Cloud Security Perspectives and Insights

A Fully Refreshed Oracle Audit Vault and Database Firewall for Auditing and Monitoring

Vipin Samar
Senior VIce President

Organizations today have hundreds or even thousands of databases, applications, and operating systems where user and administrator activities need to be audited and monitored for security and compliance reasons.  That oversight requires continuous collection and analysis of huge amounts of activity data in order to run reports and generate alerts on anomalous activities for further investigation. Of course, network monitoring and database auditing solutions have existed for several years, but organizations must now rethink how to achieve 360-degree visibility while facing shrinking IT resources and considering not just today’s demands, but also those of tomorrow. 

We are thrilled to announce that the fully revamped and refreshed Oracle Audit Vault and Database Firewall 20 is now available to help you meet auditing and monitoring requirements for your databases whether they are on-premises or on the cloud. Oracle Audit Vault and Database Firewall 20 brings not just improved ease-of-use and wider coverage, but also enhancements to address enterprise requirements for extensibility, scale, and security.

We upgraded the user interface engine to give a modern, responsive, and intuitive look and feel.  We simplified and optimized the UI for common workflows and easier navigation.  Both Audit Vault and Database Firewall components can now be managed from the same console, centralizing the administrative activities.

To reduce the cost of operations, we brought the proven best practices through single-click provisioning of out-of-the-box audit policies for Oracle databases.  Along with dozens of out-of-the-box reports on the activity data from across all your resources, you can easily filter reports by a given user, IP address, type of activity, time period, or any combination.  For Oracle databases, we can provide both the before and after values for transactions on specific tables or schemas, making it easy to track the lifecycle of sensitive data.

We extended coverage by collecting audit data from PostgreSQL in addition to our existing support for Oracle, MySQL, Microsoft SQL Server, SAP Sybase, and IBM Db2 LUW databases.  With our rich and extensible audit collection framework, you can collect and analyze audit data from almost any system that generates an audit trail.  Our collector framework now reads audit data stored in JSON or XML files, database tables, or available via RESTful API - making it possible to collect audit data from databases such as MongoDB via a simple attribute mapping table.   

Database Firewall continues to stand out as a major differentiator through its highly accurate grammar analysis of the SQL statements, and its ability to identify anomalous SQL traffic.  The multi-stage database firewall analyzes different contextual conditions to implement access control policies without impacting the database.  At the simplest level, it can allow or deny SQL statements based on connection metadata such as IP address, OS user name and database user name.  Next, Database Firewall uses allow-list and deny-list rules on clusters of SQL statements to block and raise alerts on SQL injection attempts well before the SQL has even reached the database.  Finally, the Database Firewall can enforce policies based on table names and even the type of SQL statement.

To simplify deployment across complex networks, customers can now use the Host Monitor agent on Windows (in addition to Linux, AIX, Solaris) to forward a copy of the SQL traffic to the Database Firewall independent of the actual network topology.

In response to customer feedback, we added support for automatically archiving the audit data to low-cost storage locations after a predefined time period.  For centralized user management, we now support authentication and authorization with Microsoft Active Directory and OpenLDAP.

Oracle Audit Vault and Database Firewall 20 supports both network-based SQL monitoring and database auditing with the needed scale and flexibility that enterprise organizations demand. It implements the ever-important ‘trust but verify’ security principle and can serve as the first line of defense for your data assets.

Sign up for the Early Adopter Program, which will run through September 30, 2020. For more information, please visit the AVDF technical resource page, and attend our Database Security Office Hours on Oracle Audit Vault and Database Firewall 20. If you're ready to get started, then download the software.

Stay safe! Stay secure!

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.