IT Central Station is now PeerSpot: Here's why

IDERA SQL Compliance Manager OverviewUNIXBusinessApplication

Buyer's Guide

Download the Database Security Buyer's Guide including reviews and more. Updated: July 2022

What is IDERA SQL Compliance Manager?

SQL Compliance Manager helps database administrators to monitor, audit, and alert on SQL Server user activity and data changes. Unlike its competition, it provides quick configuration of audit settings, a broad list of regulatory guideline templates for audit settings and reports, before and after data values for both regulatory compliance and forensic data investigations, differentiation of data access and between regular and privileged users and applications, easy specification of and reporting on sensitive data columns access and changes, and extensive customization of audit settings for databases and servers.

IDERA SQL Compliance Manager was previously known as IDERA SQL CM.

IDERA SQL Compliance Manager Customers

Hanger; AmerisourceBergen; CMS Energy; Manulife Financial; Patterson Companies; Pfizer; Rockwell Automation; TrialCard; Unum; Verizon Communications; Skygen USA; Calpine Energy Solutions; Standard Chartered PLC; TrialCard, Inc.; Raffles Hospital; Houston Methodist; Community America Credit Union; Noble Americas Energy Solutions LLC; QuikTrip Corporation; HUK COBURG; OneBeacon Insurance Group, Ltd.

IDERA SQL Compliance Manager Video

Archived IDERA SQL Compliance Manager Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Database Administrator at a media company with 501-1,000 employees
Real User
Gives our Internal Audit team a cost-effective tool to use for SOX compliance
Pros and Cons
    • "I submitted a ticket (last year) about archiving/grooming of old records because the GUI functionality was not working. Per their recommendation, I ended up using a command line to do it."

    What is our primary use case?

    It is mainly used to monitor and audit all SQL Servers, and data is being used by our Internal Audit team for SOX auditing.

    How has it helped my organization?

    It provides our Internal Audit team with a tool to use for SOX compliance.

    What is most valuable?

    It's cheaper than other applications I researched and it has the auditing capabilities needed for SOX compliance.

    What needs improvement?

    We are not on the latest version yet so I'm not sure if that version is a lot better in terms of grooming/archiving.

    Buyer's Guide
    Database Security
    July 2022
    Find out what your peers are saying about IDERA, IBM, Imperva and others in Database Security. Updated: July 2022.
    620,319 professionals have used our research since 2012.

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    I submitted a ticket (last year) about archiving/grooming of old records because the GUI functionality was not working. Per their recommendation, I ended up using a command line to do it.

    What do I think about the scalability of the solution?

    No issues with scalability.

    How are customer service and support?

    I don't have any issues with their technical support.

    Which solution did I use previously and why did I switch?

    We've been using this tool since I started here. I'm not sure if another tool was used prior to my tenure.

    How was the initial setup?

    The tool was already up and running when I started here but I had a chance to add another server to be monitored and the agent installation was pretty straightforward.

    What's my experience with pricing, setup cost, and licensing?

    The product is cheaper than other products I checked but it is still a good idea to check again and compare.

    Which other solutions did I evaluate?

    I did check other options when this product was up for renewal but ended up renewing it. I checked ApexSQL Audit and Dell Change Auditor.

    What other advice do I have?

    Plan ahead in terms of what to audit so that the Repository database doesn't get crazy big.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Database Administrator at a government with 5,001-10,000 employees
    Real User
    Gives us peace of mind by enabling us to audit non-admins within databases
    Pros and Cons
      • "The set up is kind of clunky, in my opinion. It's not really intuitive. If they had either a smoother install or better instructions, that would be nice."

      What is our primary use case?

      We mostly use it so we can audit if a non-admin does something to a database.

      How has it helped my organization?

      I can't really give an example of how the product has improved the way our organization functions as a whole, but for me, personally, a few years ago, it helped me diagnose a problem that we were having on one of our servers. It helped answer a question, which was nice.

      What is most valuable?

      The auditing feature is the most important, and then, of course, we use some of the reports.

      What needs improvement?

      The set up is kind of clunky, in my opinion. It's not really intuitive. If they had either a smoother install or better instructions, that would be nice.

      For how long have I used the solution?

      More than five years.

      What do I think about the stability of the solution?

      It seems to be very stable.

      What do I think about the scalability of the solution?

      We have not noticed any scalability issues yet.

      How are customer service and technical support?

      I don't think I've ever used their tech support.

      Which solution did I use previously and why did I switch?

      We used another product from Lumigent Technologies. We used that before we discovered Compliance Manager, and, in my opinion, and in another DBA's opinion, Compliance Manager is a far better product than that old Lumigent product.

      What was our ROI?

      Peace of mind - you can't really place a price tag on that. As I mentioned, a few years ago it helped me solve a problem which probably saved about a day's worth of time. It's hard to put a price tag on that.

