SOX News

Idera's SQL Server Security Auditing Solution Now Provides Built-In PCI DSS Compliance Measurement

(March 2, 2008)-- Idera, provider of management and administration solutions for Microsoft SQL Server databases, announced version 2.0 of SQLsecure, an advanced SQL Server security auditing solution that identifies and analyzes database security risks. SQLsecure 2.0 extends its comprehensive set of analyses to include Windows operating system components and adds built-in policies to measure compliance against data security regulations such as Sarbanes-Oxley, PCI DSS, GLBA, HIPPA, BASEL II and The Patriot Act.

As many companies are discovering, their biggest data security threat is not external hackers, but internal users. According to the 2007 CSI Computer Crime and Security Survey, 65% of companies who experienced a security incident reported losses due to insider activity. With the complex interaction of security settings and user access controls within SQL Server databases, the Windows operating system, file systems, and more, properly configuring and managing SQL Server security can be a daunting task. SQLsecure automates this process by quickly and accurately analyzing security settings across these components to provide a comprehensive view of the state of SQL Server security, enterprise wide. SQLsecure also provides recommendations for addressing security risks and fixing flaws in security access control settings, saving hundreds of hours of time, dramatically reducing exposure and ensuring compliance with internal and external audit requirements.

"Working in a heavily regulated industry, I am frequently asked by auditors to report on who has what specific permissions on a SQL Server object," said Bobby Fishbein, Database Administrator, Mitsui Sumitomo Marine Management. "Getting this information and keeping it up-to-date is a time-consuming, labor-intensive activity. SQLsecure enables me to accomplish in mere seconds what would have previously taken considerable time and resources."

"SQLsecure is an essential tool in preparing for an audit," said John Dunleavy, DBA, Capmark. "The ability to link in to Active Directory and see all the effective permissions for any given group is indispensable. Also, alerts from SQLsecure keep me on top of things at all times. With SQLsecure, we are more confident that our databases are secure and that we can meet audit requirements."

New features in SQLsecure 2.0 include:

-- Policy-based Security Analysis - checks database security against more than 60 security standards including built-in policies from NSA, DISA, CIS, and others.
-- Alerts - Introduces alerting capabilities which can be customized to notify the DBA if any security parameters fail to meet the policy standard.
-- Database Roles Permission Explorer - enables analysis of assigned and effective permissions by database role, including sub-roles and role members.
-- Operating System Security Analysis - Assesses the operating system, SQL Server files, directories, and registry settings to identify issues that could compromise SQL Server security.

Share or bookmarklet this web page at: