IDERA SQL Compliance Manager is an efficient auditing tool focusing on tracking and storing SQL activities for compliance and security purposes.
| Product | Mindshare (%) |
|---|---|
| IDERA SQL Compliance Manager | 2.9% |
| IBM Security Guardium Data Protection | 26.7% |
| Imperva Data Security Fabric | 24.8% |
| Other | 45.6% |
| Type | Title | Date | |
|---|---|---|---|
| Category | Database Security | Jun 23, 2026 | Download |
| Product | Reviews, tips, and advice from real users | Jun 23, 2026 | Download |
| Comparison | IDERA SQL Compliance Manager vs IBM Security Guardium Data Protection | Jun 23, 2026 | Download |
| Comparison | IDERA SQL Compliance Manager vs Imperva Data Security Fabric | Jun 23, 2026 | Download |
| Comparison | IDERA SQL Compliance Manager vs Oracle Audit Vault | Jun 23, 2026 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| Imperva Data Security Fabric | 4.1 | 24.8% | 93% | 65 interviewsAdd to research |
| IBM Security Guardium Data Protection | 4.1 | 26.7% | 86% | 81 interviewsAdd to research |
IDERA SQL Compliance Manager offers a comprehensive database tracking approach, allowing for custom queries and email alerts. It effectively retains trace data for monitoring applications, aiding in security and SOX compliance by providing insights into elevated access. Its reports and cost-effectiveness stand out, although improvements are needed in data collection reliability, installation process, and rule creation flexibility.
What are the key features of IDERA SQL Compliance Manager?IDERA SQL Compliance Manager is widely used in industries for auditing non-admin database activities and tracking changes by database administrators. Audit teams focus on auditing critical tables with sensitive data to ensure SOX compliance. By employing custom counters and risk assessments, organizations can identify potential issues, supported by tools like IDERA SQL Secure and Diagnostic Manager to ensure system integrity.
IDERA SQL Compliance Manager was previously known as IDERA SQL CM.
Hanger; AmerisourceBergen; CMS Energy; Manulife Financial; Patterson Companies; Pfizer; Rockwell Automation; TrialCard; Unum; Verizon Communications; Skygen USA; Calpine Energy Solutions; Standard Chartered PLC; TrialCard, Inc.; Raffles Hospital; Houston Methodist; Community America Credit Union; Noble Americas Energy Solutions LLC; QuikTrip Corporation; HUK COBURG; OneBeacon Insurance Group, Ltd.
| Author info | Rating | Review Summary |
|---|---|---|
| VP Enterprise Data Management at a financial services firm with 201-500 employees | 3.5 | I use this stable solution for controls, valuing its independent oversight. Setup was straightforward, but its filtration and navigation are not optimal, which is why I rate it seven out of ten. |
| Database Administrator at a media company with 501-1,000 employees | 4.0 | I use this tool for SQL Server auditing and SOX compliance. It's affordable with good features, though archiving required command-line intervention. Despite minor issues, I renewed it over alternatives like ApexSQL Audit. |
| Database Administrator at a government with 5,001-10,000 employees | 4.0 | I mostly use this stable product for auditing non-admin database actions. While it's a good value and meets my needs, the clunky, non-intuitive installation process is my main complaint, requiring considerable upfront setup. |
| Database Administrator at a energy/utilities company with 1,001-5,000 employees | 4.5 | I find Idera SQL Compliance Manager valuable for auditing and tracking SQL activity, especially login failures, due to its centralized logging. However, I frequently have to manually restart agents and manage database size, which prevents a perfect score. |
| Database Administrator at a insurance company with 10,001+ employees | 3.5 | I use Compliance Manager for database auditing; it's stable and good value. I need more flexible rule creation (e.g., external lists), and technical support responsiveness, along with feature development, has declined. |
Our primary use case for this solution is for controls, which we deploy on-premises.
The independent view of elevated access and elevated instructions sent to our SQL are very valuable because they act as a secondary pair of eyes.
The solution could be improved by using the proper filtration, navigation of the information it captured, and being more organized.
We have been using this solution for approximately four years.
The solution is stable.
The solution is scalable.
I rate this solution a seven out of ten. However, I advise first-time users to understand the use case, and their needs and ensure they complete a POC in advance. The solution is good, but its filtration and navigation are not the best and could be improved.
The initial setup was straightforward.
I rate pricing an eight out of ten.
It is mainly used to monitor and audit all SQL Servers, and data is being used by our Internal Audit team for SOX auditing.
It provides our Internal Audit team with a tool to use for SOX compliance.
It's cheaper than other applications I researched and it has the auditing capabilities needed for SOX compliance.
We are not on the latest version yet so I'm not sure if that version is a lot better in terms of grooming/archiving.
I submitted a ticket (last year) about archiving/grooming of old records because the GUI functionality was not working. Per their recommendation, I ended up using a command line to do it.
No issues with scalability.
I don't have any issues with their technical support.
We've been using this tool since I started here. I'm not sure if another tool was used prior to my tenure.
The tool was already up and running when I started here but I had a chance to add another server to be monitored and the agent installation was pretty straightforward.
The product is cheaper than other products I checked but it is still a good idea to check again and compare.
I did check other options when this product was up for renewal but ended up renewing it. I checked ApexSQL Audit and Dell Change Auditor.
Plan ahead in terms of what to audit so that the Repository database doesn't get crazy big.
We mostly use it so we can audit if a non-admin does something to a database.
I can't really give an example of how the product has improved the way our organization functions as a whole, but for me, personally, a few years ago, it helped me diagnose a problem that we were having on one of our servers. It helped answer a question, which was nice.
The auditing feature is the most important, and then, of course, we use some of the reports.
The set up is kind of clunky, in my opinion. It's not really intuitive. If they had either a smoother install or better instructions, that would be nice.
It seems to be very stable.
We have not noticed any scalability issues yet.
I don't think I've ever used their tech support.
We used another product from Lumigent Technologies. We used that before we discovered Compliance Manager, and, in my opinion, and in another DBA's opinion, Compliance Manager is a far better product than that old Lumigent product.
Peace of mind - you can't really place a price tag on that. As I mentioned, a few years ago it helped me solve a problem which probably saved about a day's worth of time. It's hard to put a price tag on that.
I feel the product's pricing is a good value.
As I said, we used another product and then we found this one. So when we started using it again, we just went straight to this one because we enjoyed it, and it met our needs. I did not evaluate any other products. We were familiar with it and we were comfortable with it.
We've had some problems with the install so watch out for some "gotchas" there. It takes a little bit of setting up. For example, if you have privileged users you have to put them in so you don't audit what they're doing, because you don't care about that piece. So there is a little bit of setup. Be prepared for some upfront time spent with it.
I rate it pretty highly, around an eight out of ten. It wouldn't be a ten, because of the install hassle that we ran into. But it's a good product, it does what we need it to do.
We use it for auditing requirements. We also use it to identify activities, see what is going on, who is connecting.
The tool can track logins and login failures. I made my own alert so that if there is a certain number of login failures for a server, it emails me. That is really useful. If I want logins to automatically lock out after a certain number of failed attempts, I can know when that happens. It's a good security feature but it also helps because sometimes users are setting up their report or their service and they lock out their account but they don't tell anyone. I can easily see that.
It's really useful because, with over 100 servers, it's difficult to check that many. It's nice to have Idera where it clicks everything into central Repository, a central server, and you can just query that.
The big requirement of our audit is to track logins and SQL Compliance Manager centralizes it, puts it in a spot where we can "protect" the logs. It's not like logs on the server that could be wiped out. It's collected centrally and we can lock that down.
The ability to track activity including the SQL statements is definitely valuable. I really like how the database is laid out. It's straightforward. I can query the back-end tables. I've made a few of my own email alerts based on the data and the tables. It's accessible. That's very important.
Also, one of the things that comes with SQL Server is SQL Server Profiler. We use IDERA SQL Compliance Manager in that same manner to trace activity, and it does a good job of storing. Profiler is okay but it doesn't really store it in one shot like Idera does.
We've used the before and after, mainly because we are interested to see what an app is doing. Sometimes we have an app and we don't understand its behavior. We use the before and after data to see "Okay, this is what it is doing, this is what it is changing things to."
There is an agent that collects the data on SQL Server. Sometimes it will stop collecting. I'm not exactly sure what's happening but I have to go in and manually restart the agent. It would be nice if the central collection server could send a request to the agent to restart. "Oh, you haven't collected data for a week or two, go ahead and restart." Whenever we restart the agent, it starts collecting data again. I have my own script. It checks the data collection to see how old it is. If it's over two days stale then I restart the agent. It would be nice if the tool itself could do that.
There haven't been many stability issues. A couple of versions back, it would crash on the install. I would add an agent, go the central Repository, add the new server in, and it would crash just after the checks. I haven't seen that recently but I also haven't done many installs lately. I'm not sure if it's still an issue but I think it has gotten better.
I haven't had any huge scalability issues but I do have a lot of servers monitored and it does tend to get a bit sluggish.
It's in the documentation that you can't let your database go over 20GB. Once it does that, you can't archive it. I have run into that. You have to make sure you don't get too big and then it's fine.
Tech support has been okay. I ran into an issue earlier this year where my collection had stopped for a week. I had a backlog of way too many events. I contacted tech support and they gave me the typical, "Have you tried this?" and I did that. But I just ended up uninstalling and reinstalling. It was just easier. Typically, they are okay, but I haven't used them too much.
We weren't using anything before.
For the most part, the initial setup is pretty good. You install, it works. It's pretty straightforward. I have a firewall-type issue that makes it complicated but if you don't have any firewall issues, it's straightforward.
Setup was one of the reasons I picked the tool. We compared other tools when we were looking at something to buy. Idera just installed, it worked. If you're just doing the general, standard type of stuff, it works. It's good.
It saves me from having to manually do scripts. But a hard ROI number, I would have to think about that.
The pricing is pretty good.
In terms of licensing I have more of a wishlist. If they had cheaper licensing for development, or free licensing for development, that would be cool.
We evaluated a McAfee product but I don't remember the name of it.
You should look at your use cases, the type of stuff it collects. In terms of cons, you really need to make sure you trim your data, your archive. Otherwise, depending on your activity, your database can get huge, unusable.
I give this solution a nine out of 10. It's not a 10 because I have to babysit the agents. They stop collecting and I have to manually restart them.
Auditing. We mainly use it to follow up on changes to the individual databases. We audit exactly what the database administrators are doing. Those are the main two points. In some situations, we have the need to really audit everything that happens on a certain table, if there is any highly critical information there.
We follow no particular regulation criteria. We have an individual catalog of potential issues, and we have a template that we are using. We did a risk assessment, and we identified several points that have to be checked by Compliance Manager and several other tools. We also use SQL Secure from IDERA. We established some custom counters in Diagnostic Manager, for example, to check certain parameters, just to make sure that everything is working as intended by us.
Using it was just a security process that had to be done. We didn't change the way we were working or the way things are working. It's just an additional process that makes sure everything is secured. It didn't change anything in our environment. It was just a need, and the product does exactly what we needed.
We had to use auditing. It was a demand that came from our security group. We had no choice.
What would really be nice is if it were a bit more flexible, in several ways. The assistant for creating rules is nice, as it looks like Microsoft Outlook, but it's not flexible enough. What would really a good thing is if you could refer to an external list or table for filtering on, say, certain applications, IP addresses, or host names; or perhaps even combinations of host name and application name. Because in our environment, we're suffering from the fact that we have a huge amount of login events. A really huge amount of login events. We have gigabytes of login and logout from the same application; sometimes, several thousand times within one second. These are very badly coded applications for sure, but we have a lot of that. We didn't code them ourselves. It's bought software. We need filter rules for certain combinations as I mentioned above. These rules have to be maintained and have to be audited by the people that take care of the applications that cause the login events.
It's difficult for us because we don't want to give them access to Compliance Manager. What would very much easier for us is to give them some kind of self-service to take care of a list of a combination of host, account, and application name, because only they know whether this combination is valid or not. They know how their application service is named and what services they're using. They have to maintain this list. It would be much easier if there was a table that we would maintain, or they would maintain via self-service, and we could use this table to establish these filter rules.
At the moment, we have to check all the rules after this table is maintained by our colleagues who maintain or run the applications.
After that, I wrote a stored procedure that creates, depending on the table, new rules in Compliance Manager, but that's a workaround. It's not a really nice solution, so it would be much better if Compliance Manager would have functionality like that built in. That's one thing.
Another nice feature would be concerning GDPR: some kind of base-lining of database access or some kind of inventory for tables or certain columns or types of columns. IDERA already has several other tools, free tools, to search for certain criteria of columns holding things like credit card numbers, for example. It would be nice if that would be a feature within Compliance Manager, as it's very a very similar thing, it goes hand in hand.
It is stable. We haven't noticed. It works fine.
We had a few performance problems in the past reading the trace files. We had a bit of a bottleneck on the server side where all the trace files would come together. Although the server should be fast enough, and we didn't experience any bottlenecks on CPU or IOPS; everything was looking fine; CPU was at about 30 percent, and the disks were far from being busy. But the trace files were not being processed fast enough or there were more coming in than processed.
It became more and more of an issue and, at a certain point, we had no other choice than to delete trace files. We lost of a lot of information because the more trace files we had in the folder, the worse the speed, or the performance for processing trace files, became. It got slower and slower. That was a real problem we experienced a lot of times. That improved since the release of a certain version number. It isn't an issue anymore.
We're running it on a machine with eight logical CPU cores, no physical CPU cores. We are auditing about 60 SQL service instances, and it works fine. We are absolutely pleased by the performance at the moment.
Scalability, was a bit tricky because we care very much about security and we have a lot of firewalls, a lot of different networks separated by firewalls. It was a bit tricky to get all the communication done in the right way. Meanwhile, it works fine, and I'm really glad about that. We didn't have to split into several separate Compliance Manager servers. We can do everything with just one monitoring cluster. The monitoring cluster is running all the IDERA products.
We are using SQL Diagnostic Manager, SQL Defrag, Compliance Manager, SQL Safe - nearly everything that IDERA has in its portfolio. All of this is run on this cluster with those cores and about 92 gigabytes of RAM. We are far from what is possible with these machines. We have a CPU usage of about 30 - 35 percent, and everything is running really fine.
To be honest, technical support has gotten worse. It was really fine in the beginning, but it's not what it used to be. The time until we get feedback is increasing. Perhaps it's because we have a lot of open tickets at the moment. We have a lot of different network zones and firewalls, and it's quite tricky to get all this running in our environment. We are using support, perhaps, in a really excessive way.
We have a lot of problems that have existed for a very long time. We have a lot of feature requests and several bugs that haven't been fixed for more than a year now. That's a bit annoying. In the past, this all went a bit faster, but it since IDERA started to release the dashboard, you can see that there is a really big focus on the dashboard. Developers are trying to get it running and to get it to run faster, improve the performance. The other features have suffered as a result.
For example, in SQL Safe we have been waiting for so long to use striping versus IBM TSM in the SQL Safe console. You can use it in the dashboard but you can't use it in the console. The feature isn't there. They just forgot to implement it. Also, the command line interface of SQL Safe is missing it. We have been waiting for something like one and a half years now to get this feature in the command line interface, in the console, because the dashboard isn't fast enough for us.
There's a different set of features in the dashboard and in the console: for certain things you have to use the console, for other things you have to use the dashboard, and that's a bit annoying as well.
We used another solution but it was built by us. We did some Visual Basic scripts and collected the performance counters, but the performance was bad and it was difficult to maintain. We were looking for a professional tool to do our monitoring, and later auditing as well. The IDERA tools performed best.
It got more complex with the dashboard. We have a lot of problems with the dashboard. Sometimes registration via the dashboard doesn't work, so have to do it several times manually. We have often been in contact with support because of that.
Thinking back to when there was no dashboard, setup was very easy: just click, click, click, and finished. Everything was working as intended. What we're experiencing now is, on the one hand, difficulties with the dashboard and, on the other hand, sometimes settings get lost when installing an update, so they are set back to default. That's also a bit annoying but not really a big problem.
It's a good price value. Pricing is absolutely okay for us at the moment. The other tools weren't cheaper.
We tested a lot of individual tools, and Compliance Manager was, at that point, the only one that was really working on SQL Server. Strange as it may sound, it was really true. We tested Database Activity Monitoring, SQL Sentry and Quest, and several other things but we experienced individual problems with each product.
For example, the Database Activity Monitoring from McAfee wasn't able to recognize what objects were accessed when executing a stored procedure. That was something that was absolutely astonishing to us. Compliance Manager really was the only product, at that point, that was exactly doing what it was promising.
What I like most among all IDERA products is Diagnostic Manager. It's really easy to use, it's very stable. It comes out of the box with a good threshold for certain counters. After that comes Compliance Manager. It's a nice tool as well, with some restrictions as I already mentioned. But on the whole, a very good product as well.
I would rate IDERA SQL Compliance Manager at seven out of 10. I like the product, I like the features, but not everything is working as intended and development isn't as fast as I would expect. Also the bug-fixing takes too much time, in my opinion. That's why I wouldn't give it a 10.
