Oracle Audit Vault Reviews

The most valuable features of this product are auditing the old and new values after each change in the database, REDO_COLL and capturing application context functionalities.

REDO_COLL is a function provided by Oracle Audit Vault where the system captures all values that are changed in the audited tables of a database. So if someone fires an update in a table, the auditing system will not only capture the value which was enforced as part of the update, but will also capture the old value (before the update was done).

Application Context is an interesting implementation, where we can pass additional information about front-desk application users in the audit trail. So, when we look at an audit log we not only see the database user but also the application user who has viewed/changed the data.

Auditing as an imperative function of any Enterprise company. We require the audit logs for compliance needs and for tighter control of the infrastructure. Being in the Health Insurance industry and handling PHI & PII data, there are compliance mandates enforced by HIPAA. Oracle audit Vault helps us implement the control points enlisted under "Audit Requirements". HIPAA mandates us to track any/all access to ePHI data in our system, even if it is just a READ ONLY access. With Oracle Audit Vault, we have a centralized system to access all Audit Trails for sensitive data access.

The price factor makes it “out of reach" for small players in the IT industry. Even the SaaS model is very expensive. SaaS is an alternative hosting model where Oracle hosts the audit vault in their data center and installs audit collection agents on client data center. They host these appliances in their HIPAA-complaint data center where all controls are active. They work with the client to set-up secure channels for audit data and then sign BAA with the client. This auditing feature is made available as a service for which Oracle charges on a pro-rated basis.

Also, Audit Vault is not yet licensed to run with Other Cloud offerings like Amazon AWS, which makes it difficult to implement incase your existing tech-stack is on AWS or any other non-Oracle-Cloud Infrastructure.

I have used this product for almost a year.

Yes, its not certified to run with Amazon AWS.

I did not encounter any such issues. The product was both stable and scalable.

I did not encounter any scalability issues either.

The technical support is great.

We did not use any other solutions. Our company needed a full auditing suite for our database along with capturing application context and REDO_COLL functionality. This product was our first choice.

It has an appliance setup which is not supported on Amazon or any other third party cloud, making the process very cumbersome.

The pricing policy is quite aggressive. We must equal the number of processors on DB in accordance with this appliance, thus making it very expensive.

We evaluated the IBM Guardium solution.

If this product falls under your budget, then there is nothing like it in the market.

I use Oracle Audit Vault for testing and configuring an audit role. I want to see how the solution works and if it is possible to block people from doing something. 

The feature that I have found most valuable is that it can help us secure our databases. The configuration is very good.

I hear from many people that say IBM Guardian is better than Oracle Audit Vault when it comes to performance. IBM Guardian works transparently in the database, but Oracle Audit Vault consumes some ratios on the server. The configuration for the solution can be complicated as well.

I have been using Oracle Audit Vault for the past three years.

I did find the product to be stable in the testing environment.

We do have technical support for Oracle Audit Vault however it is not available in our country.

The initial setup was straightforward and easy.

I did the deployment in-house over the weekend by myself. I followed the document I found online and did the installation.

I am currently using the free version and I was not required to buy a license.

I would rate Oracle Audit Vault an eight out of ten.

The following features of the product provide additional benefits for the user:

• If it's from an Oracle family, we can get quick support from Oracle support.
• Reporting screens are more useful, we can get many summary reports very quickly.
• Compared to previous versions, agent operation logic has been changed. The agent is now managed only, not collector + agent. This makes it easy.

• It has the added advantage of having a database firewall feature that is not in previous versions or other equivalent products.

Before this product was used in the company, the tables with some critical presets were checked with the triggers on them. The old and new versions of the changing records were written to another table. These triggers caused the database system to incur extra CPU and IO spending. It was also difficult to maintain and manage. We were also unable to provide a wide variety of reports that the audit department wanted.

By using the product, we could log the audit records, generate various reports, send these reports to the relevant administrators by attaching these reports to the mail, without exposing the main database system too much. In this way, it has contributed to accelerate the business processes of the company by providing audit trail requests much faster.

We were using Audit Vault 10.3 before and could not migrate to the new version (AVDF 12.1 and 12.2) (because Oracle support said it was not possible) and we continued to get old Audit Vault databases when we needed old audit records, and we could not remove our dependency. Audit records can be migrated from the old system to the new system.

To be able to produce intelligent reports, the ability to analyze the reports must be given.

I have been using this solution for one year.

In the previous version, when the aud$ and fga_log$ tables reached a certain size, the collectors sometimes shut down and it took too long to get reports from the AV console. So it was not working in a stable manner. I can say that the new versions are stable.

In the Auditor role of about 5 people, this can be scaled for our company as there is no performance problem in getting the report at the same time, but there may be a performance problem depending on the increase in the number of users in the future. This is somewhat in direct proportion to the number of users.

There are a few people who are experienced in Audit Vault with local technical support, and I hope this number will increase. In case of problems, we receive global support from Oracle support, but not as fast as the database issues are getting back on their return, so my rate is 3/5.

We did a week of PoC work for each of the other equivalent products before purchasing this product. These products were IBM InfoSphere Guardium and Imperva SecureSphere. We have reviewed and compared the capabilities of each product and the reports it produces.

Some of the most basic reasons for choosing Oracle's AVDF product are:

• User friendly (easy to use because it is not complicated to use).
• As a company we also use many different Oracle products. So, if we are blocked by global technical support, we can escalate the situation with local Oracle.
• The price of the product is not higher than the others.

We had problems installing the old version, and since it did not have a lot of resources, the setup took a few days, but there are a lot of radical changes in the new version. Audit Vault's own database and its own operating system come in a single .iso file. There is good documentation out there that describes the process step-by-step and you will not have much difficulty, even in the first installation.

The important thing is to use the most suitable product for our company for many years (every 1-2 years to change the product to force the company). We must make good decisions about our needs, make PoC studies diligently and compare the advantages and disadvantages of the products. If we specify the ideal product for us, pricing and licensing should be important in the second place.

We first evaluated other options at the technical level and then at the senior management level. These were: IBM InfoSphere Guardium and Imperva SecureSphere.

My recommendations are:

• Users in the Avadmin and Avauditor roles should be designated so that the maintenance of the product and the database and the daily checks are not neglected.
• Providing added value by generating custom reports for your company other than the default reporting features
• Some reports are sent automatically at certain hours by attaching as .csv, .html or .pdf in mails
• The only source we can log Audit records for is not Oracle, but also MySQL, MS SQL Server, Sybase, IBM DB2, and so on. We need to remember that we can also monitor the source systems.

We have a few applications that use the Oracle Audit Vault as a broker service to log into the application. It uses the credentials provided by this solution. We are not using the firewall component.

This solution acts as a complete data warehouse for our audit data. Anytime we need to search for details about what happened, from a proactive monitoring perspective, or react to see what access permissions were granted or denied, we can look at this.

We have an alert mechanism implemented, and we also use some of the built-in reports. The reports are typically used by management, and we have a risk management dashboard. Management looks at the reports, and the indicators in them, to determine what level the security has been at over the past month. They can tell whether it has improved or gone down.

The most valuable feature is that Oracle Access Vault is integrated with our SIM (Security Information Management tool), which gives us a complete picture of what access is being provisioned in our organization. We do not use the interface provided by Oracle Audit Vault, except to export the data into our SIM.

The reporting is an area of the solution that needs to be improved.

Customized reporting is something that we are struggling with, and it is quite tough for us. Every time we need to prepare a custom report, we have to involve the vendor. This is unlike other solutions where the reports are easy to customize.

Another problem with reporting emerges on the topic of compliance and certain international standards. The standard set of reports do not provide sufficient details for the PCS and ISO standards.

It is important to have better integration with most of the tools to manage unstructured data or SIM solutions. If we change vendors for our SIM then we want to have the best possible support.

This product is quite stable and robust. We have not faced any issues with respect to stability in the past few years.

We do not have heavy requirements in terms of scalability on our end, so I am unsure.

We currently have between ten and twelve users. These people are middle management, our database administrator, and I am the Data Center Lead.

This solution is extensively used on a daily basis, as it is one of the pillars of our overall monitoring solution. We have no plans to increase usage at this time.

Since our first contact with Mannai, they have been able to resolve most of our issues. Only in cases of problems that they cannot fix will they raise an SR with Oracle. Generally, they are quite capable.

We did not use a specific solution prior to this one.

We do not use the database firewall component that is included with this solution. For our database activity monitoring, we rely on IBM Guardium.

The installation itself is quite straightforward, but the configuration does not happen at the same time. We have fine-tuned our configuration over the past year or two, which has reduced the high number of false positives. We now only receive clear, actionable alerts. Most of these kinds of tools require a lot of fine-tuning to be done, based on your environment. It all depends on how fast you can do it, based on your database requirements.

It took approximately three months to deploy this solution and bring it into production.

We used a reseller for assistance with the implementation of this solution. They are the Mannai Corporation, here in Doha, and they are quite good.

The majority of the deployment was handled by them, and we only had two people involved. These people were our DBA and backup DBA, and they are now users of the solution.

For the maintenance of this solution, if we have an issue then we simply call Mannai and they will come and fix it.

When it comes to security solutions it is very difficult to calculate ROI. There is no clear cut ROI for which you can put a number in terms of operational effectiveness or security-related components.

This solution is definitely not expensive, and it is a small fraction of the overall database licensing costs. It is a simple add-on license, but it is not perpetual so we have to pay licensing fees every year.

We evaluated a lot of solutions before choosing this one, and some of them were used for a very long time. One of these was Imperva. The determining factor was the cost. Since we are already an Oracle customer, we received a large discount on the product.

Other than pricing, most of the solutions in the same space provide a similar type of output. The benefit of going with Oracle is, if you are using an Oracle database then the integration is quite strong internally.

If you are with Oracle completely and you do not have a mix of databases then this is a great solution. However, if you have a solution that includes a mix of databases then it has a lot of limitations.

The advantage of going with Oracle Audit Vault comes from its integration with data encryption, masking, and all of the Oracle security technologies.

Overall, this solution delivers what it is intended to do and we are quite happy with the product. There are, however, improvements required in terms of reporting.

I would rate this solution an eight out of ten.

We use this solution primarily for GDPR and PCI compliance for the bank.

We were implementing this solution for our client, who was required to do PCI compliance. Their project was initially scheduled to run over a year and a half, but by just deploying this product they were able to do the compliance reports within three months, so the time to roll out was quite significant. The time was very short, which meant the turnaround time for compliance was much shorter and the value was realized, so that is one positive aspect that we experienced with our clients.

The most valuable feature is the ability to create inbuilt reports for compliance, which have dealt with the rules made it easier. This means that we don't have to develop them from scratch, which makes life so much easier.

One of the biggest challenges that we are facing is the inability to use more than one account for the platform, so the whole organization cannot make their own compliance audits at their own pace. I think that's one feature that really is giving us a bit of a problem. That is one of our biggest challenges.

The fact that it doesn't audit the network is also quite a downfall for the product. Maybe it should be improved to allow one to log on to network devices and do audits to check compliance at that level.

Finally, the ability to integrate with well-known applications like SAP, Microsoft, and common ERP would be helpful. If it included templates that are used for audits that can be used in those platforms and checking compliance, that would be really helpful, because half the time there isn't enough documentation to help someone check the compliances of specific applications. The second bit is the ability to audit middleware, like application servers and spatial and detection platforms. That is quite lacking in this product.

It's not a stable product, especially around log management and log generation. There are lots of logs and the administration or management is not as easy as one would expect. So you need a lot of DBA and unique skills in order to handle the virtual appliances. For us it was in our domain, but I don't think for any other organization it would be easy to readminister, especially when cable spaces are full and there are other challenges.

It's very scalable. It can do real application, remote sites, and DR, so it's quite scalable. I think it's very easy to scale from that test; I think they've done well.

We've got at least 60 users, including IT demonstrators, auditors, and the risk department, so it's widely used.

It's currently used extensively at the bank because they have to measure their compliance in real time and they cannot do that without this solution. There were plans to integrate the solution with the ERT to start looking at certain components within ERT, as well as opportunities for them to expand it to be used on their distributions. I'm not too sure how far they have gone because we just deployed and left. We've not been back to these clients for this product so far.

Oracle does not have very good documentation on this. I think Oracle abandoned the product, especially on the support side. It's not really one of the most friendly platforms where you can actually find help, but we've hung in there. We hope there will be a lot more opportunities for them to improve the support, half the people you talk to don't really know how to support the product. It's just frustrating, honestly.

The documentation is there, if very basic, but it doesn't help you address some of the more technical challenges.

I had not used any other solution before Oracle. We deployed this particular solution because we are required to do PCI compliance. I don't think they could have used any other solution for this, without resorting to using lots of Excel sheets, reports, etc.

It was very straightforward to set up, not too complex.

Deployment took a month, and then the next month we set up the reports. However, the technical deployment took us only two weeks to do, including both the products and the development of the appliances. Our strategy was to deploy as is, using the standard report and customize the report as we go, instead of trying to come up with custom reports before deployment. That made it much easier, while still being adequate to satisfy the compliance department.

We are an integrator and our name is Making Solutions. So we are the ones who did the job. I only have three guys running the platform, so its quite easy to manage. From the client's staff, there are only two guys managing the platform.

They have had a good ROI because they were literally being audited and given lots of fines. All those things have disappeared within eight months. They were able to comply, submit reports on time, and actively correct whatever mistakes were picked up by the product. We use Oracle Enterprise Manager, which looks at other components to really add all the valuable information.

For the bank, the licensing cost is about $360,000, annually.

For the value and cost of being compliant, the price is worth paying, because then you don't get auditors coming in left, right and center. Our clients spend a lot of money, but they also get their compliance guaranteed, so I think it's overall saving them money.

There are no additional fees to pay.

Our client did check another provider. I forgot the name of that product, but it was a big competitor of Oracle's solution.

Those who want to implement it better have a proper detection in place, especially regarding documents. That's one thing that really drove us nuts because without having reference documentation of the platforms that they were targeting, it became a nightmare.

I would rate this solution as eight out of ten, because of the previous reasons that I gave around some of the features that are important for my clients. If it was not for that I would have given it a ten.

Audit reporting and its user-friendliness that is required by auditors are valuable features.

It provides reports that are directly related to the compliance issues, i.e., for example SOX Compliance.

Policy defining should be more user-friendly. It still should be implemented and handed over to the end users. This policy defining cannot be done by an end user. It should be implemented initially, by a person who knows the Audit Vault along with the implementing business organization and their audit requirements. There should be a system analysis carried out and then this should be implemented. If the Oracle Audit Vault can give the administration interface to the end user itself, then he/she could generate the reports that they need, just by creating the customized report formats.

I have used this solution for three years.

Some of the earlier versions have not matured enough.

There were no scalability issues.

The technical support is good. I would give them a 7 out of 10 rating because there is no as such major implementation help given by the Oracle Support. There are a few people to support the same.

It is easy to work with the Oracle ERP and Oracle Database.

It is a little bit complex. The installation, implementation and policy defining should be done by experienced technical staff.

You can use this as a good audit reporting tool and it is worth to use it as a high compliance risk tool.

The installation and configurations should be done by experienced technical people, so as to achieve project success.

We use Oracle Audit Vault to have a view of what is present on our network behind the firewall system. We use it to block threats and audit data for clients.

After we activate Oracle Audit Vault, our clients can see all of their past actions or the wrong activity done on the network. We can load most of the diagnostics for the business.

We have a situation for a bank as a client. We were able to deploy Oracle Audit Vault for them. The end-user is a key part of the system in the information department. 

For maintenance, only one person is required and he's an admin. Oracle Audit Vault was used extensively and our clients are quite comfortable with it.

We believe the product will be used for a long time.

One feature that was missing when we tried to update was the network activity analyzer. We found a request going through the database file before reaching the database. 

We don't have a database file in the middle. If it's possible to have that database file to analyze what's going on inside the network, it would be better.

Some of our customers were asking about the latency. When the application wants to get to the database, the database file is going to give some latency in operations.

The additional features we need are to be able to have the database firewall to scan the network to get the information from the database. 

I also want the database firewall to be able to block services with more granularity.

We have used Oracle technical support maybe twice. The support is nice. It was fast to install. The customer support is good.

We didn't have a previous solution. We had a company come in with IBM to produce a proprietary solution. We also did a demo. 

The initial set up was straightforward. It wasn't challenging. The implementation strategy for new customers doesn't take long. 

Our strategy is to increase the value of the software.

We used a reseller.

For the bank, the license was $48,000 last time. That was the licensing for the bank on just one license.

We had to do a demo to show management how the solution functions. That was useful for them to decide to go with Oracle Audit Vault over IBM.

Anyone can go to with Oracle Audit Vault, but be sure you know what is going on to be comfortable with it.

On a scale from one to ten, I would rate this product at 8.5. Some of the database functionality is not too good.

AVDF can monitor SQL traffic to look for alerts on and prevent unauthorized or out-of-policy SQL statements. Because the final target of external attacks is SQL, it's very effective to check SQL level. In addition, this product transparently monitors the traffic; changing the applications is not necessary.

AVDF not only has an audit function, but it also has a database firewall function that protects the database, which is an important company asset, from external attacks typified by SQL injection. It supports a wide range of databases (Oracle Database, IBM DB2, Microsoft SQL Server and so on).

By integrating two major functions (auditing and database firewall)
into a single product, it became easier to use and the scope is really wide.

I would like to see a link-state tracking feature that quickly notices network failures. The benefit would be quick detection of network disconnection in DPE (inline) mode. If there is a network disconnection inline configuration, AVDF notices the network failure, but it cannot pass a link-state to the other side of the network (NIC). The problem currently is that handling of network failure cannot be performed correctly (depending on the point of failure).

I have used it for around two years.

I actually encountered stability issues in DPE mode, but it was with the first release.

I have not encountered any scalability issues.

Technical support is now 8/10. For the first release, it was 5. It took time because technical support was dispatched to overseas teams using translation. Now, a local team can support the technical issues.

We were using the audit product for memory reference types. We chose this product because of its integration with Oracle database and because it has the DB firewall function.

Initial setup was not straightforward, because we should have considered the network environment when we decided the policy configuration. The complexity of AVDF depends on the system (network) environment. If the number of DBs to be protected is high, you should consider organizing the network environment.

AVDF is very reasonable for Oracle products. The license cost is determined by the number of DB servers that will be protected. If you integrate the DB servers or use a multitenant environment, the number of licenses can also be aggregated.

Before choosing this product, I did not evaluate other options. Although there're some competitive third-party products for individual functions, as a comprehensive product, there are no other options.

I recommend conducting a performance and availability test before implementing AVDF.