Oracle Audit Vault Reviews

My team and I have handled projects for banks and production companies, where security concerns were major. We implemented Oracle Audit Vault where auditing the infrastructure data was required, along with other database security products.

The most useful feature of Oracle Audit Vault is its ability to ensure that audits are immutable, as mandated by the Ministry of Corporate Affairs guidelines whenever an audit is happening for a single transaction, mainly for financial transactions. It separates the Oracle databases' information that is being audited and stores it in a separate location where no user has access, including the Oracle Audit Vault admin, ensuring that no one can change or modify that particular record, providing utmost security.

User activity reports in Oracle Audit Vault are fantastic, informative, and specific. When a user makes any changes, both the pre-change values and the post-change values are captured and presented to the auditors perfectly, showing what the particular column had before and after the update, along with the user who made the change and the time of the change.

Regarding automated policy enforcement in Oracle Audit Vault, I have experience with it, and I find it very important.

Oracle Audit Vault fully supports compliance management for companies, with no doubt about its capability to maintain compliance from both audit and security threat perspectives.

The correlation engine in Oracle Audit Vault is effective. It includes a data firewall as part of its features, so the threat mechanism allows users to block, snip, and capture all threats happening in the network.

In terms of potential areas of improvement for Oracle Audit Vault, I have raised two observations to Oracle. One observation concerns the alert mechanism that sometimes sends false alerts, such as when a user changes their password but still receives a message indicating that a password reset is required. The second issue concerns the Data Guard environment, where I have noticed that larger audit log files do not replicate correctly to the DR site. This happens because the particular data blocks are not visible to both users and the Oracle engine when they are archived.

I have been working with Oracle Audit Vault since 2018.

I rate stability for Oracle Audit Vault as nine out of ten. It is now stable, although some bug fixes are still required.

For scalability, I also rate Oracle Audit Vault as nine out of ten. It performs very well in this regard.

For technical support, I find it only sustainable. I am not satisfied with the technical support provided. I have faced numerous struggles, especially since GoldenGate is incorporated with Oracle Audit Vault, which indicates there are areas where Oracle needs to improve. I would rate technical support as a five out of ten.

The initial setup for Oracle Audit Vault is very simple. Anyone can implement it.

Regarding customizable alerts in Oracle Audit Vault, the product is designed as an audit product where modifying anything is not possible. Therefore, customization is very limited. However, the inbuilt alert mechanisms provided by Oracle are sufficient to pass information to the respective auditors and system admins.

In assessing the main competitors of Oracle Audit Vault, I recognize IBM as one competitor, although I cannot recall the name of the second one. Both are very similar in nature.

Oracle Audit Vault is the better solution when compared to IBM.

The pricing for Oracle Audit Vault is mid-range. Considering the work it does, the compliance it mitigates, and the reports it provides, I find it fair but not particularly low-priced.

I would rate this product a ten out of ten overall.

Oracle Audit Vault serves as the main solution for my customers, which are banks and financial institutions, to protect their database, see audits and proactively monitor the database.

Oracle Audit Vault's best feature, if configured well and used effectively, includes the blocking and Database Firewall part that makes an impact because it allows you to filter SQLs on the fly and have more control over database access.

From the perspective of my customers, when there is a change on the database, they previously lacked proof or reporting methods. Since we have installed Oracle Audit Vault for them, they can identify where errors and attempts to connect to the database are coming from and tackle or block threats immediately.

I would like to see more control over the operating system in Oracle Audit Vault, along with easier methods to send syslog or alert logs to another monitoring tool.

I am still currently working with Oracle Audit Vault at the moment.

Oracle Audit Vault is very stable, with the exception of some certificate issues that disrupted the environment for up to a month.

I have escalated questions to Oracle tech support a couple of times for certificate errors, and they were resolved by their engineers.

We are now considering creating a replication and patching process, but we have not yet experienced scaling out or patching.

Considering that service disruptions were raised as a severity two issue, I would rate my experience with technical support around eight to 8.5.

Positive

I have briefly experienced working with Imperva, though I cannot say I have worked on it in detail.

Regarding key differences between Oracle and Imperva products, I have not seen Imperva in detail, but I have heard from clients that monitoring in graphical terms is easier with Imperva.

Oracle Audit Vault's initial setup process and deployment part are straightforward, as the configuration was simple and the installation was easy.

