Oracle Audit Vault Reviews

Protection, audit, and security of the database are valuable features.

It provides us with access protection. It gives audit access to the data that the user doesn't have permission to access.

All departments of this product need to be improved.

The goal of the project was to audit the operation of the departments. However, the other departments, such as sales and finance, were audited during the project too.

We began to audit the database transactions of the operations department software. We saw that it was good. We then implemented the audit in the software for the other departments as well.

I have used this solution for a year, as a project for the customer.

I had problems with the old versions this product. Today, it's more stable.

There were no scalability issues.

I would give the technical support a rating of 9/10.

The setup was complex because you have to understand which data needs protection.

We looked at other solutions, such as firewall protection tools and audit triggers in the database.

Learn how to install it and know how to protect your data.

The following features of the product provide additional benefits for the user:

• If it's from an Oracle family, we can get quick support from Oracle support.
• Reporting screens are more useful, we can get many summary reports very quickly.
• Compared to previous versions, agent operation logic has been changed. The agent is now managed only, not collector + agent. This makes it easy.

• It has the added advantage of having a database firewall feature that is not in previous versions or other equivalent products.

Before this product was used in the company, the tables with some critical presets were checked with the triggers on them. The old and new versions of the changing records were written to another table. These triggers caused the database system to incur extra CPU and IO spending. It was also difficult to maintain and manage. We were also unable to provide a wide variety of reports that the audit department wanted.

By using the product, we could log the audit records, generate various reports, send these reports to the relevant administrators by attaching these reports to the mail, without exposing the main database system too much. In this way, it has contributed to accelerate the business processes of the company by providing audit trail requests much faster.

We were using Audit Vault 10.3 before and could not migrate to the new version (AVDF 12.1 and 12.2) (because Oracle support said it was not possible) and we continued to get old Audit Vault databases when we needed old audit records, and we could not remove our dependency. Audit records can be migrated from the old system to the new system.

To be able to produce intelligent reports, the ability to analyze the reports must be given.

I have been using this solution for one year.

In the previous version, when the aud$ and fga_log$ tables reached a certain size, the collectors sometimes shut down and it took too long to get reports from the AV console. So it was not working in a stable manner. I can say that the new versions are stable.

In the Auditor role of about 5 people, this can be scaled for our company as there is no performance problem in getting the report at the same time, but there may be a performance problem depending on the increase in the number of users in the future. This is somewhat in direct proportion to the number of users.

There are a few people who are experienced in Audit Vault with local technical support, and I hope this number will increase. In case of problems, we receive global support from Oracle support, but not as fast as the database issues are getting back on their return, so my rate is 3/5.

We did a week of PoC work for each of the other equivalent products before purchasing this product. These products were IBM InfoSphere Guardium and Imperva SecureSphere. We have reviewed and compared the capabilities of each product and the reports it produces.

Some of the most basic reasons for choosing Oracle's AVDF product are:

• User friendly (easy to use because it is not complicated to use).
• As a company we also use many different Oracle products. So, if we are blocked by global technical support, we can escalate the situation with local Oracle.
• The price of the product is not higher than the others.

We had problems installing the old version, and since it did not have a lot of resources, the setup took a few days, but there are a lot of radical changes in the new version. Audit Vault's own database and its own operating system come in a single .iso file. There is good documentation out there that describes the process step-by-step and you will not have much difficulty, even in the first installation.

The important thing is to use the most suitable product for our company for many years (every 1-2 years to change the product to force the company). We must make good decisions about our needs, make PoC studies diligently and compare the advantages and disadvantages of the products. If we specify the ideal product for us, pricing and licensing should be important in the second place.

We first evaluated other options at the technical level and then at the senior management level. These were: IBM InfoSphere Guardium and Imperva SecureSphere.

My recommendations are:

• Users in the Avadmin and Avauditor roles should be designated so that the maintenance of the product and the database and the daily checks are not neglected.
• Providing added value by generating custom reports for your company other than the default reporting features
• Some reports are sent automatically at certain hours by attaching as .csv, .html or .pdf in mails
• The only source we can log Audit records for is not Oracle, but also MySQL, MS SQL Server, Sybase, IBM DB2, and so on. We need to remember that we can also monitor the source systems.

