Oracle Audit Vault Reviews

We use this solution for regulatory compliance and reporting for the enterprise. This augments regular compliance and risk management solutions.

The organizations and clientele we work with include public sector and private sector businesses in the Financial Services industry, where they host data from global partners. The EU citizens and businesses now demand that GDPR be in place in order to host their data.

It has provided us with a unique opportunity to automate risk discovery.

The system provides both an audit system and a security solution through the database firewall that protects the data and databases being accessed.

The system uses BU internal risk management and audit teams for ease of IT and systems audits.

The most valuable features of this solution are:

• Autonomous data collection.
• Ease of deployment to work and integrate with heterogeneous platforms.
• Reporting infrastructure is awesome and very flexible.
• The interfaces are intuitive and easy to use and navigate through.
• The solution has a well designed RBAC for the support of the business and it is secure.

We would like to see the ability to administer and manage the solution through Enterprise Manager 13c, and development of the dashboards that are generally missing.

The system needs to be easy to manage, especially in terms of space management.

There is little to no technical references and use cases pointing to the resolution of technical challenges during implementation. Better documentation would be helpful.

The product is stable but extremely sensitive.

It is rather difficult to scale, but it works perfectly.

The technical support at Oracle is weak, but the documentation provided is detailed and good.

Unfortunately, there is little information available on Oracle MOS.

We have always used the product alongside Imperva.

This initial setup of this solution is straightforward.

Our solution was delivered through an Oracle partner, Nexim Solutions.

Our ROI was almost immediate.

It is affordable but technical skills are required to architect and set up the system.

We evaluated Imperva and Tivoli before choosing this solution.

Oracle Database Firewall, Database Vault and Data hiding tools present a layered security approach to protecting, controlling, auditing and hiding sensitive data and access to sensitive data.

The following key features make this product a valuable tool:

• Transparent database activity monitoring over the network - minimum changes to the database client and server configuration, and no additional load on the network or on the database servers being monitored. Hence, it doesn’t affect the performance.
• Capability to block unauthorized database activity (such as SQL injection attacks) using a specialized grammar analysis that allows accurate enforcement of activity whitelists and blacklists.
• Comprehensive database activity based on consolidated database logs, securely stored in a centralized, enterprise-scale repository ensuring ease of monitoring.
• Centralized data security auditing across the enterprise, achieved by consolidating OS, directory, and other logs into the same centralized repository.
• Fine-grained, correlated alerting based on analysis and policy enforcement of consolidated logs
• Out-of-the-box audit reporting across multiple sources (e.g., Oracle and non-Oracle databases, directory and OS) to satisfy common regulatory requirements such as PCI, DSS, SOX and other compliance regimes.
• Custom reports and powerful BI tools that allow organizations to go as deep as necessary for forensic analysis or e-discovery purposes.
• Easy-to-deploy software appliance based on hardened operating system and database that does not require database administrator (DBA) skills, allowing the solution to be owned and managed by IT security staff.
• Alert on suspicious and unauthorized activities in real time. Review user rights, identify dormant users and excessive privileges.
• Detect and monitor changes to stored procedures.

Oracle Audit Vault and Database Firewall expands protection beyond Oracle and third party databases with support for auditing the operating system, directories and custom sources. Our client needed a product which can provide a holistic approach to the whole enterprise in terms of security, monitoring and auditing security which is exactly what this product provided.

Although Oracle Audit Vault and Database Firewall serves as a critical detective and preventive control to protect against the abuse of legitimate access to databases responsible for almost all data breaches and cyber attacks, using Database Firewall to identify and capturing audit logs of real users, especially on applications using generic users to access the database, is an uphill task. More so, to correlate suspicious SQL to the originating end user.

Reduces the complexity of setting up the appliance, especially on large application systems with generic users using CLIENT_IDENTIFIER on the database to capture audit trails.

I have managed to interact with this product for a period of two years, working as a consultant to implement for one of our clients in the banking industry.

There are not many issues with stability on the latest version of the product.

Since the appliance runs on the enterprise Oracle database, scalability is not an issue unless limited by licensing.

Oracle has one of the most robust Oracle support systems to its paid customers. They also provide a lot of documentation, including installation and administration guides.

