Database Auditing Software from a DBA's perspective, who is using what for SOX compliance?

Question

I would like to hear from some real world in the trenches dba's that have the requirement to audit everything they do and what solutions they have dealt with? There are a number of large players in the market such as Imperva, Sentrigo, IBM, Fortinet and it looks like we will purchase one of these to audit our DBA activities for SOX compliance. Anyone care to chime in on their experience/preference?  Thanks

Answer 1

Hi abeljda,

Please refer to  the SQL Server White Paper: SQL Server 2008 Compliance Guide which could  help you on  where to begin or how to automate the program using technology, specifically SQL Server.It address the compliance of SOX, PCI, HIPAA and GLBA using SQL Server 2008.

And there's also a case study describing Credit Suisse's efforts to become SOX compliant with SQL Server 2005.

---

Best Regards,
Peja

Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Answer 2

Hello, thanks for the links. I had seen the whitepaper and it is  a good reference. As I mentioned in the original post, I was hoping for replies form people working with some of the more well know vendors and what their experience has been good or bad with compliance software.

Answer 3

You might want to look at Oracle's Audit Vault which provides SOX, PCI, HIPAA compliance reporting and alerting management (on a near real time basis). Although it's a Oracle tool the solution supports SQL, IBM DB2 and Sybase ASE - http://www.oracle.com/us/products/database/056885.pdf 

My company thought it was such a good product that we are using Oracle Audit Vault as our Platform as a Service (PaaS). Our service model helps because the audit logs are stored outside of the DB environment hence stopping a rogue DBA logging in and deleting their audit trail activity.