• Audit log collection from a heterogeneous RDBMS environment
• Offers warehouse-based control over the log DB in a secured and encrypted way

Additionally, it offers a RAC option along with DB vault configuration.

I am in the training field and I can express my views based on that experience only. This is a configuration-based product that offers you full control of the audit settings and the configurations. It helps in generating all the required reports as per the compliance. It even helps in customizing the reports as per your choice.

There are multiple banks that are either using it or they are going to implement this tool in the Asian and African countries. They are attaching it to their core banking system. The latest version for Audit Vault is 12c and some of the valuable features are:

• Audit logs are now out of reach: Superusers (SYS), DBAs and OS Admins can’t remove them.

• Logs are completely safe in the warehouse: Encrypted and protected by the DB vault.

• Faster access to logs: Partitioning is available.
• Alert configuration (email-based, desktop)

• High availability of the log server: Limited use of the RAC option.

• Compliance-based reporting with attestation option. Customization is also possible.

• Works transparently with the application. No coding required.

There were some bugs in beginning. Oracle has given us some patches for that. Now, we also have the Audit Vault and Database Firewall Product version 12c in the market with more features.

I have been using this tool for seven years.

We did encounter some stability issues. There are lots of bugs in the starting version but most of them are patched; the latest versions are much stable.

I haven’t tried the scalability option.

The support is good. I would give it a rating of 9/10.

We were not using any other solution.

Initial setup was complicated. Earlier, when I started working on the product, at that time, there were a lot of bugs in it and even the support and documentation was also not available. Now, things are better but still sometimes a few of the installation steps create confusion.

It’s a value-for-money product. It offers multiple features of the Oracle RDBMS indirectly to you for the Audit Vault repository database.

We did not evaluate other options.

I would recommend to compare this product with its competitors. Also, analyze your company requirements, and finally, take the decision based on the need and support you are getting from the vendor.

Oracle Database Firewall, Database Vault and Data hiding tools present a layered security approach to protecting, controlling, auditing and hiding sensitive data and access to sensitive data.

The following key features make this product a valuable tool:

• Transparent database activity monitoring over the network - minimum changes to the database client and server configuration, and no additional load on the network or on the database servers being monitored. Hence, it doesn’t affect the performance.
• Capability to block unauthorized database activity (such as SQL injection attacks) using a specialized grammar analysis that allows accurate enforcement of activity whitelists and blacklists.
• Comprehensive database activity based on consolidated database logs, securely stored in a centralized, enterprise-scale repository ensuring ease of monitoring.
• Centralized data security auditing across the enterprise, achieved by consolidating OS, directory, and other logs into the same centralized repository.
• Fine-grained, correlated alerting based on analysis and policy enforcement of consolidated logs
• Out-of-the-box audit reporting across multiple sources (e.g., Oracle and non-Oracle databases, directory and OS) to satisfy common regulatory requirements such as PCI, DSS, SOX and other compliance regimes.
• Custom reports and powerful BI tools that allow organizations to go as deep as necessary for forensic analysis or e-discovery purposes.
• Easy-to-deploy software appliance based on hardened operating system and database that does not require database administrator (DBA) skills, allowing the solution to be owned and managed by IT security staff.
• Alert on suspicious and unauthorized activities in real time. Review user rights, identify dormant users and excessive privileges.
• Detect and monitor changes to stored procedures.

Oracle Audit Vault and Database Firewall expands protection beyond Oracle and third party databases with support for auditing the operating system, directories and custom sources. Our client needed a product which can provide a holistic approach to the whole enterprise in terms of security, monitoring and auditing security which is exactly what this product provided.

Although Oracle Audit Vault and Database Firewall serves as a critical detective and preventive control to protect against the abuse of legitimate access to databases responsible for almost all data breaches and cyber attacks, using Database Firewall to identify and capturing audit logs of real users, especially on applications using generic users to access the database, is an uphill task. More so, to correlate suspicious SQL to the originating end user.

Reduces the complexity of setting up the appliance, especially on large application systems with generic users using CLIENT_IDENTIFIER on the database to capture audit trails.

