FFIEC News

idera's SQL Server Security Auditing Solution Now Provides Built-In PCI DSS Compliance Measurement

(March 11, 2008)--Idera, provider of management and administration solutions for Microsoft SQL Server databases, released version 2.0 of SQLsecure, an advanced SQL Server security auditing solution that identifies and analyzes database security risks. SQLsecure 2.0 extends its comprehensive set of analyses to include Windows operating system components and adds built-in policies to measure compliance against data security regulations such as Sarbanes-Oxley, PCI DSS, GLBA, HIPPA, BASEL II and The Patriot Act.

As many companies are discovering, their biggest data security threat is not external hackers, but internal users. According to the 2007 CSI Computer Crime and Security Survey, 65% of companies who experienced a security incident reported losses due to insider activity. With the complex interaction of security settings and user access controls within SQL Server databases, the Windows operating system, file systems, and more, properly configuring and managing SQL Server security can be a daunting task. SQLsecure automates this process by quickly and accurately analyzing security settings across these components to provide a comprehensive view of the state of SQL Server security, enterprise wide. SQLsecure also provides recommendations for addressing security risks and fixing flaws in security access control settings, saving hundreds of hours of time, dramatically reducing exposure and ensuring compliance with internal and external audit requirements.

"Working in a heavily regulated industry, I am frequently asked by auditors to report on who has what specific permissions on a SQL Server object," said Bobby Fishbein, Database Administrator, Mitsui Sumitomo Marine Management. "Getting this information and keeping it up-to-date is a time-consuming, labor-intensive activity. SQLsecure enables me to accomplish in mere seconds what would have previously taken considerable time and resources."

"SQLsecure is an essential tool in preparing for an audit," said John Dunleavy, DBA, Capmark. "The ability to link in to Active Directory and see all the effective permissions for any given group is indispensable. Also, alerts from SQLsecure keep me on top of things at all times. With SQLsecure, we are more confident that our databases are secure and that we can meet audit requirements."

Share or bookmarklet this web page at: