Oracle Audit Vault Reviews

We use Oracle Audit Vault to have a view of what is present on our network behind the firewall system. We use it to block threats and audit data for clients.

After we activate Oracle Audit Vault, our clients can see all of their past actions or the wrong activity done on the network. We can load most of the diagnostics for the business.

We have a situation for a bank as a client. We were able to deploy Oracle Audit Vault for them. The end-user is a key part of the system in the information department. 

For maintenance, only one person is required and he's an admin. Oracle Audit Vault was used extensively and our clients are quite comfortable with it.

We believe the product will be used for a long time.

One feature that was missing when we tried to update was the network activity analyzer. We found a request going through the database file before reaching the database. 

We don't have a database file in the middle. If it's possible to have that database file to analyze what's going on inside the network, it would be better.

Some of our customers were asking about the latency. When the application wants to get to the database, the database file is going to give some latency in operations.

The additional features we need are to be able to have the database firewall to scan the network to get the information from the database. 

I also want the database firewall to be able to block services with more granularity.

We have used Oracle technical support maybe twice. The support is nice. It was fast to install. The customer support is good.

We didn't have a previous solution. We had a company come in with IBM to produce a proprietary solution. We also did a demo. 

The initial set up was straightforward. It wasn't challenging. The implementation strategy for new customers doesn't take long. 

Our strategy is to increase the value of the software.

We used a reseller.

For the bank, the license was $48,000 last time. That was the licensing for the bank on just one license.

We had to do a demo to show management how the solution functions. That was useful for them to decide to go with Oracle Audit Vault over IBM.

Anyone can go to with Oracle Audit Vault, but be sure you know what is going on to be comfortable with it.

On a scale from one to ten, I would rate this product at 8.5. Some of the database functionality is not too good.

Our primary use case is to filter the database traffic internally and to know who is doing what in the database and why they are doing it at any point in time.

Generally, security is enhanced and monitoring traffic and data became possible using this solution rather than others. You can audit and configure notifications so that you get notified when somebody accesses particular objects within the database. It's one of the key features. 

The ability to isolate the view and who has the rights to view the audit logs is valuable to us. Senior executives can check the system, the IT team, the IT individuals, and the administrators. 

Another interesting feature is the ability to view the traffic by the IT, as well as individual machines. This can help scale down trailing traffic on the network. It makes it possible to look into a traffic jam from a particular machine by MAC and IP address.

Also, address administrators cannot go in and delete audit trails which would otherwise allow users to circumvent the audit trail. In the implementation of the Oracle Audit Vault, we can monitor not only Oracle Databases, but also monitoring, server databases that within the environment. It isn't only specific Oracle Database.

This kind of solution should supply more analytical data for the traffic that comes in. I think that that side is not as strong as some other products. However, it is stronger in other areas and superior in some ways for security. The Oracle product monitors the database and not the operating system as well which is an area that can use improvement.

The solution itself is stable, but if there is a skills gap within the department and none of the IT guys understand that in Oracle Audit Vault and Database Firewall solution things can go wrong. If customers don't train the in-house employees properly as to how the solution is deployed limited skills can result in stability issues.

After the deployment, I recommend designating two or three people to get training. I do provide a bit of information into a general report to help clients but it may not always be enough. There is also the possibility of falling back into bad habits after a while when making changes in the system.

The product is highly scalable. You can grow it by adding on multiple nodes and those nodes would definitely be able to be monitored in a server upon which you deploy an application. So there is really not any limitation on scalability. You can just add on or reduce other services within the environment. The fewer servers, the more efficient the logging. More servers may create problems for users coming through.

The Audit Vault server is isolated from the production server environment configuration, so ideally there's not any interference in terms of scalability. You could grow on demand. 

My technical expertise allows me to handle many technical trainings, in Blackberry and other solutions for Oracle, for Oracle customers in Nigeria, in Ghana, in Zambia, in Tanzania, and in Kenya. I handle many Oracle customers. They purchase through a local Technology Associate which is an Oracle partner here. Oracle has contacted me in the past to handle issues because I am able to deploy that solution. 

As a consultant, I install different products based on client need. I have experience also with Imperva SecureSphere Database Security and IBM Guardian which are products I still recommend and deploy.

This product is not very easy to set up. You set up separate machines and it's isolated from the production environment and the other system which you're auditing. After that, you just point the IP addresses on which production cybers are running. Then it starts monitoring them. 

Sometimes there have to be additional changes within the database, within the production server, and some other basic configurations. For example, in 12C you have unified audit trail, and in other versions of Oracle like 9-9, 10G, 11G, you don't have the unified auditing. Unified auditing in 12C is a bit complex so you have to configure it to log the traffic activities. Another example is doing what we call a 'petition auditing' whereby you use triggers to audit.

If a client wants to capture all database traffic to all the servers for both successful logins and unsuccessful logins and store a complete audit trail data and that cannot be tampered with by the administrators, this takes additional setup. Assigning user privileges can take some time to do correctly so users cannot misuse their privileges.

Generation of distributional reports, tracking the sign off of those reports, encryption of tentative data in the database all need to be configured since Oracle has other features such as Transparent Database Encryption, TDE. 

Because of my experience with the solution, I am able to deploy within three to five days. But the whole system needs to be considered. Machines must have enough processing power and the storage for the audit trail data because that data can grow rapidly if not monitored well. Storage can become a challenge. 

With deep knowledge and understanding of these technologies, I can seamlessly and quickly deploy the solution. It will be far more difficult for users who are not already familiar with the solution.

I've seen a return on investment for many customers though it is hard to tell exactly. For me, having clients with successful, useful deployments means my business continues to be successful. For clients the superior security, power, customizability and reasonable ease of use return in time savings and secure data.

On licensing, Oracle is very expensive. Oracle handles the licensing. I just do the deployment. Especially now that they are moving towards the cloud, cloud licensing becomes very expensive. Maybe sales guys do not always advise customers better as to the advantages, but customers generally have a fear of the costs of licensing for Oracle specifically.

In terms of cost, in addition to the standard licensing fees, there are add-ons. It costs in resources and software as well as deployment to create and manage a complete set of Cloud services, including infrastructure as a service, creditors service, customer service, etc. 

I've recommended that for monitoring purposes and management capability and even for non-Oracle databases approach to go for Enterprise Manager Cloud Control. Just deployment of this firewall without Cloud Control will not get most users optimal value. 

Technology keeps evolving all the time. I think one needs to really do a lot of research and innovation to get to know what's new in different products before they can acquire any product at all. It's very important. For me, before I advise the customer on the product or upgrade, I do comprehensive research.

Again, as a consultant, our job is to provide the best solution for a particular client's needs. We are constantly evaluating products to keep flexible and make the base deployments. For example, if the client basically uses everything purely Oracle it usually makes sense to go with Oracle Audit Vault.

I would rate Oracle Audit Vault an eight out of ten. The features are there, but the users don't know how to take full advantage of them. I would strongly recommend that, when evaluating products, they need to understand the key features to leverage them. 

But again, at the end of the day, it's the mandate of the sales guy to get the customers to understand the product as they go to buy. If a sales guy is not selling well then there's a challenge. I'll pick out the key important features that will provide the most value. 

I always try to educate clients and tell them to spread out and do a proper proof of concept. If another product is better for resolving specific issues, it is the one they should deploy.

We use this solution to provide for separation of duties based on database encryption.

We use the separation of duty feature because part of the database is encrypted, and the database administrators, such as myself, should have no access to this area. It belongs to the security team.

Right now, the ownership of the database is automatically given to the database administrator. I would like to have a software solution, separate from the Oracle product itself, to assign ownership of the database to a specific team, being our security team, rather than the default owner.

One feature that is missing is the ability to have a secret server that is always encrypted. I would like to see this in the next release of this solution.

The solution is very stable and reliable.

I would say that the scalability of this solution is medium.

The users include the database team, which has fifteen people, and in some areas of the business, there are in excess of fifty.

We are not currently planning to expand the use of this product.

Technical support for this solution is very good. It is strong.

I would say that the initial setup was of medium difficulty.

We used an Oracle consultant to assist us with the implementation.

I use this solution once or twice per month.

I would rate this solution an eight out of ten.

We have a few applications that use the Oracle Audit Vault as a broker service to log into the application. It uses the credentials provided by this solution. We are not using the firewall component.

This solution acts as a complete data warehouse for our audit data. Anytime we need to search for details about what happened, from a proactive monitoring perspective, or react to see what access permissions were granted or denied, we can look at this.

We have an alert mechanism implemented, and we also use some of the built-in reports. The reports are typically used by management, and we have a risk management dashboard. Management looks at the reports, and the indicators in them, to determine what level the security has been at over the past month. They can tell whether it has improved or gone down.

The most valuable feature is that Oracle Access Vault is integrated with our SIM (Security Information Management tool), which gives us a complete picture of what access is being provisioned in our organization. We do not use the interface provided by Oracle Audit Vault, except to export the data into our SIM.

The reporting is an area of the solution that needs to be improved.

Customized reporting is something that we are struggling with, and it is quite tough for us. Every time we need to prepare a custom report, we have to involve the vendor. This is unlike other solutions where the reports are easy to customize.

Another problem with reporting emerges on the topic of compliance and certain international standards. The standard set of reports do not provide sufficient details for the PCS and ISO standards.

It is important to have better integration with most of the tools to manage unstructured data or SIM solutions. If we change vendors for our SIM then we want to have the best possible support.

This product is quite stable and robust. We have not faced any issues with respect to stability in the past few years.

We do not have heavy requirements in terms of scalability on our end, so I am unsure.

We currently have between ten and twelve users. These people are middle management, our database administrator, and I am the Data Center Lead.

This solution is extensively used on a daily basis, as it is one of the pillars of our overall monitoring solution. We have no plans to increase usage at this time.

Since our first contact with Mannai, they have been able to resolve most of our issues. Only in cases of problems that they cannot fix will they raise an SR with Oracle. Generally, they are quite capable.

We did not use a specific solution prior to this one.

We do not use the database firewall component that is included with this solution. For our database activity monitoring, we rely on IBM Guardium.

The installation itself is quite straightforward, but the configuration does not happen at the same time. We have fine-tuned our configuration over the past year or two, which has reduced the high number of false positives. We now only receive clear, actionable alerts. Most of these kinds of tools require a lot of fine-tuning to be done, based on your environment. It all depends on how fast you can do it, based on your database requirements.

It took approximately three months to deploy this solution and bring it into production.

We used a reseller for assistance with the implementation of this solution. They are the Mannai Corporation, here in Doha, and they are quite good.

The majority of the deployment was handled by them, and we only had two people involved. These people were our DBA and backup DBA, and they are now users of the solution.

For the maintenance of this solution, if we have an issue then we simply call Mannai and they will come and fix it.

When it comes to security solutions it is very difficult to calculate ROI. There is no clear cut ROI for which you can put a number in terms of operational effectiveness or security-related components.

This solution is definitely not expensive, and it is a small fraction of the overall database licensing costs. It is a simple add-on license, but it is not perpetual so we have to pay licensing fees every year.

We evaluated a lot of solutions before choosing this one, and some of them were used for a very long time. One of these was Imperva. The determining factor was the cost. Since we are already an Oracle customer, we received a large discount on the product.

Other than pricing, most of the solutions in the same space provide a similar type of output. The benefit of going with Oracle is, if you are using an Oracle database then the integration is quite strong internally.

If you are with Oracle completely and you do not have a mix of databases then this is a great solution. However, if you have a solution that includes a mix of databases then it has a lot of limitations.

The advantage of going with Oracle Audit Vault comes from its integration with data encryption, masking, and all of the Oracle security technologies.

Overall, this solution delivers what it is intended to do and we are quite happy with the product. There are, however, improvements required in terms of reporting.

I would rate this solution an eight out of ten.

We use this solution primarily for GDPR and PCI compliance for the bank.

We were implementing this solution for our client, who was required to do PCI compliance. Their project was initially scheduled to run over a year and a half, but by just deploying this product they were able to do the compliance reports within three months, so the time to roll out was quite significant. The time was very short, which meant the turnaround time for compliance was much shorter and the value was realized, so that is one positive aspect that we experienced with our clients.

The most valuable feature is the ability to create inbuilt reports for compliance, which have dealt with the rules made it easier. This means that we don't have to develop them from scratch, which makes life so much easier.

One of the biggest challenges that we are facing is the inability to use more than one account for the platform, so the whole organization cannot make their own compliance audits at their own pace. I think that's one feature that really is giving us a bit of a problem. That is one of our biggest challenges.

The fact that it doesn't audit the network is also quite a downfall for the product. Maybe it should be improved to allow one to log on to network devices and do audits to check compliance at that level.

Finally, the ability to integrate with well-known applications like SAP, Microsoft, and common ERP would be helpful. If it included templates that are used for audits that can be used in those platforms and checking compliance, that would be really helpful, because half the time there isn't enough documentation to help someone check the compliances of specific applications. The second bit is the ability to audit middleware, like application servers and spatial and detection platforms. That is quite lacking in this product.

It's not a stable product, especially around log management and log generation. There are lots of logs and the administration or management is not as easy as one would expect. So you need a lot of DBA and unique skills in order to handle the virtual appliances. For us it was in our domain, but I don't think for any other organization it would be easy to readminister, especially when cable spaces are full and there are other challenges.

It's very scalable. It can do real application, remote sites, and DR, so it's quite scalable. I think it's very easy to scale from that test; I think they've done well.

We've got at least 60 users, including IT demonstrators, auditors, and the risk department, so it's widely used.

It's currently used extensively at the bank because they have to measure their compliance in real time and they cannot do that without this solution. There were plans to integrate the solution with the ERT to start looking at certain components within ERT, as well as opportunities for them to expand it to be used on their distributions. I'm not too sure how far they have gone because we just deployed and left. We've not been back to these clients for this product so far.

Oracle does not have very good documentation on this. I think Oracle abandoned the product, especially on the support side. It's not really one of the most friendly platforms where you can actually find help, but we've hung in there. We hope there will be a lot more opportunities for them to improve the support, half the people you talk to don't really know how to support the product. It's just frustrating, honestly.

The documentation is there, if very basic, but it doesn't help you address some of the more technical challenges.

I had not used any other solution before Oracle. We deployed this particular solution because we are required to do PCI compliance. I don't think they could have used any other solution for this, without resorting to using lots of Excel sheets, reports, etc.

It was very straightforward to set up, not too complex.

Deployment took a month, and then the next month we set up the reports. However, the technical deployment took us only two weeks to do, including both the products and the development of the appliances. Our strategy was to deploy as is, using the standard report and customize the report as we go, instead of trying to come up with custom reports before deployment. That made it much easier, while still being adequate to satisfy the compliance department.

We are an integrator and our name is Making Solutions. So we are the ones who did the job. I only have three guys running the platform, so its quite easy to manage. From the client's staff, there are only two guys managing the platform.

They have had a good ROI because they were literally being audited and given lots of fines. All those things have disappeared within eight months. They were able to comply, submit reports on time, and actively correct whatever mistakes were picked up by the product. We use Oracle Enterprise Manager, which looks at other components to really add all the valuable information.

For the bank, the licensing cost is about $360,000, annually.

