Auditing Products for SQL Server

By: Jeremy Kadlec | Updated: 2006-12-06 | Comments (3) | Related: > Auditing and Compliance

Problem

With the many needs (SOX, HIPAA, internal, etc.) for auditing sensitive data, what are the options available in the market place to audit SQL Server data and code changes? Do these products automatically collect the data as well as build reports and selectively alert on critical issues?

Solution

Below outlines the SQL Server auditing products on the market with URL's to the product for more information.

ID	Offering	Data Changes	Code Changes	Auto Data Collection	Reporting	Real Time Alerting
1	ApexSQL Audit	*		*	*
2	Idera Compliance Manager	*	*	*	*	*
3	Imperva	*	*	*	*	*
4	Change Auditor for SQL Server		*	*	*	*
5	SQL Server Profiler	*	*	*
6	SQL Server Triggers	*	*	*

If you know of additional SQL Server auditing products on the market, please let us know and we will update this tip. Please email the product\technology\tool to [email protected].

Next Steps

Assess you needs from both a business and technology perspective to understand who and what needs to be audited to meet legal or internal needs.
Check out these products to determine if they meet your needs and then determine if these products save time and energy as opposed to building a custom solution.
If so, download a trial of one or more of these products and see how they work as well as close the loop with the individuals identifying the needs to validate the needs are met.
For additional auditing tips from MSSQLTips.com check out these tips:

About the author

Jeremy Kadlec is a Co-Founder, Editor and Author at MSSQLTips.com with more than 300 contributions. He is also the CTO @ Edgewood Solutions and a six-time SQL Server MVP. Jeremy brings 20+ years of SQL Server DBA and Developer experience to the community after earning a bachelor's degree from SSU and master's from UMBC.

This author pledges the content of this article is based on professional experience and not AI generated.

View all my tips

Article Last Updated: 2006-12-06

Comments For This Article

Friday, March 31, 2023 - 4:32:19 AM - Nico Botes	Back To Top (91071)
I also have worked with the McAfee Product Suite for Databases before, specifically available for Microsoft SQL Server as well. Not a cheap product, but feature rich, so you get a lot of value for your money, licesed per instance. It looks like they were acquired by Trellix since then. see: https://www.trellix.com/en-us/products.html

Tuesday, February 11, 2020 - 10:14:17 AM - Anonn	Back To Top (84344)
Another auditing tool that can be added to the list is IBM's Security Guardium application. It is similar to trace in that it acts as a network sniffer like Wireshark to capture all SQL being sent to the database so that you can audit what the database administrators are doing or other administrators. Sort of like policing the police. It does other auditing functions as well.

Saturday, February 8, 2014 - 9:55:18 AM - Panayiotis Hiripis

Hi all,

I believe you should include Sql Server's change tracking feature. Basically, it is an internal triggerless mechanism to observe dml changes to all tables of a database, with a purging mechanism. http://technet.microsoft.com/en-us/library/bb933875.aspx and http://msdn.microsoft.com/en-us/library/cc305322.aspx