Embarcadero DSAuditor, a leading data auditing solution, helps to secure critical data, ensure data privacy, and enable regulatory compliance by monitoring database access and activity. DSAuditor's ability to detect suspicious behavior in real time minimizes the threat of data theft and tampering. Historical data auditing capabilities deliver detailed reports to comply with stringent internal policies and external regulatory requirements. And, DSAuditor's network-based approach enables reporting on sensitive events such as database, schema, and permissions updates, without impacting performance.

Government regulations such as Sarbanes-Oxley, the Federal Information Security Management Act (FISMA) and BASEL II mandate that organizations be able to verify the accuracy of financial data and other sensitive information. Since this information lives in enterprise databases, IT departments and database professionals are faced with the growing burden of auditing database activity to illustrate compliance. DSAuditor's comprehensive data auditing and enterprise reporting capabilities simplify and automate this process by enabling IT departments to provide detailed historical audits of sensitive security events such as database, schema, and permission updates.

Breaches of private data are not just a public relations nightmare; they are a phenomenally expensive attack on a company's bottom line. According to the Ponemon Institute, the average data breach costs an organization $14 million, in addition to lost business and goodwill. Regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the EU Data Protection Directive (Directive 95/46/EC), and California's SB 1386 mandate measures for data privacy and the protection of personal information.

If a potential breach is occurring, immediate awareness of the situation yields the best chance for an organization to mitigate cost. With DSAuditor, IT departments are able to establish usage baselines, defining what database activity is normal and acceptable, with the assurance that they will know when unauthorized or inappropriate access has occurred. These monitoring rules and alerts notify administrators of unusual or suspicious activity in real time, as soon as it occurs, helping to put a stop to any violations of data privacy as quickly as possible.

According to Information Week magazine, CIOs and IT operations professionals cite managing complexity as one of their top three barriers to implementing security initiatives. In the realm of data security, multiple database platforms and performance demands exacerbate this problem. With DSAuditor, organizations can implement robust data auditing even in complex, cross-platform environments with a single solution. Comprehensive support for major database platforms such as IBM® DB2® UDB, Informix® Microsoft® SQL Server, Oracle®, Sybase®, and Teradata yields a consolidated picture of historical and real-time database activity in your organization, eliminating the need to use inconsistent native database security features or "homegrown" solutions.

Unlike log-based auditing tools which impact performance, DSAuditor is network-based and won't slow down your systems. High transaction throughput ensures scalability to meet demands. As a software-only solution, DSAuditor has a minimal impact on system performance, but Embarcadero's NetServer appliance further reduces any impact to zero. The NetServer appliance is self-contained and comes pre-configured and optimized for easy installation and maintenance.

• Identification and Authentication - Monitors and records database authentication events including: failed/successful logins, password changes, and database logins/logouts
• Authorization - Monitors and records database authorization events including: permission changes (GRANT, REVOKE, DENY), user account changes, and role changes
• Auditing - Data and Database - Monitors and records data and database change events including: schema changes (DDL), insert/update/delete changes (DML), and SELECT statements
• Usage and Performance - Monitors and records database usage metrics including: long running queries, dormant data, most active users, and last accessed reports for users and tables

• Configurable Alert Thresholds - Defines thresholds for organization-specific needs, allowing precise definition of acceptable and suspicious activity
• Real-time Alerts - Notifies IT on unusual activity such as invalid logins, unauthorized access, or database changes as they are happening, and can be delivered via e-mail (SMTP)
• Session Auditing - Captures all session-level information regarding origin user ID, application, IP address, and other identifying information

• Reporting Templates and Scheduling - Uses predefined templates to report on common control areas for compliance reporting. Reports may include daily, weekly, or monthly summarization
• Multiple Audiences - Reports may be generated for multiple audiences ranging from DBAs to IT security. Granular information may be reported as well as business-level summaries
• Report Filtering - Report filters are used to filter out authorized changes or authorized access in order to pinpoint high-risk areas
• Multiple Export Formats - Exports into key formats such as PDF, HTML, CSV, Rich Text Format (RTF), and Microsoft Excel (XLS)

• Non-intrusive - Using NetServer appliance, monitors database access without requiring additional CPU and memory resources from the database server. Optional software collectors have minimal overhead to ensure that SLAs are not impacted
• High Transaction Throughput - Sustains 5,000 queries per second and manages peak loads of nearly 40,000 queries per second, allowing scalability in demanding environments
• Transparency - Database monitoring and auditing is transparent to both applications and databases, requiring no modification to application logic
• Easy Integration With Existing Infrastructure - Supports local and wide-area networks, web-based database access applications, multiple configuration options, without requiring native database auditing controls

• Support for Major DBMSs - Supports IBM DB2 UDB, Informix, Microsoft SQL Server, Oracle, Sybase IQ & Sybase Adaptive Server® Enterprise (ASE), and Teradata for auditing of complex, heterogeneous environments

Monitored Database Versions

• IBM DB2 UDB 6.1, 7.1 & 8.1
• IBM Informix 7.14, 7.30 & 8.21
• Microsoft SQL Server 7.0 & 2000
• Sybase ASE 11.9.2 & 12.0
• Sybase IQ 12.4.2 & 12.5.0
• Teradata V2R3, V2R5, V2R5.1, V2R6, V2R6.0.2 & V2R6.1
• Oracle 8.0.3, 8.1.7, 9.1, 9.2.0.1 & 10g

DSAuditor Repository

• IBM DB2 UDB 6.1, 7.1 & 8.1
• Oracle 8.0.3, 8.1.7, 9.1, 9.2.0.1 & 10g
• Teradata V2R3, V2R5, V2R5.1, V2R6, V2R6.0.2 & V2R6.1

Client Interfaces

• Windows® NT 4.0, Windows 2000, or Windows XP
• 50 MB hard disk storage
• 128 MB RAM minimum, more recommended

Appliance - NetServer

• Embarcadero NetServer Appliance v3.6

DSAuditor Repository

• Supported databases: IBM DB2 UDB, Oracle, Teradata, or NetServer Appliance
• Hard Disk Storage: Typically 10 GB to 100 GB depending on query workload and retention policies

Optional Server Components (software)
Supported Operating Systems:

• IBM AIX® 4.3.2 and higher
• Sun™ Solaris™ 2.5.1 and higher
• NCR MP-RAS 3.02.01 and higher
• HP UX® 11.0 and higher
• HP Tru64 3.2 and higher

Storage and Memory

• Program files: approximately 15 MB
• Data files: varies, typically 80 MB to 800 MB
• Memory: depends on configuration, workload and operating system; typically 10 MB to 100 MB for shared memory plus up to 2 MB per concurrent database session being tracked