Oracle Audit Vault Reviews

The out-of-the-box reports feature is most valuable because it covers most of the useful auditing features that you might need.

I haven’t used this product at my current job but I implemented it at a couple of other organizations, as a technical consultant. What they really wanted to do was to be able to check who is doing what with their sensitive data and they achieved that.

I am not sure for the latest version but for previous versions, there were some configuration bugs when connecting Audit Vault Agent with Audit Vault Server.

I have used this product for five years.

If you use the DB AUD$ option, you have to be careful because this table might fill up your database without any notifications.

I have not encountered any scalability issues.

I would give the technical support a 7/10 rating.

We previously did not use any other solution.

The initial setup was a bit complex for versions 10-11. However, the setup for version 12 is straightforward.

In my opinion, the license cost is worth the work that the product is doing.

I haven’t evaluated other options because there were only Oracle environments.

If you are implementing this product, I would advise not to audit the whole database since that will cause you a lot of trouble. You need to plan very well of what needs to be audited.

The most valuable features of this product are:

• PL/SQL auditing: It helps to control the code updates in a sensitive environment.

• Inbuilt compliance reports - In data-sensitive environments where auditing teams require generation of reports for specific database such as SOX-compliant financial databases, HIPAA-compliant healthcare databases or PCI-compliant databases, leveraging these inbuilt reports in Oracle Audit Vault 12c can be of great value.

We are the implementers of the product to our clients.

This product should improve capturing more auditing information for database sessions that connect via applications and also through database links. When the database sessions are generated from the applications that use database links from other databases, by nature the target database won't capture relevant information of the remote sessions. Also in the audit trails, it is of utmost importance who are the data consumers so as to track and control the appropriate use of the information.

There is need to improve capturing of more auditing information for OS logins as well.

I have used this solution for three years.

I have not encountered any stability issues.

I have not encountered any scalability issues.

I would give the technical support a 7/10, i.e., an above-average rating.

We have not used any other solution.

The setup for Audit Vault is relatively simple.

However, configuring personalized reports is a nasty task. There are many variables involved and the documentation is not very good. The way the reports can be personalized must be more visual and requires a drag-and-drop feature rather than creating it in a rudimentary manner.

It is an expensive solution. For those customers who do not have any ULA agreements with Oracle, the solution is practically impossible to acquire.

We did not evaluate other options.

Those who have already acquired the product, the implementation and use of the product is dependent on its daily use so as to get acquainted with all the features. If they have installed the platform and don't use it regularly, it’s a waste of time and energy.

One day when somebody asks about the audit reports, the database auditors will be in a big problem if they don't know how to generate the requested reports.

The most valuable features of this product are auditing the old and new values after each change in the database, REDO_COLL and capturing application context functionalities.

REDO_COLL is a function provided by Oracle Audit Vault where the system captures all values that are changed in the audited tables of a database. So if someone fires an update in a table, the auditing system will not only capture the value which was enforced as part of the update, but will also capture the old value (before the update was done).

Application Context is an interesting implementation, where we can pass additional information about front-desk application users in the audit trail. So, when we look at an audit log we not only see the database user but also the application user who has viewed/changed the data.

Auditing as an imperative function of any Enterprise company. We require the audit logs for compliance needs and for tighter control of the infrastructure. Being in the Health Insurance industry and handling PHI & PII data, there are compliance mandates enforced by HIPAA. Oracle audit Vault helps us implement the control points enlisted under "Audit Requirements". HIPAA mandates us to track any/all access to ePHI data in our system, even if it is just a READ ONLY access. With Oracle Audit Vault, we have a centralized system to access all Audit Trails for sensitive data access.

The price factor makes it “out of reach" for small players in the IT industry. Even the SaaS model is very expensive. SaaS is an alternative hosting model where Oracle hosts the audit vault in their data center and installs audit collection agents on client data center. They host these appliances in their HIPAA-complaint data center where all controls are active. They work with the client to set-up secure channels for audit data and then sign BAA with the client. This auditing feature is made available as a service for which Oracle charges on a pro-rated basis.

Also, Audit Vault is not yet licensed to run with Other Cloud offerings like Amazon AWS, which makes it difficult to implement incase your existing tech-stack is on AWS or any other non-Oracle-Cloud Infrastructure.

I have used this product for almost a year.

Yes, its not certified to run with Amazon AWS.

I did not encounter any such issues. The product was both stable and scalable.

I did not encounter any scalability issues either.

The technical support is great.

We did not use any other solutions. Our company needed a full auditing suite for our database along with capturing application context and REDO_COLL functionality. This product was our first choice.

It has an appliance setup which is not supported on Amazon or any other third party cloud, making the process very cumbersome.

The pricing policy is quite aggressive. We must equal the number of processors on DB in accordance with this appliance, thus making it very expensive.

We evaluated the IBM Guardium solution.

If this product falls under your budget, then there is nothing like it in the market.

Audit Vault is a good Oracle Tool to collect all Database Audit Information in a single database repository for managing Database Security. I have used it to collect DB login info , Server access info, SQL statements , before and after images of Data using OS, DB and REDO collectors. Provides and easy to use browser based GUI to generate Standard Reports for Compliance purposes - SOX(Sabanes Oxley) and PCI(Payment Card Industry) compliance and allows custom report generation too.

The underlying Mechanism for collect SQL statements (REDO collector) is still based on Oracle Streams technology. Data in Audit Vault needs to Selected properly and purged at regular intervals else it grows too much to manage. Increases network traffic especially between Audit Vault Server and Source Databases.

DBA skills needed for proper setup. Also, there are situations when the DBA needs to run Oracle streams commands to manage the streams data flows and also monitor Streams propagation and apply activities. Next release probably will use Golden Gate as the underlying technology instead of Streams.