      What's my experience with pricing, setup cost, and licensing?

      I feel the product's pricing is a good value.

      Which other solutions did I evaluate?

      As I said, we used another product and then we found this one. So when we started using it again, we just went straight to this one because we enjoyed it, and it met our needs. I did not evaluate any other products. We were familiar with it and we were comfortable with it.

      What other advice do I have?

      We've had some problems with the install so watch out for some "gotchas" there. It takes a little bit of setting up. For example, if you have privileged users you have to put them in so you don't audit what they're doing, because you don't care about that piece. So there is a little bit of setup. Be prepared for some upfront time spent with it.

      I  rate it pretty highly, around an eight out of ten. It wouldn't be a ten, because of the install hassle that we ran into. But it's a good product, it does what we need it to do.

      Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
      PeerSpot user
      Buyer's Guide
      Database Security
      July 2022
      Find out what your peers are saying about IDERA, IBM, Imperva and others in Database Security. Updated: July 2022.
      620,319 professionals have used our research since 2012.
      Database Administrator at a energy/utilities company with 1,001-5,000 employees
      Real User
      Tracks logins and stores the information centrally where we can lock it down
      Pros and Cons
      • "The tool can track logins and login failures. I made my own alert so that if there is a certain number of login failures for a server, it emails me. That is really useful. If I want logins to automatically lock out after a certain number of failed attempts, I can know when that happens."
      • "The ability to track activity including the SQL statements is definitely valuable. I really like how the database is laid out. It's straightforward. I can query the back-end tables. I've made a few of my own email alerts based on the data and the tables. It's accessible."
      • "There is an agent that collects the data on SQL Server. Sometimes it will stop collecting. I'm not exactly sure what's happening but I have to go in and manually restart the agent. It would be nice if the central collection server could send a request to the agent to restart."

      What is our primary use case?

      We use it for auditing requirements. We also use it to identify activities, see what is going on, who is connecting.

      How has it helped my organization?

      The tool can track logins and login failures. I made my own alert so that if there is a certain number of login failures for a server, it emails me. That is really useful. If I want logins to automatically lock out after a certain number of failed attempts, I can know when that happens. It's a good security feature but it also helps because sometimes users are setting up their report or their service and they lock out their account but they don't tell anyone. I can easily see that.

      It's really useful because, with over 100 servers, it's difficult to check that many. It's nice to have Idera where it clicks everything into central Repository, a central server, and you can just query that.

      The big requirement of our audit is to track logins and SQL Compliance Manager centralizes it, puts it in a spot where we can "protect" the logs. It's not like logs on the server that could be wiped out. It's collected centrally and we can lock that down.

      What is most valuable?

      The ability to track activity including the SQL statements is definitely valuable. I really like how the database is laid out. It's straightforward. I can query the back-end tables. I've made a few of my own email alerts based on the data and the tables. It's accessible. That's very important.

      Also, one of the things that comes with SQL Server is SQL Server Profiler. We use IDERA SQL Compliance Manager in that same manner to trace activity, and it does a good job of storing. Profiler is okay but it doesn't really store it in one shot like Idera does.

      We've used the before and after, mainly because we are interested to see what an app is doing. Sometimes we have an app and we don't understand its behavior. We use the before and after data to see "Okay, this is what it is doing, this is what it is changing things to."

      What needs improvement?

      There is an agent that collects the data on SQL Server. Sometimes it will stop collecting. I'm not exactly sure what's happening but I have to go in and manually restart the agent. It would be nice if the central collection server could send a request to the agent to restart. "Oh, you haven't collected data for a week or two, go ahead and restart." Whenever we restart the agent, it starts collecting data again. I have my own script. It checks the data collection to see how old it is. If it's over two days stale then I restart the agent. It would be nice if the tool itself could do that.

      For how long have I used the solution?

      More than five years.

      What do I think about the stability of the solution?

      There haven't been many stability issues. A couple of versions back, it would crash on the install. I would add an agent, go the central Repository, add the new server in, and it would crash just after the checks. I haven't seen that recently but I also haven't done many installs lately. I'm not sure if it's still an issue but I think it has gotten better.

      What do I think about the scalability of the solution?

      I haven't had any huge scalability issues but I do have a lot of servers monitored and it does tend to get a bit sluggish.

      It's in the documentation that you can't let your database go over 20GB. Once it does that, you can't archive it. I have run into that. You have to make sure you don't get too big and then it's fine.

      How are customer service and technical support?

      Tech support has been okay. I ran into an issue earlier this year where my collection had stopped for a week. I had a backlog of way too many events. I contacted tech support and they gave me the typical, "Have you tried this?" and I did that. But I just ended up uninstalling and reinstalling. It was just easier. Typically, they are okay, but I haven't used them too much.

      Which solution did I use previously and why did I switch?

      We weren't using anything before.

      How was the initial setup?

      For the most part, the initial setup is pretty good. You install, it works. It's pretty straightforward. I have a firewall-type issue that makes it complicated but if you don't have any firewall issues, it's straightforward. 

      Setup was one of the reasons I picked the tool. We compared other tools when we were looking at something to buy. Idera just installed, it worked. If you're just doing the general, standard type of stuff, it works. It's good.

      What was our ROI?

      It saves me from having to manually do scripts. But a hard ROI number, I would have to think about that.

      What's my experience with pricing, setup cost, and licensing?

      The pricing is pretty good.

      In terms of licensing I have more of a wishlist. If they had cheaper licensing for development, or free licensing for development, that would be cool.

      Which other solutions did I evaluate?

      We evaluated a McAfee product but I don't remember the name of it.

      What other advice do I have?

      You should look at your use cases, the type of stuff it collects. In terms of cons, you really need to make sure you trim your data, your archive. Otherwise, depending on your activity, your database can get huge, unusable.

      I give this solution a nine out of 10. It's not a 10 because I have to babysit the agents. They stop collecting and I have to manually restart them.

      Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
      PeerSpot user
      Database Administrator at a insurance company with 10,001+ employees
      Real User
      Enables us to track changes to databases and tables, but the dashboard doesn't always work as expected
      Pros and Cons
        • "What would really a good thing is if you could refer to an external list or table for filtering on, say, certain applications, IP addresses, or host names; or perhaps even combinations of host name and application name."

        What is our primary use case?

        Auditing. We mainly use it to follow up on changes to the individual databases. We audit exactly what the database administrators are doing. Those are the main two points. In some situations, we have the need to really audit everything that happens on a certain table, if there is any highly critical information there.

        We follow no particular regulation criteria. We have an individual catalog of potential issues, and we have a template that we are using. We did a risk assessment, and we identified several points that have to be checked by Compliance Manager and several other tools. We also use SQL Secure from IDERA. We established some custom counters in Diagnostic Manager, for example, to check certain parameters, just to make sure that everything is working as intended by us.

        How has it helped my organization?

        Using it was just a security process that had to be done. We didn't change the way we were working or the way things are working. It's just an additional process that makes sure everything is secured. It didn't change anything in our environment. It was just a need, and the product does exactly what we needed.

        What is most valuable?

        We had to use auditing. It was a demand that came from our security group. We had no choice.

        What needs improvement?

        What would really be nice is if it were a bit more flexible, in several ways. The assistant for creating rules is nice, as it looks like Microsoft Outlook, but it's not flexible enough. What would really a good thing is if you could refer to an external list or table for filtering on, say, certain applications, IP addresses, or host names; or perhaps even combinations of host name and application name. Because in our environment, we're suffering from the fact that we have a huge amount of login events. A really huge amount of login events. We have gigabytes of login and logout from the same application; sometimes, several thousand times within one second. These are very badly coded applications for sure, but we have a lot of that. We didn't code them ourselves. It's bought software. We need filter rules for certain combinations as I mentioned above. These rules have to be maintained and have to be audited by the people that take care of the applications that cause the login events.

        It's difficult for us because we don't want to give them access to Compliance Manager. What would very much easier for us is to give them some kind of self-service to take care of a list of a combination of host, account, and application name, because only they know whether this combination is valid or not. They know how their application service is named and what services they're using. They have to maintain this list. It would be much easier if there was a table that we would maintain, or they would maintain via self-service, and we could use this table to establish these filter rules.

        At the moment, we have to check all the rules after this table is maintained by our colleagues who maintain or run the applications. 

        After that, I wrote a stored procedure that creates, depending on the table, new rules in Compliance Manager, but that's a workaround. It's not a really nice solution, so it would be much better if Compliance Manager would have functionality like that built in. That's one thing. 

        Another nice feature would be concerning GDPR: some kind of base-lining of database access or some kind of inventory for tables or certain columns or types of columns. IDERA already has several other tools, free tools, to search for certain criteria of columns holding things like credit card numbers, for example. It would be nice if that would be a feature within Compliance Manager, as it's very a very similar thing, it goes hand in hand.

        For how long have I used the solution?

        Three to five years.

        What do I think about the stability of the solution?

        It is stable. We haven't noticed. It works fine.

        We had a few performance problems in the past reading the trace files. We had a bit of a bottleneck on the server side where all the trace files would come together. Although the server should be fast enough, and we didn't experience any bottlenecks on CPU or IOPS; everything was looking fine; CPU was at about 30 percent, and the disks were far from being busy. But the trace files were not being processed fast enough or there were more coming in than processed.