I don't know anything about the pricing aspect, as that is usually handled by my boss, Eric. Mr. Eric handles all procurement, licensing, and agreements with the clients.

We have created customized alerts to help prevent unauthorized access, specifically for one of the banks, collaborating with the team to set it up on the core banking database.

Organizations considering Oracle Audit Vault should recognize that its integration to Oracle database is seamless, allowing for detailed reporting, alerts, and high security.

We have worked with customizable alerts regarding Oracle Audit Vault. We have created one alert based on the categories available in Oracle Audit Vault. Oracle Audit Vault uses an agent that is pushed from the appliance, which I downloaded the JAR file from.

We are now considering creating a replication and patching process with planned downtime, but we have not yet experienced scaling out or patching.

I would rate this review with an overall rating of nine.

Oracle Audit Vault has improved our compliance reporting.

Oracle Audit Vault has a lot of great features, but what I find most valuable is the database firewall. The assessment reports in version 19.10 are also incredibly useful for conducting security assessments and ensuring compliance with regulations.

The performance of Oracle Audit Vault could be improved, especially in handling large data collections and generating reports on time. Additionally, the efficiency of queries for retrieving information from the database needs improvement, particularly in large-scale environments.

I have been using Oracle Audit Vault for ten years.

There is a connection between performance and stability, especially when handling large data volumes in Oracle Audit Vault. Stability issues may arise during heavy data collection. I would rate the stability of the solution as a six out of ten.

I would rate the scalability of Oracle Audit Vault as a six out of ten. My clients who use the solution are mostly enterprise businesses.

I have found Oracle's technical support to be quite bad. Despite opening numerous tickets, I often haven't received solid solutions. Most of the time, I end up resolving issues internally without much help from Oracle support. I would rate the support as a one out of ten.

Negative

Comparing Oracle to IBM Guardium, I find Oracle to be better in certain features, although IBM Guardium may offer more stability. Overall, I would recommend Oracle Audit Vault over IBM Guardium due to its more comprehensive and digitalized solution.

The implementation time for Oracle Audit Vault varies based on customer needs and requirements. Typically, it can take a minimum of two weeks, but the process may extend up to six months or longer, depending on customization and additional features requested by the customer, such as integration with SysLog or other servers.

I would rate the costliness of Oracle Audit Vault as a seven out of ten. It is a bit expensive.

I would recommend Oracle Audit Vault to others. Overall, I would rate it as a six out of ten.

We are using Oracle Audit Vault for auditing and compliance reporting.

The most valuable feature of Oracle Audit Vault is that it is agentless and enhanced user interface.

The support could improve.

I have been using Oracle Audit Vault for approximately two years.

The solution is scalable.

The sole requirement is to have the minimum capability. Occasionally, we have observed a significant increase in the collected data from the specified targets, leading to an involved audit. Currently, our focus lies on the configuration of the agentless configuration engine. Consequently, I have been contemplating the impact of increasing the number of target collections, possibly surpassing fifty or seventy. What effect would this have on the speed of data collection? One limitation I have noticed is in complex environments where a multitude of databases are available for potential data collection. The agentless configuration has a maximum limitation of twenty targets. It cannot exceed this number. Therefore, a combination of agentless and agent-based collection will be employed. Our primary concern remains the speed of data collection.

My clients are typically medium-sized companies.

We have two solutions and when we contact the team it goes to the wrong department, such as the database team.

I rate the support from Oracle Audit Vault an eight out of ten

Positive

The initial setup of the solution is simple. However, we have some problems with the capacity. There is a limitation in the amount of locally available storage. However, the limitation is mentioned in the documentation.

The deployment took four to five days.

We use two people for the implementation and one is a database expert.

We use one person for the maintenance of the solution.

I rate Oracle Audit Vault an eight out of ten.

I am currently using the latest version of Oracle Audit Vault for data security. It gives me the ability to see reports and other database details. Additionally, it also allows us to set policies. The privilege sector is an essential part of this solution and allows us to set up data visits without going back to check some other things.

It also has complementary solutions, allowing us to choose information selectively without keeping the administrator in the loop. It is a solution for databases that need to send very critical and vital information to audit reports for analysis. 

It has become an exchange-out part of the business itself. The new version comes with agentless capabilities. In my previous projects, I used agents that had to be installed on different databases that further needed to be monitored. Those features haven’t been released across all the regions, so they might not be available for use right now. All of the other components that make up the infrastructure in the environment including the operating system are also quite valuable. 

