexible enough to cope with many different security codes of conduct. On account of the granularity of its auditing and the depth of information, it can collect. Audit settings can be applied at either the instance or database level, ensuring maximum control and efficiency. At the instance, level settings can be applied to collect data relating to system-wide activity, including schema and administrative changes. To assist with the insider threat. Which is a threat posed from internal users having both elevated access and a knowledge of internal security. We can monitor trusted users. Adding a user to a group or a role here will ensure their activity is trapped through the system and flagged should any of it appear suspicious. Similarly, audit settings can be applied at the database level. Again for the purpose of efficiency, granularity can be applied in the form of what specifically is audited and what is irrelevant to the audit in question. Additionally, at this point, data manipulation language (DML) changes can be selected. This covers the manipulation of data in the form of updates and deletes so that changes to the actual data can be flagged. Application of these controls can be refined to only the tables that need to be audited, whether it be all the user tables. All the ones chosen specifically from the list before and after data provides evidence of changes that have been made. Enabling this will show the current and the previous value along with. If so, a copy of the query that made it sensitive columns. as the name suggests will help to identify where protected data is located. The sort of data that being viewed alone could cause a breach of security and failure of compliance. This can be entire tables or just the individual columns that refer to payment details. Social security information or any personal data bound by a security code of practice. Any access to these objects will result in a red flag being raised in the compliance manager, which in turn will notify security teams in whichever method you choose to assist in the identification of sensitive columns. IDERA has developed a free tool called SQL Column Search, which can identify sensitive columns based on keyword patterns information, which can be imported back into SQL Compliance Manager and mapped to the relevant databases. Once data collection has taken place, it becomes very simple to view and identified the resulting activity. SQL Compliance Manager has a suite of pre-built reports that can be executed through the console. Reports around the activity that has taken place and from which application the changes that were made and who made them and where potential breaches in security could have taken place. In the form of sensitive columns being accessed. These reports are designed to show auditors the data they need to verify. Activity has not compromised security, and they are laid out in a manner. They need to see them. The current example shows sensitive data being accessed by a user that made a connection from Microsoft Excel. The reports can optionally also be deployed to Reporting Services in SQL Server. This is a great way to give security teams and auditors a method of self-service and flexibility in both ad-hoc report running and also periodic reports subscription. On a more granular level, the audit data can be mined through in the compliance console. Filters can be added to show activity for specific times categories and event types, ultimately identifying what action took place along with a breakdown of the scripts used and the implications of any changes. In this case, a filter can be applied to show only the data manipulation language (DML) activity over a recent timeframe. The filtered results can be further refined by adding groups and subgroups. In this case, the event type is sub grouped by the user login quickly exposing potentially malicious activity. Events stored in the SQL Compliance Manager back-end are protected using a chained link of hashed values. This means if a user tries to cover their tracks by deleting activity from the repository, the data will fall out of synchronization. And you will be informed by the system. Having this tamper-proof mechanism ensures reports and data given to auditors is reliable and trustworthy. Alerts can be triggered based on the events captured. Meaning as soon as suspicious events take place, the relevant security teams can be quickly informed. Alert rules are divided into three main areas. The data alerts deal specifically with the sensitive column access. The status alerts provide architectural feedback. For example, if a monitored server cannot be reached. And the event alerts provide feedback for events that come from either a broad category such as admin activity or very specific events that can be selected from a list. Subsequent filters can be applied to refine feedback for certain databases, applications, or users. For example, an alert can be raised if a privileged user takes a backup from an application other than the trusted standard backup tool. This could indicate data is potentially being smuggled out of the system. Once the criteria have been met, the alert will be triggered in the form of an email and entry in the Windows Event log or a simple network management protocol (SNMP) trap. As part of IDERA’s dedication to product enhancement, the SQL Compliance Manager also fits into the dashboard. The dashboard is a common web framework centralizing multiple IDERA tools into a single portal. This provides one central location for management security backup and inventory for each of the products installed. Small amounts of data are published to the overview page in the form of widgets giving a central view of trends and issues across the entire platform. Drilling into a product specifically opens up all of the functionality. In this case, the features and options explored in the desktop console are available through the common web framework. Things such as viewing the event properties identifying recent trends running reports. And also enabling configuration of the system as seen in a desktop client. Drilling into the data for specific instance helps to build a refined picture of the activity that took place filters can again be applied for granularity, and the activity data further analyzed. In the raw data that we see here. And also pre-built reports. If you would like to know more, you can download a SQL Compliance Manager trial from our website www.idera.com and also visit us at community.idera.com.

An Overview of SQL Compliance Manager

SQL Compliance Manager is a comprehensive auditing solution that uses policy-based algorithms to track changes to your SQL Server objects and data. SQL Compliance Manager gives you detailed visibility to determine who did “what”, “when”, “where”, and “how”, whether the event is initiated by privileged users or hackers.

SQL Compliance Manager also helps ensure compliance with regulatory and data security requirements such as SOX, PCI, GLBA, HIPAA(HITECH), and Basel l and II. SQL Compliance Manager goes beyond traditional auditing approaches by providing real-time monitoring, alerting, and auditing of all data access, selects, updates, schema modifications and permission changes to SQL Server databases. Learn More →

Start a FREE Trial of SQL Compliance Manager
Share This
Contact IDERA:
+1 (713) 523-4433