Oracle Audit Vault Reviews

• Audit log collection from a heterogeneous RDBMS environment
• Offers warehouse-based control over the log DB in a secured and encrypted way

Additionally, it offers a RAC option along with DB vault configuration.

I am in the training field and I can express my views based on that experience only. This is a configuration-based product that offers you full control of the audit settings and the configurations. It helps in generating all the required reports as per the compliance. It even helps in customizing the reports as per your choice.

There are multiple banks that are either using it or they are going to implement this tool in the Asian and African countries. They are attaching it to their core banking system. The latest version for Audit Vault is 12c and some of the valuable features are:

• Audit logs are now out of reach: Superusers (SYS), DBAs and OS Admins can’t remove them.

• Logs are completely safe in the warehouse: Encrypted and protected by the DB vault.

• Faster access to logs: Partitioning is available.
• Alert configuration (email-based, desktop)

• High availability of the log server: Limited use of the RAC option.

• Compliance-based reporting with attestation option. Customization is also possible.

• Works transparently with the application. No coding required.

There were some bugs in beginning. Oracle has given us some patches for that. Now, we also have the Audit Vault and Database Firewall Product version 12c in the market with more features.

I have been using this tool for seven years.

We did encounter some stability issues. There are lots of bugs in the starting version but most of them are patched; the latest versions are much stable.

I haven’t tried the scalability option.

The support is good. I would give it a rating of 9/10.

We were not using any other solution.

Initial setup was complicated. Earlier, when I started working on the product, at that time, there were a lot of bugs in it and even the support and documentation was also not available. Now, things are better but still sometimes a few of the installation steps create confusion.

It’s a value-for-money product. It offers multiple features of the Oracle RDBMS indirectly to you for the Audit Vault repository database.

We did not evaluate other options.

I would recommend to compare this product with its competitors. Also, analyze your company requirements, and finally, take the decision based on the need and support you are getting from the vendor.

Oracle Database Firewall, Database Vault and Data hiding tools present a layered security approach to protecting, controlling, auditing and hiding sensitive data and access to sensitive data.

The following key features make this product a valuable tool:

• Transparent database activity monitoring over the network - minimum changes to the database client and server configuration, and no additional load on the network or on the database servers being monitored. Hence, it doesn’t affect the performance.
• Capability to block unauthorized database activity (such as SQL injection attacks) using a specialized grammar analysis that allows accurate enforcement of activity whitelists and blacklists.
• Comprehensive database activity based on consolidated database logs, securely stored in a centralized, enterprise-scale repository ensuring ease of monitoring.
• Centralized data security auditing across the enterprise, achieved by consolidating OS, directory, and other logs into the same centralized repository.
• Fine-grained, correlated alerting based on analysis and policy enforcement of consolidated logs
• Out-of-the-box audit reporting across multiple sources (e.g., Oracle and non-Oracle databases, directory and OS) to satisfy common regulatory requirements such as PCI, DSS, SOX and other compliance regimes.
• Custom reports and powerful BI tools that allow organizations to go as deep as necessary for forensic analysis or e-discovery purposes.
• Easy-to-deploy software appliance based on hardened operating system and database that does not require database administrator (DBA) skills, allowing the solution to be owned and managed by IT security staff.
• Alert on suspicious and unauthorized activities in real time. Review user rights, identify dormant users and excessive privileges.
• Detect and monitor changes to stored procedures.

Oracle Audit Vault and Database Firewall expands protection beyond Oracle and third party databases with support for auditing the operating system, directories and custom sources. Our client needed a product which can provide a holistic approach to the whole enterprise in terms of security, monitoring and auditing security which is exactly what this product provided.

Although Oracle Audit Vault and Database Firewall serves as a critical detective and preventive control to protect against the abuse of legitimate access to databases responsible for almost all data breaches and cyber attacks, using Database Firewall to identify and capturing audit logs of real users, especially on applications using generic users to access the database, is an uphill task. More so, to correlate suspicious SQL to the originating end user.

Reduces the complexity of setting up the appliance, especially on large application systems with generic users using CLIENT_IDENTIFIER on the database to capture audit trails.

I have managed to interact with this product for a period of two years, working as a consultant to implement for one of our clients in the banking industry.

There are not many issues with stability on the latest version of the product.

Since the appliance runs on the enterprise Oracle database, scalability is not an issue unless limited by licensing.

Oracle has one of the most robust Oracle support systems to its paid customers. They also provide a lot of documentation, including installation and administration guides.

I have not used any other solutions.