I have not used any other solutions.

Setting up the appliance for the first time can be a little bit difficult. Knowledge of Oracle database setup and use is required.

Oracle Database Security solutions provide you with the most comprehensive and advanced security offerings that help reduce the costs and complexity of securing their business information across the enterprise.

I was dealing with a client who already purchased the appliance and was looking for an implementation team to do the setup and maintenance in their environments.

One of the most valuable features is the ability to audit database use. It conformed well. We set it up the way we wanted it.

It took the onus off of the database and put it on a separate machine.

I see room for improvement in almost all areas. The most important area is with custom reports. It was extremely difficult to create a report. The process to customize the reports requires a lot of research into how to code it. It takes advanced coding skills and is not intuitive. I couldn’t get them to work and I have a background in code writing.

The page for creating custom reports didn’t have an interface. The default reports did not suit our needs. There was no easy way to create reports – I had to look at the code that created the default reports and figure out how to change them to get the information we needed.

I worked with this solution for two years.

We constantly have stability issues. The product puts an agent on each managed server to process audit information. The agents were constantly going down without warning and missed auditing data.

Any upgrade or patch required a complete reinstall. This was inconvenient.

We have used technical support. The SRs we opened with Oracle were ignored because no one had any experience with the product. A Level 1 (production down) ticket went unanswered for weeks.

The installation took a blank server and installed Oracle Linux, Oracle Database 11.2.0.4, and the web-based application at once. Setting it up was an adventure and the documentation was poor.

Good luck.

We use this solution to provide for separation of duties based on database encryption.

We use the separation of duty feature because part of the database is encrypted, and the database administrators, such as myself, should have no access to this area. It belongs to the security team.

Right now, the ownership of the database is automatically given to the database administrator. I would like to have a software solution, separate from the Oracle product itself, to assign ownership of the database to a specific team, being our security team, rather than the default owner.

One feature that is missing is the ability to have a secret server that is always encrypted. I would like to see this in the next release of this solution.

The solution is very stable and reliable.

I would say that the scalability of this solution is medium.

The users include the database team, which has fifteen people, and in some areas of the business, there are in excess of fifty.

We are not currently planning to expand the use of this product.

Technical support for this solution is very good. It is strong.

I would say that the initial setup was of medium difficulty.

We used an Oracle consultant to assist us with the implementation.

I use this solution once or twice per month.

I would rate this solution an eight out of ten.

The two most valuable features of this product are:

• Database access control
• Auditing of users

First of all, it is very easy to configure users and their appropriate roles and permissions on a database. The product allows us to set rules and restrictions at very minute levels.

Secondly, it audits user activities and presents relevant information in graphs and tabular formats; includes details, such as time, query and objects. We can create custom alerts for transactions and monitor and block incoming requests.

It also helps in IT auditing as we can retrieve required information in a matter of clicks.

Information technology outsourcing: Audit Vault and Database Firewall has helped us in many ways; specifically, to restrict and control access to data. It also has helped us identify/recover from many accidental transactions. The product has helped us to organize and monitor different applications and their transactions.

Using the features provided by this product, we have implemented restrictions on data access for individual users accessing the application to perform activities on the database. Restrictions/monitoring can be configured for column/row level as well. With Oracle Audit Vault and Database Firewall, you can create alerts for suspicious activity, create changes to privileged users, create historical reports on schema changes and data-level access. Audit Vault also can audit OS and network events. It can also be used to audit other databases (such as MYSQL, IBM, etc.) and databases in the cloud.

According to Oracle, the best practice is that Audit Vault Server and DB Firewall should be deployed on different boxes (servers). There is no option to co-locate them together. If you wish to deploy AV server and Database Firewall, you will need two servers; one dedicated to Database Firewall and the other dedicated to AV Server.

I have been using this product for over 1.5 years.

We haven’t had any stability issues as yet, as you can even configure for HA (High Availability) as well.

Security controls can be customized with in-line monitoring and blocking on some databases and monitoring only on other databases. The Database Firewall can be deployed in-line, out-of-band, or in proxy mode to work with the available network configurations.

For monitoring remote servers, the Audit Vault Agent on the database server can forward the network traffic to the Database Firewall. Delivered as a soft appliance, a single Audit Vault Server can consolidate audit logs and firewall events from thousands of databases.

Both Audit Vault Server and the Database Firewall can be configured in a HA mode for fault tolerance.

Technical support, both online at support.oracle.com and the ability to contact and create service requests with Oracle, gives a lot of room for the end user to play with. Oracle is also a very mature solution and has support for all kinds of implementations and administration tasks, and even has mature documentation regarding errors and possible alerts that may arise.

Previously, we were using Oracle Database default auditing and security measures, but always faced problems in reading audit data and creating custom alerts and reports. It is also limited to the amount of data to restriction that can be applied, such as auditing of unknown connections.

Installation and configuration of Oracle Audit Vault and Database Security is very simple and a server can be deployed in a matter of minutes once the media is in hand.

Oracle provides highly stable and well-documented products and their support assures value for your money.

If an organization is interested in additional security over their Oracle database, this is the best option available, as it is easy to deploy and configure.

• Audit log collection from a heterogeneous RDBMS environment
• Offers warehouse-based control over the log DB in a secured and encrypted way

Additionally, it offers a RAC option along with DB vault configuration.

I am in the training field and I can express my views based on that experience only. This is a configuration-based product that offers you full control of the audit settings and the configurations. It helps in generating all the required reports as per the compliance. It even helps in customizing the reports as per your choice.

There are multiple banks that are either using it or they are going to implement this tool in the Asian and African countries. They are attaching it to their core banking system. The latest version for Audit Vault is 12c and some of the valuable features are:

• Audit logs are now out of reach: Superusers (SYS), DBAs and OS Admins can’t remove them.

• Logs are completely safe in the warehouse: Encrypted and protected by the DB vault.

• Faster access to logs: Partitioning is available.
• Alert configuration (email-based, desktop)

• High availability of the log server: Limited use of the RAC option.

• Compliance-based reporting with attestation option. Customization is also possible.

• Works transparently with the application. No coding required.

There were some bugs in beginning. Oracle has given us some patches for that. Now, we also have the Audit Vault and Database Firewall Product version 12c in the market with more features.

I have been using this tool for seven years.

We did encounter some stability issues. There are lots of bugs in the starting version but most of them are patched; the latest versions are much stable.

I haven’t tried the scalability option.

The support is good. I would give it a rating of 9/10.

We were not using any other solution.

Initial setup was complicated. Earlier, when I started working on the product, at that time, there were a lot of bugs in it and even the support and documentation was also not available. Now, things are better but still sometimes a few of the installation steps create confusion.

It’s a value-for-money product. It offers multiple features of the Oracle RDBMS indirectly to you for the Audit Vault repository database.

We did not evaluate other options.

I would recommend to compare this product with its competitors. Also, analyze your company requirements, and finally, take the decision based on the need and support you are getting from the vendor.

The out-of-the-box reports feature is most valuable because it covers most of the useful auditing features that you might need.

I haven’t used this product at my current job but I implemented it at a couple of other organizations, as a technical consultant. What they really wanted to do was to be able to check who is doing what with their sensitive data and they achieved that.

I am not sure for the latest version but for previous versions, there were some configuration bugs when connecting Audit Vault Agent with Audit Vault Server.

I have used this product for five years.

If you use the DB AUD$ option, you have to be careful because this table might fill up your database without any notifications.

I have not encountered any scalability issues.

I would give the technical support a 7/10 rating.

We previously did not use any other solution.

The initial setup was a bit complex for versions 10-11. However, the setup for version 12 is straightforward.

In my opinion, the license cost is worth the work that the product is doing.

I haven’t evaluated other options because there were only Oracle environments.

If you are implementing this product, I would advise not to audit the whole database since that will cause you a lot of trouble. You need to plan very well of what needs to be audited.

It is used as a central audit repository and reporting for all my databases, which has reduced the stress of collecting database event logs in silos from each database.

Out-of-the-box policies ensure our compliance with standards like SOX, ISO 27001, and so on.

The critical event alerts and reporting features have greatly reduced loss of man hours that would have been spent on going through the whole audit event logs.

An easy, friendly user interface would be nice to have, since this would enable administrators to identify important events with a prompt response.