Netfort Technologies 2.0

SQL Server auditing and activity monitoring with LANGuardian

SQL Server auditing
SQL Server database activity monitoring

SQL Server auditing with LANGuardian

The latest release of NetFort LANGuardian includes a new database auditing module for SQL Server databases. With the SQL Server Database Monitor, you can be alerted to anomalous activity that poses a risk to sensitive business data or your database infrastructure, detect fraudulent activity, and more easily meet your compliance obligations. You can do all of this with no impact on performance and without needing to redesign your databases or applications. And, with our Active Directory and Novell eDirectory integration, you can identify the actual users responsible for all database activity. This creates an audit trail that attributes each audited database transaction to specific users.

Key benefits

Secure and tamper-proof for audit and PCI compliance.
Discover where important data is located.
Troubleshoot performance problems.
Identify potential fraud and unauthorised user activity.
Receive immediate alerts to suspect activity.
Get reports by e-mail at scheduled intervals.
Active Directory integration allows you to pinpoint individual users.
Create audit trails of access to sensitive databases and tables.

Try it out!

You can see the SQL Server Database Monitor in action on our online demo system.

You can download our free 30-day trial version to try SQL Server Database Monitor on your own network with your own data.

Contact the NetFort Support Team for further information.

Auditing and compliance

Click to enlarge

Database activity monitoring is critically important for compliance with standards. The Sarbanes-Oxley Act (SOX) requires companies to apply strict internal controls to all systems that affect their ability to produce accurate financial reports, while the Payment Card Industry Data Security Standard (PCI-DSS) requires organizations that process credit card transactions to prevent fraud by monitoring all access to cardholder data. SQL Server Database Monitor helps you to implement the internal controls and reporting systems that enable you to demonstrate compliance with these standards. You can:

Enforce segregation of duties
Monitor high risk activity such as privileged user behavior, direct access to databases containing sensitive information, escalation of user privileges, and failed logins
Ensure that databases are queried and updated only through the appropriate applications
Generate alerts whenever an attempt is made to access a database directly or to circumvent SQL Server client application controls
back to top

SQL Server Database Monitor implements an independent and secure audit trail that cannot be modified. Together with its detailed reporting and drilldown capabilities, this allows you to prove compliance with standards such as SOX and PCI-DSS.

Secure and tamper-proof for compliance

All SQL Server activity is stored in the LANGuardian database, a secure, hardened, and tamper-proof database that is completely independent of your SQL Server infrastructure. All database activity is time-stamped, providing a verifiable audit trail that you can use as part of your IT policy and compliance framework.

Because the event repository is independent of your SQL Server infrastructure, you can configure your network so that database administrators do not have access to the log data stored by LANGuardian, and users who have access to LANGuardian do not have access to your SQL Server databases. This enables you to implement separation of duties, a fundamental principle of IT security that is a key requirement for compliance with standards such as Payment Card Industry Data Security Standard (PCI-DSS) and Sarbanes-Oxley (SOX).
back to top

SQL Server database activity monitoring with LANGuardian

Click to enlarge

Increases operational efficiency

SQL Server Database Monitor improves on the native logging and auditing utilities that come with SQL Server. The native utilities create log files on a per-server basis, making it difficult and time-consuming to monitor the log files for an environment with many SQL Server instances. Database performance is also affected when native logging is enabled. Because SQL Server Database Monitor generates its activity data from SQL Server network traffic, it has zero performance impact and it gives you a single point of access to the activity data for your entire database environment.

SQL Server Database Monitor helps you to lower IT costs and increase operational efficiency by automating many database auditing and security tasks. You can configure it to automatically issue e-mail alerts or SNMP traps in real time when security policy violations occur. This feature is commonly used to notify an administrator when a SQL Server instance is accessed by a specified client.
back to top

Identifies potential fraud and unauthorised user activity

Because it observes all database traffic at the network level, SQL Server Database Monitor enables you to identify possible instances of fraudulent or unauthorised activity that would be difficult if not impossible to identify by monitoring databases individually using native logging:

Click to enlarge

See when many different databases are accessed from a single client machine in a short time period -- there could be an innocent explanation, but it could also be an indication that a user is trawling the database infrastructure for information to steal.
Raise an alert when an application queries a database for many credit card numbers when it is designed to request only one at a time -- this could be an indication that the query has been subjected to a SQL injection attack.
See which client machines are generating the most traffic to and from SQL Server databases, and drill down to identify which users, applications and databases are involved, as well as the SQL statements that are being applied.
Ignore events originating from specific clients or destined for a specific server.

With SQL Server Database Monitor, you can access all of this information, and more, from a single browser-based user interface. SQL Server Database Monitor also simplifies routine tasks that can be troublesome to achieve with native monitoring utilities, such as detecting which users and applications have accessed a database or table, and finding out what SQL statements they applied.
back to top

Database discovery

Knowing where data is located in your organisation is critically important for risk management and compliance. SQL Server Database Monitor helps you discover where important data is located. You can create reports that list all databases on your network, see which users are accessing them, and what SQL statements they are applying. If a developer makes a copy of your customer database for testing purposes, or a new application begins interacting with your HR database, SQL Server Database Monitor will bring it to your attention. It will also notify you as new databases appear on the network.
back to top

Technical Details

Supported SQL Statements

SQL Server Database Monitor is language-aware, enabling you to drill down to details of specific SQL operations and statements. It supports the three main subsets of the SQL language:

DCL (Data Command Language)
GRANT
REVOKE
DML (Data Manipulation Language)
INSERT
UPDATE
SET
DELETE
DDL (Data Definition Language)
CREATE
ALTER
DROP

You can also view details of successful and failed logins.

Support SQL Server Versions

SQL Server Database Monitor supports the following versions of SQL Server:

SQL Server 7.5
SQL Server 2000
SQL Server 2005
SQL Server 2008

Try it out!

You can see the SQL Server Database Monitor in action on our online demo system. Or, you can download our free 30-day trial version to try SQL Server Database Monitor on your own network with your own data. Contact the NetFort Support Team for further information.