Setting up the appliance for the first time can be a little bit difficult. Knowledge of Oracle database setup and use is required.

Oracle Database Security solutions provide you with the most comprehensive and advanced security offerings that help reduce the costs and complexity of securing their business information across the enterprise.

I was dealing with a client who already purchased the appliance and was looking for an implementation team to do the setup and maintenance in their environments.

The two most valuable features of this product are:

• Database access control
• Auditing of users

First of all, it is very easy to configure users and their appropriate roles and permissions on a database. The product allows us to set rules and restrictions at very minute levels.

Secondly, it audits user activities and presents relevant information in graphs and tabular formats; includes details, such as time, query and objects. We can create custom alerts for transactions and monitor and block incoming requests.

It also helps in IT auditing as we can retrieve required information in a matter of clicks.

Information technology outsourcing: Audit Vault and Database Firewall has helped us in many ways; specifically, to restrict and control access to data. It also has helped us identify/recover from many accidental transactions. The product has helped us to organize and monitor different applications and their transactions.

Using the features provided by this product, we have implemented restrictions on data access for individual users accessing the application to perform activities on the database. Restrictions/monitoring can be configured for column/row level as well. With Oracle Audit Vault and Database Firewall, you can create alerts for suspicious activity, create changes to privileged users, create historical reports on schema changes and data-level access. Audit Vault also can audit OS and network events. It can also be used to audit other databases (such as MYSQL, IBM, etc.) and databases in the cloud.

According to Oracle, the best practice is that Audit Vault Server and DB Firewall should be deployed on different boxes (servers). There is no option to co-locate them together. If you wish to deploy AV server and Database Firewall, you will need two servers; one dedicated to Database Firewall and the other dedicated to AV Server.

I have been using this product for over 1.5 years.

We haven’t had any stability issues as yet, as you can even configure for HA (High Availability) as well.

Security controls can be customized with in-line monitoring and blocking on some databases and monitoring only on other databases. The Database Firewall can be deployed in-line, out-of-band, or in proxy mode to work with the available network configurations.

For monitoring remote servers, the Audit Vault Agent on the database server can forward the network traffic to the Database Firewall. Delivered as a soft appliance, a single Audit Vault Server can consolidate audit logs and firewall events from thousands of databases.

Both Audit Vault Server and the Database Firewall can be configured in a HA mode for fault tolerance.

Technical support, both online at support.oracle.com and the ability to contact and create service requests with Oracle, gives a lot of room for the end user to play with. Oracle is also a very mature solution and has support for all kinds of implementations and administration tasks, and even has mature documentation regarding errors and possible alerts that may arise.

Previously, we were using Oracle Database default auditing and security measures, but always faced problems in reading audit data and creating custom alerts and reports. It is also limited to the amount of data to restriction that can be applied, such as auditing of unknown connections.

Installation and configuration of Oracle Audit Vault and Database Security is very simple and a server can be deployed in a matter of minutes once the media is in hand.

Oracle provides highly stable and well-documented products and their support assures value for your money.

If an organization is interested in additional security over their Oracle database, this is the best option available, as it is easy to deploy and configure.

Reports and alerts are most valuable to us. Management wanted complete traceability of non-DBAs accessing databases using a database power user account. With the help of Audit Vault custom alerts, we were able to control this with 100% compliance.

Some major improvements in organizational operations:

• Our organization has a complete alert and control mechanism to identify unauthorized access of PROD databases.
• Compliance with United States government security and audit standards.
• Proactive control of audited parameters, like failed log-on attempts, to avoid Denial of Service (DoS) attacks.
• Improved management awareness about database compliance metrics using Audit Vault.

Large scope of improvements:

• A method to group targets (databases generating audit files) logically is missing; for example, PROD, QA, UAT & DEV targets.
• An alert mechanism based on logical grouping is missing.
• A simplified graphic mechanism for the management team.
• Remote start and stop of the Audit Vault collector agent.
• Sophisticated audit file management tools to control growth of audit files on the target server.

We started our journey in mid-2010 and it’s still in live production.

This product is not stable for large environments with more than 50 targets. Also, it is not recommended for the Audit Vault data warehouse database to be a RAC. It seems that the product is not tested with more than 50 targets, so be ready for performance and usability surprises. To overcome these limitations, we worked with a core designer Audit Vault team and suggested product improvements for future releases. I hope they have incorporated these suggestions in the 12.1/12.2 versions.

