HomeLOGbinder for SQL KBHow ToComparison: SQL Server Audit vs. SQL Trace Audit for security analysts

3.3. Comparison: SQL Server Audit vs. SQL Trace Audit for security analysts

Security analysts must have meaningful, relevant audit data from the mission critical applications such as SQL Server. Database admins must have no disruptions nor degradation to the performance of the mission critical instances of SQL Server. Beginning with SQL Server 2008, versions of Microsoft SQL Server offer a new, superior SQL audit capability custom-built to meet demands from both parties.

Many, if not most, organizations have gotten comfortable with SQL Trace. They have satisfied themselves with its inefficiencies, and cobbled together custom routines to reduce its voluminous output. Outweighed by whatever problems that may exist with SQL Trace is one simple fact: it doesn’t hurt the database(s) to keep it going. Nobody wants to run the risk of disrupting the current process. It may not be great, but it’s what is comfortable.

Here’s the problem: SQL Trace leaves big gaps that compromise organizations’ InfoSec and compliance policies.

So, many organizations are taking a hard look at the risks vs. rewards of moving away from SQL Trace and implementing SQL Server Audit as part of the application security intelligence SIEM deployment. To help inform the professionals charged with this decision, our founder Randy Franklin Smith, and Tamas Lengyel, one of our software engineers, have collaborated in writing a white paper, Comparison: SQL Server Audit and SQL Trace Audit. This detailed resource will help both security analysts and database admins to get a better understanding of the superior SQL Server Audit function. The white paper presents the options available to both audit logs and then provides specific benefits that come with SQL Server Audit:

The short story is that SQL Server Audit hits the sweet spot for both database admins and security analysts: it’s a low impact process that yields better results.

Get the full story, download the whitepaper. It may also be helpful to read why LOGbinder solves a critical problem in SQL Server security intelligence at logbinder.com.

This page was: Helpful | Not Helpful