I believe that we can always customize according to our needs. More custom reports, some confidential options, and sorting reports are some of the features which can be enhanced. 

Some issues pop up when we limit our operating system's assessment. However, all the customization and tweaking might be a bit of a challenge when trying to integrate the solution. They should simplify the integration and work with different vendors and mechanisms.

I have been using Oracle Audit Vault for 11 years.

It has little impact on the software. The visibility is good because it doesn't impact performance. I will rate the stability a nine out of ten.

The scalability depends on different databases and clients. 

Oracle's technical support is helpful. We also have an external ACS team that helps us get premiere support. However, Oracle needs to improve its support and be more responsible. 

The initial setup is not complex at all and can be deployed in a hybrid environment, depending on the needs of different customers. The deployment took over a day.

Oracle Audit Vault was implemented in-house. 

The solution keeps on improving. If I have to rate and compare it with other Oracle databases, then I would rate it a nine out of ten. If I would compare it with other solutions, I would rate it a seven out of ten. For example, IBM has other functionalities. There are various aggressive cases, but Oracle itself can be rated a 10 out of 10. 

Its main use case is for auditing the data.

It is deployed on-premises. You need two servers to do that. The first one is for Audit Vault, and the second one is for the firewall server.

Its security is most valuable. All companies are looking to secure their data because people around the world are stealing data from IT, banks, and other companies. The most important thing is to secure data. It should not go into the hands of hackers. A company's strength is in the security of its data, and customers want to know how safe the data is in a company.

It is a good product for controlling all databases. It is helpful for auditing the data. When people are doing any actions on the databases, they are recorded automatically in the vault. You can work on the collected data to find out exactly what is happening on a database. You can implement database encryption on the databases to control people's access to the database content, such as rows and tables.

Currently, you need two servers: one for Audit Vault and one for the firewall. If they can combine them into one server, it will be great because it is costly to have two servers. It will also make its installation easier. I have heard that in the new version, there will be only one server for both.

I use it only for security purposes, and they can continue to improve it with more security tools and features. It should be powerful like FortiGate. When it becomes powerful like FortiGate, people will only go for this solution for their infrastructure.

Their support could be faster.

I have been using this solution for almost three years.

I have installed it in two banking companies. It is mostly stable. Sometimes, there is an issue with the system. Its stability is okay.

I have never scaled it, but I have heard that it is possible.

When I face any issue, I open a service request on Oracle's site. Sometimes, it took them time to solve the problem. You give them all the logs, but they can take three to four days before they come out with the solution. During all this time, customers are complaining and fighting. There is an SLA for us for resolving an issue.

It is complex because there are two servers. It would be best to have one server to make it easy to configure and install. Currently, it is not at all easy because it is an appliance, but it is self-configured. When you run it, it configures on its own based on its need for shared memory for all other background processes. Because it's an appliance, you cannot modify it during the installation. Everything is done directly, which is a good idea because sometimes, a person can make some mistakes during the configuration.

Its deployment duration varies. Sometimes, it took me almost two weeks because of some issues. After I have installed the software on the server, they need to put it on the network. At the time of putting the software, many problems come out with security because you need to take care of the security between the servers and the network. It was not at all easy.

I did it on my own. We are a consultant, and we are working for almost 20 companies in West Africa. We go to companies, check the infra, and advise them about the new products. We advise them about why they should install Audit Vault, and what advantage they will have when they get this product. We tell them about how to migrate. Many of them have 11G or 12C, but they need to move from the latest versions, such as 19 or 21.  We advise them about the Oracle products because we are also Oracle partners here in West Africa. Our IT department is mainly responsible for its maintenance.

I would rate it an eight out of 10. I like it, and that's why I want to get a certification in this product. 

We use this solution for developing and hosting our environment to orient them.

There are features available in Imperva that are not included in Oracle Audit Vault. It would be helpful to have more features added.

Stability could be improved, we have had some challenges

I have been using this solution for between six and seven years.

We are using the latest version.

We have some challenges with stability, but it's okay considering the entire industry.

It's a scalable solution. 

Depending on the instances that we have, we have approximately 1,000 users.

We have plans to continue using Oracle. If they have a better version, we will move towards that.

Technical support is perfect. We don't have any issues with technical support.

The installation is handled by a different department, but I haven't received any complaints about it.