This product has scalability issues, which we resolved after working with a Audit Vault core designer. Some of the major issues are:

• This product runs a dynamic partition creation DDL on core warehouse tables at runtime, which is not recommended. The problem escalates when you introduce RAC as a warehouse database. This feature simply kills the warehouse RAC database from a performance point of view.
• The Audit Vault collector process on warehouse databases is designed to consume more memory to speed up processing and avoid a CPU spike. This holds good when collectors are limited, but when your target base grows, this kills the database server and results in frequent database restarts due to full memory capacity.
• The collector process on target servers is not able to identify abrupt Audit Vault server reboots and freezes. To resolve the same, you need to restart all collectors, one-by-one, manually.
• While adding a new target, if you have old Audit Vault files (say one or two years old) and if the agent captures that file, then the internal Audit Vault mechanism starts day-wise partition creation. That results in shared pool locks and it gets worse in the case of RAC. The workaround is to clean up all existing audit files and then reinstall the agent.

I love Oracle support because of its flexible nature. We faced many major roadblocks during implementation, from a scalability point of view. It gave us pleasure to work directly with an Oracle core designer team to address all issues within our timeline. So, the support is excellent.

This was our first solution.

Initial setup is very simple. There are not many components. Our only worry was the collector process, which runs on the target environment. Also, management of the same is a bit tedious, as remote agent start/stop is not available.

There are not many products available in this segment. We evaluated a couple of products from small organizations, but this is the only solution available for enterprise-class organizations.

Go ahead and implement the latest version. The product is really good with many built-in features and controls.

I like the audit report. This product has a lot of report templates and you can customize them.

One of the useful reports is the activity report. Our customer is an insurance company. They want to log every detail regarding financial transaction activities (insert, update and delete). If something happens with the data, they can trace it to the person who performed the activity, and where and when they did it.

Before we implemented this product, our client had to query the database to create an audit report. With this product, audit report generation is automated.

I would like to see better DB firewall documentation. We still don't understand how to configure the DB firewall.

We have used Audit Vault for around two years.

It's very stable and runs smoothly. Our servers have never been restarted since the first installation.

We have not had any issues with scalability.

The level of technical support was very low. They sent us an inexperienced technician.

Audit Vault was very easy to install, but not with the DB firewall. That's why we have dropped the DB firewall.

Do the correct hardware sizing, especially if you want to generate detailed audit reports that include the SYS user.

One of the most valuable features is the ability to audit database use. It conformed well. We set it up the way we wanted it.

It took the onus off of the database and put it on a separate machine.

I see room for improvement in almost all areas. The most important area is with custom reports. It was extremely difficult to create a report. The process to customize the reports requires a lot of research into how to code it. It takes advanced coding skills and is not intuitive. I couldn’t get them to work and I have a background in code writing.

The page for creating custom reports didn’t have an interface. The default reports did not suit our needs. There was no easy way to create reports – I had to look at the code that created the default reports and figure out how to change them to get the information we needed.

I worked with this solution for two years.

We constantly have stability issues. The product puts an agent on each managed server to process audit information. The agents were constantly going down without warning and missed auditing data.

Any upgrade or patch required a complete reinstall. This was inconvenient.

We have used technical support. The SRs we opened with Oracle were ignored because no one had any experience with the product. A Level 1 (production down) ticket went unanswered for weeks.

The installation took a blank server and installed Oracle Linux, Oracle Database 11.2.0.4, and the web-based application at once. Setting it up was an adventure and the documentation was poor.

Good luck.

The out-of-the-box reports feature is most valuable because it covers most of the useful auditing features that you might need.

I haven’t used this product at my current job but I implemented it at a couple of other organizations, as a technical consultant. What they really wanted to do was to be able to check who is doing what with their sensitive data and they achieved that.

I am not sure for the latest version but for previous versions, there were some configuration bugs when connecting Audit Vault Agent with Audit Vault Server.

I have used this product for five years.

If you use the DB AUD$ option, you have to be careful because this table might fill up your database without any notifications.

I have not encountered any scalability issues.

I would give the technical support a 7/10 rating.

We previously did not use any other solution.

The initial setup was a bit complex for versions 10-11. However, the setup for version 12 is straightforward.

In my opinion, the license cost is worth the work that the product is doing.

I haven’t evaluated other options because there were only Oracle environments.

If you are implementing this product, I would advise not to audit the whole database since that will cause you a lot of trouble. You need to plan very well of what needs to be audited.

The most valuable features of this product are:

• PL/SQL auditing: It helps to control the code updates in a sensitive environment.

• Inbuilt compliance reports - In data-sensitive environments where auditing teams require generation of reports for specific database such as SOX-compliant financial databases, HIPAA-compliant healthcare databases or PCI-compliant databases, leveraging these inbuilt reports in Oracle Audit Vault 12c can be of great value.

We are the implementers of the product to our clients.

This product should improve capturing more auditing information for database sessions that connect via applications and also through database links. When the database sessions are generated from the applications that use database links from other databases, by nature the target database won't capture relevant information of the remote sessions. Also in the audit trails, it is of utmost importance who are the data consumers so as to track and control the appropriate use of the information.

There is need to improve capturing of more auditing information for OS logins as well.

I have used this solution for three years.

I have not encountered any stability issues.

I have not encountered any scalability issues.

I would give the technical support a 7/10, i.e., an above-average rating.

We have not used any other solution.

The setup for Audit Vault is relatively simple.

However, configuring personalized reports is a nasty task. There are many variables involved and the documentation is not very good. The way the reports can be personalized must be more visual and requires a drag-and-drop feature rather than creating it in a rudimentary manner.

It is an expensive solution. For those customers who do not have any ULA agreements with Oracle, the solution is practically impossible to acquire.

We did not evaluate other options.

Those who have already acquired the product, the implementation and use of the product is dependent on its daily use so as to get acquainted with all the features. If they have installed the platform and don't use it regularly, it’s a waste of time and energy.

One day when somebody asks about the audit reports, the database auditors will be in a big problem if they don't know how to generate the requested reports.

The most valuable features of this product are auditing the old and new values after each change in the database, REDO_COLL and capturing application context functionalities.

REDO_COLL is a function provided by Oracle Audit Vault where the system captures all values that are changed in the audited tables of a database. So if someone fires an update in a table, the auditing system will not only capture the value which was enforced as part of the update, but will also capture the old value (before the update was done).

Application Context is an interesting implementation, where we can pass additional information about front-desk application users in the audit trail. So, when we look at an audit log we not only see the database user but also the application user who has viewed/changed the data.

Auditing as an imperative function of any Enterprise company. We require the audit logs for compliance needs and for tighter control of the infrastructure. Being in the Health Insurance industry and handling PHI & PII data, there are compliance mandates enforced by HIPAA. Oracle audit Vault helps us implement the control points enlisted under "Audit Requirements". HIPAA mandates us to track any/all access to ePHI data in our system, even if it is just a READ ONLY access. With Oracle Audit Vault, we have a centralized system to access all Audit Trails for sensitive data access.

The price factor makes it “out of reach" for small players in the IT industry. Even the SaaS model is very expensive. SaaS is an alternative hosting model where Oracle hosts the audit vault in their data center and installs audit collection agents on client data center. They host these appliances in their HIPAA-complaint data center where all controls are active. They work with the client to set-up secure channels for audit data and then sign BAA with the client. This auditing feature is made available as a service for which Oracle charges on a pro-rated basis.

Also, Audit Vault is not yet licensed to run with Other Cloud offerings like Amazon AWS, which makes it difficult to implement incase your existing tech-stack is on AWS or any other non-Oracle-Cloud Infrastructure.

I have used this product for almost a year.

Yes, its not certified to run with Amazon AWS.

I did not encounter any such issues. The product was both stable and scalable.

I did not encounter any scalability issues either.

The technical support is great.

We did not use any other solutions. Our company needed a full auditing suite for our database along with capturing application context and REDO_COLL functionality. This product was our first choice.

It has an appliance setup which is not supported on Amazon or any other third party cloud, making the process very cumbersome.

The pricing policy is quite aggressive. We must equal the number of processors on DB in accordance with this appliance, thus making it very expensive.

We evaluated the IBM Guardium solution.

If this product falls under your budget, then there is nothing like it in the market.

Audit Vault is a good Oracle Tool to collect all Database Audit Information in a single database repository for managing Database Security. I have used it to collect DB login info , Server access info, SQL statements , before and after images of Data using OS, DB and REDO collectors. Provides and easy to use browser based GUI to generate Standard Reports for Compliance purposes - SOX(Sabanes Oxley) and PCI(Payment Card Industry) compliance and allows custom report generation too.

The underlying Mechanism for collect SQL statements (REDO collector) is still based on Oracle Streams technology. Data in Audit Vault needs to Selected properly and purged at regular intervals else it grows too much to manage. Increases network traffic especially between Audit Vault Server and Source Databases.

DBA skills needed for proper setup. Also, there are situations when the DBA needs to run Oracle streams commands to manage the streams data flows and also monitor Streams propagation and apply activities. Next release probably will use Golden Gate as the underlying technology instead of Streams.