I have managed to interact with this product for a period of two years, working as a consultant to implement for one of our clients in the banking industry.

There are not many issues with stability on the latest version of the product.

Since the appliance runs on the enterprise Oracle database, scalability is not an issue unless limited by licensing.

Oracle has one of the most robust Oracle support systems to its paid customers. They also provide a lot of documentation, including installation and administration guides.

I have not used any other solutions.

Setting up the appliance for the first time can be a little bit difficult. Knowledge of Oracle database setup and use is required.

Oracle Database Security solutions provide you with the most comprehensive and advanced security offerings that help reduce the costs and complexity of securing their business information across the enterprise.

I was dealing with a client who already purchased the appliance and was looking for an implementation team to do the setup and maintenance in their environments.

The two most valuable features of this product are:

• Database access control
• Auditing of users

First of all, it is very easy to configure users and their appropriate roles and permissions on a database. The product allows us to set rules and restrictions at very minute levels.

Secondly, it audits user activities and presents relevant information in graphs and tabular formats; includes details, such as time, query and objects. We can create custom alerts for transactions and monitor and block incoming requests.

It also helps in IT auditing as we can retrieve required information in a matter of clicks.

Information technology outsourcing: Audit Vault and Database Firewall has helped us in many ways; specifically, to restrict and control access to data. It also has helped us identify/recover from many accidental transactions. The product has helped us to organize and monitor different applications and their transactions.

Using the features provided by this product, we have implemented restrictions on data access for individual users accessing the application to perform activities on the database. Restrictions/monitoring can be configured for column/row level as well. With Oracle Audit Vault and Database Firewall, you can create alerts for suspicious activity, create changes to privileged users, create historical reports on schema changes and data-level access. Audit Vault also can audit OS and network events. It can also be used to audit other databases (such as MYSQL, IBM, etc.) and databases in the cloud.

According to Oracle, the best practice is that Audit Vault Server and DB Firewall should be deployed on different boxes (servers). There is no option to co-locate them together. If you wish to deploy AV server and Database Firewall, you will need two servers; one dedicated to Database Firewall and the other dedicated to AV Server.

I have been using this product for over 1.5 years.

We haven’t had any stability issues as yet, as you can even configure for HA (High Availability) as well.

Security controls can be customized with in-line monitoring and blocking on some databases and monitoring only on other databases. The Database Firewall can be deployed in-line, out-of-band, or in proxy mode to work with the available network configurations.

For monitoring remote servers, the Audit Vault Agent on the database server can forward the network traffic to the Database Firewall. Delivered as a soft appliance, a single Audit Vault Server can consolidate audit logs and firewall events from thousands of databases.

Both Audit Vault Server and the Database Firewall can be configured in a HA mode for fault tolerance.

Technical support, both online at support.oracle.com and the ability to contact and create service requests with Oracle, gives a lot of room for the end user to play with. Oracle is also a very mature solution and has support for all kinds of implementations and administration tasks, and even has mature documentation regarding errors and possible alerts that may arise.

Previously, we were using Oracle Database default auditing and security measures, but always faced problems in reading audit data and creating custom alerts and reports. It is also limited to the amount of data to restriction that can be applied, such as auditing of unknown connections.

Installation and configuration of Oracle Audit Vault and Database Security is very simple and a server can be deployed in a matter of minutes once the media is in hand.

Oracle provides highly stable and well-documented products and their support assures value for your money.

If an organization is interested in additional security over their Oracle database, this is the best option available, as it is easy to deploy and configure.

Reports and alerts are most valuable to us. Management wanted complete traceability of non-DBAs accessing databases using a database power user account. With the help of Audit Vault custom alerts, we were able to control this with 100% compliance.

Some major improvements in organizational operations:

• Our organization has a complete alert and control mechanism to identify unauthorized access of PROD databases.
• Compliance with United States government security and audit standards.
• Proactive control of audited parameters, like failed log-on attempts, to avoid Denial of Service (DoS) attacks.
• Improved management awareness about database compliance metrics using Audit Vault.

Large scope of improvements:

• A method to group targets (databases generating audit files) logically is missing; for example, PROD, QA, UAT & DEV targets.
• An alert mechanism based on logical grouping is missing.
• A simplified graphic mechanism for the management team.
• Remote start and stop of the Audit Vault collector agent.
• Sophisticated audit file management tools to control growth of audit files on the target server.

We started our journey in mid-2010 and it’s still in live production.

This product is not stable for large environments with more than 50 targets. Also, it is not recommended for the Audit Vault data warehouse database to be a RAC. It seems that the product is not tested with more than 50 targets, so be ready for performance and usability surprises. To overcome these limitations, we worked with a core designer Audit Vault team and suggested product improvements for future releases. I hope they have incorporated these suggestions in the 12.1/12.2 versions.

This product has scalability issues, which we resolved after working with a Audit Vault core designer. Some of the major issues are:

• This product runs a dynamic partition creation DDL on core warehouse tables at runtime, which is not recommended. The problem escalates when you introduce RAC as a warehouse database. This feature simply kills the warehouse RAC database from a performance point of view.
• The Audit Vault collector process on warehouse databases is designed to consume more memory to speed up processing and avoid a CPU spike. This holds good when collectors are limited, but when your target base grows, this kills the database server and results in frequent database restarts due to full memory capacity.
• The collector process on target servers is not able to identify abrupt Audit Vault server reboots and freezes. To resolve the same, you need to restart all collectors, one-by-one, manually.
• While adding a new target, if you have old Audit Vault files (say one or two years old) and if the agent captures that file, then the internal Audit Vault mechanism starts day-wise partition creation. That results in shared pool locks and it gets worse in the case of RAC. The workaround is to clean up all existing audit files and then reinstall the agent.

I love Oracle support because of its flexible nature. We faced many major roadblocks during implementation, from a scalability point of view. It gave us pleasure to work directly with an Oracle core designer team to address all issues within our timeline. So, the support is excellent.

This was our first solution.

Initial setup is very simple. There are not many components. Our only worry was the collector process, which runs on the target environment. Also, management of the same is a bit tedious, as remote agent start/stop is not available.

There are not many products available in this segment. We evaluated a couple of products from small organizations, but this is the only solution available for enterprise-class organizations.

Go ahead and implement the latest version. The product is really good with many built-in features and controls.

I like the audit report. This product has a lot of report templates and you can customize them.

One of the useful reports is the activity report. Our customer is an insurance company. They want to log every detail regarding financial transaction activities (insert, update and delete). If something happens with the data, they can trace it to the person who performed the activity, and where and when they did it.

Before we implemented this product, our client had to query the database to create an audit report. With this product, audit report generation is automated.

I would like to see better DB firewall documentation. We still don't understand how to configure the DB firewall.

We have used Audit Vault for around two years.

It's very stable and runs smoothly. Our servers have never been restarted since the first installation.

We have not had any issues with scalability.

The level of technical support was very low. They sent us an inexperienced technician.

Audit Vault was very easy to install, but not with the DB firewall. That's why we have dropped the DB firewall.

Do the correct hardware sizing, especially if you want to generate detailed audit reports that include the SYS user.

One of the most valuable features is the ability to audit database use. It conformed well. We set it up the way we wanted it.

It took the onus off of the database and put it on a separate machine.

I see room for improvement in almost all areas. The most important area is with custom reports. It was extremely difficult to create a report. The process to customize the reports requires a lot of research into how to code it. It takes advanced coding skills and is not intuitive. I couldn’t get them to work and I have a background in code writing.

The page for creating custom reports didn’t have an interface. The default reports did not suit our needs. There was no easy way to create reports – I had to look at the code that created the default reports and figure out how to change them to get the information we needed.

I worked with this solution for two years.

We constantly have stability issues. The product puts an agent on each managed server to process audit information. The agents were constantly going down without warning and missed auditing data.

Any upgrade or patch required a complete reinstall. This was inconvenient.

We have used technical support. The SRs we opened with Oracle were ignored because no one had any experience with the product. A Level 1 (production down) ticket went unanswered for weeks.

The installation took a blank server and installed Oracle Linux, Oracle Database 11.2.0.4, and the web-based application at once. Setting it up was an adventure and the documentation was poor.

Good luck.