What tools do you use to comply with Sarbanes-Oxley?

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

Kenny - 31 Jan 2008 21:41 GMT

Does anyone use tools from www.lumigent.com, www.guardium.com,
http://www.idera.com/Products/SQLcm/ for this?

Others I've looked at a little are www.tizor.com, www.rippletech.com,
www.iplocks.com, www.consul.com and www.gridapp.com.

The best one depends on if you are looking for a network appliance like
guardium or an agent approach like lumigent and idera.

Here is another post that list some solutions:
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1894402&SiteID=1

Audit Tools
ApexSQL Audit http://www.apexsql.com/sql_tools_audit.asp
AuditDatabase (Free Web based trigger generation)
http://www.auditdatabase.com/
Lumigent Audit DB http://www.lumigent.com/products/auditdb.html
OmniAudit http://www.krell-software.com/omniaudit/index.asp
SQLLog
http://www.rlpsoftware.com/mainframe.asp?contents=SQLLog.asp&mainmenu=SQLLog&sub
menu=Info
Upscene SQL Log Manager
http://www.upscene.com/index.htm?./products/audit/mssqllm_main.htm
DB Audit Expert http://www.softtreetech.com/dbaudit/

Reply to this Message

Sean McCown - 04 Feb 2008 15:34 GMT

I've played with all of these tools through the magazine and most of the just
won't give you what you want. I used to see good things with Lumigent, but
lately I've been hearing more and more accounts that it's nothing special.
IPLocks and Guardium definitely aren't the way to go either. They've both
turned down reviews twice and I can only guess it's because they know they're
not ready.

Idera is the same. I've never heard one good thing about the product and
when I played with it, it couldn't keep up with my load. And that was just
in my lab, not even in prod.

GridApp's not that kind of application, so it really won't help you with
compliance at all. It's good, and I like what it does for you, but
compliance isn't one of them.

To be honest I'll have to go over my notes about Tizor and RippleTech. I
just don't remember much about them right now.

It also depends on what you need to audit for and what your environment is
like. I tend to lean away from appliances if I can, they're just more
expensive than they're worth usually.

Embarcadero also has an auditing tool. I wish I could be more actual help,
but the truth is, I'm not really happy with any of the tools out there.

Signature

Read my book reviews at:
www.ITBookworm.com

Blog Author of:
Database Underground -- http://weblog.infoworld.com/dbunderground/
DBA Rant – http://dbarant.blogspot.com

> Does anyone use tools from www.lumigent.com, www.guardium.com,
> http://www.idera.com/Products/SQLcm/ for this?
[quoted text clipped - 28 lines]
> DB Audit Expert http://www.softtreetech.com/dbaudit/
>

Reply to this Message

Brian Smith - 27 Mar 2008 17:55 GMT

My company has been using Idera's SQL Compliance manager for over two years
now and my database audit takes about an hour a year.

Ultimately the auditors wanted to know that we [my DBA team] weren't making
unauthorized changes to our critical financial applications. We used Idera
in conjunction with our helpdesk system (BMC Magic) to tie everything
together. Every data change requires a helpdesk ticket and we embed the
ticket # in the query. When we run the Idera reports weekly the security
officer ties back our changes to the tickets. The auditors come in and
review the weekly reports to make sure everything ties.

One of our apps generates over a million transactions daily and Idera
handles it just fine. Our biggest database is about 100 GB in size and the
tool typically audits about 20 GB worth of information over a two week period
(at least that's the typical size of our largest Idera audit database.)
We've currently got eight servers and about a dozen databases being audited
by the Idera tool. Idera's "collection server" runs on a dual proc/dual core
machine with 2 GB of memory. The collection server runs alongside several
other applications and the server is not taxed in the slightest. I actually
have that server earmarked to consolidate yet another application (I'm trying
valiantly to fight server sprawl.)

I've never had a problem with Idera and I'm quite happy with it.

If you'd like more information about it, feel free to get in touch with me.

Regards,
Brian Smith
Enterprise Data Architect
Hanger Orthopedic Group, Inc.

> I've played with all of these tools through the magazine and most of the just
> won't give you what you want. I used to see good things with Lumigent, but
[quoted text clipped - 53 lines]
> > DB Audit Expert http://www.softtreetech.com/dbaudit/
> >

Reply to this Message

Pat - 27 Mar 2008 18:09 GMT

I am using Idera's SQL compliance manager for all of my SQL auditing
requirements. I have had very few problems with the tool and any issues I
have had were remedied very quuickly by the Idera capable support staff. I
currently manage 130 SQL servers with the tool and generate reports each
Monday utilizing MS Reporting Services. I have 2 basic type of reports: 1. We
are required to report all failed login from all SQL servers to our Security
Team. 2. On those databases considered critical, I send activity reports to
all IT custodians managing those databases every week. This is all automated.
I have seen no issues with scaling. I have the product spread over one
account domain (about 110 SQL servers) and 2 other non-trusted domains (about
20 SQL servers), all managed from a central console. My experience in dealing
with Idera has also been positive. I have had functionallity suggestions in
the past and Idera is very receptive to customer feedback. Several of my
suggestions have been implemented into the product. The product is also very
easy to set up and use.

Reply to this Message