        It became more and more of an issue and, at a certain point, we had no other choice than to delete trace files. We lost of a lot of information because the more trace files we had in the folder, the worse the speed, or the performance for processing trace files, became. It got slower and slower. That was a real problem we experienced a lot of times. That improved since the release of a certain version number. It isn't an issue anymore.

        We're running it on a machine with eight logical CPU cores, no physical CPU cores. We are auditing about 60 SQL service instances, and it works fine. We are absolutely pleased by the performance at the moment.

        What do I think about the scalability of the solution?

        Scalability, was a bit tricky because we care very much about security and we have a lot of firewalls, a lot of different networks separated by firewalls. It was a bit tricky to get all the communication done in the right way. Meanwhile, it works fine, and I'm really glad about that. We didn't have to split into several separate Compliance Manager servers. We can do everything with just one monitoring cluster. The monitoring cluster is running all the IDERA products.

        We are using SQL Diagnostic Manager, SQL Defrag, Compliance Manager, SQL Safe - nearly everything that IDERA has in its portfolio. All of this is run on this cluster with those cores and about 92 gigabytes of RAM. We are far from what is possible with these machines. We have a CPU usage of about 30 - 35 percent, and everything is running really fine.

        How are customer service and technical support?

        To be honest, technical support has gotten worse. It was really fine in the beginning, but it's not what it used to be. The time until we get feedback is increasing. Perhaps it's because we have a lot of open tickets at the moment. We have a lot of different network zones and firewalls, and it's quite tricky to get all this running in our environment. We are using support, perhaps, in a really excessive way.

        We have a lot of problems that have existed for a very long time. We have a lot of feature requests and several bugs that haven't been fixed for more than a year now. That's a bit annoying. In the past, this all went a bit faster, but it since IDERA started to release the dashboard, you can see that there is a really big focus on the dashboard. Developers are trying to get it running and to get it to run faster, improve the performance. The other features have suffered as a result.

        For example, in SQL Safe we have been waiting for so long to use striping versus IBM TSM in the SQL Safe console. You can use it in the dashboard but you can't use it in the console. The feature isn't there. They just forgot to implement it. Also, the command line interface of SQL Safe is missing it. We have been waiting for something like one and a half years now to get this feature in the command line interface, in the console, because the dashboard isn't fast enough for us.

        There's a different set of features in the dashboard and in the console: for certain things you have to use the console, for other things you have to use the dashboard, and that's a bit annoying as well.

        Which solution did I use previously and why did I switch?

        We used another solution but it was built by us. We did some Visual Basic scripts and collected the performance counters, but the performance was bad and it was difficult to maintain. We were looking for a professional tool to do our monitoring, and later auditing as well. The IDERA tools performed best.

        How was the initial setup?

        It got more complex with the dashboard. We have a lot of problems with the dashboard. Sometimes registration via the dashboard doesn't work, so have to do it several times manually. We have often been in contact with support because of that.

        Thinking back to when there was no dashboard, setup was very easy: just click, click, click, and finished. Everything was working as intended. What we're experiencing now is, on the one hand, difficulties with the dashboard and, on the other hand, sometimes settings get lost when installing an update, so they are set back to default. That's also a bit annoying but not really a big problem.

        What's my experience with pricing, setup cost, and licensing?

        It's a good price value. Pricing is absolutely okay for us at the moment. The other tools weren't cheaper.

        Which other solutions did I evaluate?

        We tested a lot of individual tools, and Compliance Manager was, at that point, the only one that was really working on SQL Server. Strange as it may sound, it was really true. We tested Database Activity Monitoring, SQL Sentry and Quest, and several other things but we experienced individual problems with each product.

        For example, the Database Activity Monitoring from McAfee wasn't able to recognize what objects were accessed when executing a stored procedure. That was something that was absolutely astonishing to us. Compliance Manager really was the only product, at that point, that was exactly doing what it was promising.

        What other advice do I have?

        What I like most among all IDERA products is Diagnostic Manager. It's really easy to use, it's very stable. It comes out of the box with a good threshold for certain counters. After that comes Compliance Manager. It's a nice tool as well, with some restrictions as I already mentioned. But on the whole, a very good product as well.

        I would rate IDERA SQL Compliance Manager at seven out of 10. I like the product, I like the features, but not everything is working as intended and development isn't as fast as I would expect. Also the bug-fixing takes too much time, in my opinion. That's why I wouldn't give it a 10.

        Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
        PeerSpot user
        Buyer's Guide
        Download our free Database Security Report and find out what your peers are saying about IDERA, IBM, Imperva, and more!
        Updated: July 2022
        Product Categories
        Database Security
        Buyer's Guide
        Download our free Database Security Report and find out what your peers are saying about IDERA, IBM, Imperva, and more!