I have completed an analysis on Imperva and found some features that are not available in Audit Vault.

Definitely, I would recommend Oracle Audit Vault for others.

I would rate this solution a seven out of ten.

I use Oracle Audit Vault for testing and configuring an audit role. I want to see how the solution works and if it is possible to block people from doing something. 

The feature that I have found most valuable is that it can help us secure our databases. The configuration is very good.

I hear from many people that say IBM Guardian is better than Oracle Audit Vault when it comes to performance. IBM Guardian works transparently in the database, but Oracle Audit Vault consumes some ratios on the server. The configuration for the solution can be complicated as well.

I have been using Oracle Audit Vault for the past three years.

I did find the product to be stable in the testing environment.

We do have technical support for Oracle Audit Vault however it is not available in our country.

The initial setup was straightforward and easy.

I did the deployment in-house over the weekend by myself. I followed the document I found online and did the installation.

I am currently using the free version and I was not required to buy a license.

I would rate Oracle Audit Vault an eight out of ten.

The main reason was to collect audit data, make it available in audit reports, and create custom reports that meet the customer's requirement and set audit policies and provision them from the Audit Vault Server console & For databases, it provides a database firewall that can monitor and/or block SQL statements on the network based on a firewall policy designed by an auditor.

• Audit data collection from diverse sources.
• Integrations with third-party products.
• ecurity event reporting (malicious activity and hacking attempts).
• Monitoring everything from one place.
• SQL workload monitoring

This will improve your infrastructure and make it secure for sure.

Different features I have been using in this product:

• Audit policies for Oracle Database
• Reports and report schedules
• Entitlement auditing for Oracle Database
• Stored procedure auditing
• Alerts and email notifications

All the above features will allow you to manage and monitor the infrastructure, databases very easily and create custom reports depending on what you want.

Different things should be improved: 

• The migration from an old version to a newer version is not that easy
•  Database grouping also should be improved, and
• The reporting.

Three to five years.

So far regarding to my experience with it it's stable but the problem when with the support when are facing a  bug or something you have to keep following all the time. 

It's nice product when it's comes to scalability, 

slow and they are asking for a lot of logs, you have to be patient since they will ask you to upload the logs every time the shift will change.

No.

to be honest the installation & configuration it's needs a lot of work and reading, the more server you have to audit the more complex and extra work you will have. 

I am working as freelance and having extensive experience with Oracle products so i have been contacted due to this, i implement this solution approximately five or six time.

if you are looking for software for auditing, audit Vault Collection Agent provides run-time support for audit data collection by Audit Vault collectors.

• Setup consumes too much resource and storage. 
• Also if you need to install Database Firewall, you need another server. 
• Pricing is expensive.

• Audit Vault Console which consists the following : -
• Collector management and monitoring
• Report management
• Alert management

We use this solution for regulatory compliance and reporting for the enterprise. This augments regular compliance and risk management solutions.

The organizations and clientele we work with include public sector and private sector businesses in the Financial Services industry, where they host data from global partners. The EU citizens and businesses now demand that GDPR be in place in order to host their data.

It has provided us with a unique opportunity to automate risk discovery.

The system provides both an audit system and a security solution through the database firewall that protects the data and databases being accessed.

The system uses BU internal risk management and audit teams for ease of IT and systems audits.

The most valuable features of this solution are:

• Autonomous data collection.
• Ease of deployment to work and integrate with heterogeneous platforms.
• Reporting infrastructure is awesome and very flexible.
• The interfaces are intuitive and easy to use and navigate through.
• The solution has a well designed RBAC for the support of the business and it is secure.

We would like to see the ability to administer and manage the solution through Enterprise Manager 13c, and development of the dashboards that are generally missing.

The system needs to be easy to manage, especially in terms of space management.

There is little to no technical references and use cases pointing to the resolution of technical challenges during implementation. Better documentation would be helpful.

The product is stable but extremely sensitive.

It is rather difficult to scale, but it works perfectly.

The technical support at Oracle is weak, but the documentation provided is detailed and good.

Unfortunately, there is little information available on Oracle MOS.

We have always used the product alongside Imperva.

This initial setup of this solution is straightforward.

Our solution was delivered through an Oracle partner, Nexim Solutions.

Our ROI was almost immediate.

It is affordable but technical skills are required to architect and set up the system.

We evaluated Imperva and Tivoli before choosing this solution.