For the value and cost of being compliant, the price is worth paying, because then you don't get auditors coming in left, right and center. Our clients spend a lot of money, but they also get their compliance guaranteed, so I think it's overall saving them money.

There are no additional fees to pay.

Our client did check another provider. I forgot the name of that product, but it was a big competitor of Oracle's solution.

Those who want to implement it better have a proper detection in place, especially regarding documents. That's one thing that really drove us nuts because without having reference documentation of the platforms that they were targeting, it became a nightmare.

I would rate this solution as eight out of ten, because of the previous reasons that I gave around some of the features that are important for my clients. If it was not for that I would have given it a ten.

It is used as a central audit repository and reporting for all my databases, which has reduced the stress of collecting database event logs in silos from each database.

Out-of-the-box policies ensure our compliance with standards like SOX, ISO 27001, and so on.

The critical event alerts and reporting features have greatly reduced loss of man hours that would have been spent on going through the whole audit event logs.

An easy, friendly user interface would be nice to have, since this would enable administrators to identify important events with a prompt response.

AVDF can monitor SQL traffic to look for alerts on and prevent unauthorized or out-of-policy SQL statements. Because the final target of external attacks is SQL, it's very effective to check SQL level. In addition, this product transparently monitors the traffic; changing the applications is not necessary.

AVDF not only has an audit function, but it also has a database firewall function that protects the database, which is an important company asset, from external attacks typified by SQL injection. It supports a wide range of databases (Oracle Database, IBM DB2, Microsoft SQL Server and so on).

By integrating two major functions (auditing and database firewall)
into a single product, it became easier to use and the scope is really wide.

I would like to see a link-state tracking feature that quickly notices network failures. The benefit would be quick detection of network disconnection in DPE (inline) mode. If there is a network disconnection inline configuration, AVDF notices the network failure, but it cannot pass a link-state to the other side of the network (NIC). The problem currently is that handling of network failure cannot be performed correctly (depending on the point of failure).

I have used it for around two years.

I actually encountered stability issues in DPE mode, but it was with the first release.

I have not encountered any scalability issues.

Technical support is now 8/10. For the first release, it was 5. It took time because technical support was dispatched to overseas teams using translation. Now, a local team can support the technical issues.

We were using the audit product for memory reference types. We chose this product because of its integration with Oracle database and because it has the DB firewall function.

Initial setup was not straightforward, because we should have considered the network environment when we decided the policy configuration. The complexity of AVDF depends on the system (network) environment. If the number of DBs to be protected is high, you should consider organizing the network environment.

AVDF is very reasonable for Oracle products. The license cost is determined by the number of DB servers that will be protected. If you integrate the DB servers or use a multitenant environment, the number of licenses can also be aggregated.

Before choosing this product, I did not evaluate other options. Although there're some competitive third-party products for individual functions, as a comprehensive product, there are no other options.

I recommend conducting a performance and availability test before implementing AVDF.

Audit reporting and its user-friendliness that is required by auditors are valuable features.

It provides reports that are directly related to the compliance issues, i.e., for example SOX Compliance.

Policy defining should be more user-friendly. It still should be implemented and handed over to the end users. This policy defining cannot be done by an end user. It should be implemented initially, by a person who knows the Audit Vault along with the implementing business organization and their audit requirements. There should be a system analysis carried out and then this should be implemented. If the Oracle Audit Vault can give the administration interface to the end user itself, then he/she could generate the reports that they need, just by creating the customized report formats.

I have used this solution for three years.

Some of the earlier versions have not matured enough.

There were no scalability issues.

The technical support is good. I would give them a 7 out of 10 rating because there is no as such major implementation help given by the Oracle Support. There are a few people to support the same.

It is easy to work with the Oracle ERP and Oracle Database.

It is a little bit complex. The installation, implementation and policy defining should be done by experienced technical staff.

You can use this as a good audit reporting tool and it is worth to use it as a high compliance risk tool.

The installation and configurations should be done by experienced technical people, so as to achieve project success.