It has been five years since the release of Oracle Audit Vault and Database Firewall (AVDF) 20 in August 2020. We started AVDF 20.1 with a fully refreshed user interface and a strong focus on providing comprehensive Database Activity Monitoring (DAM) and helping address enterprise requirements for extensibility, scale, and security. Since then, we have added many new features and supported thousands of customers over the last 5 years.   

As the security landscape evolved, AVDF 20 evolved to address major shifts such as proactive security posture management, deeper monitoring and auditing coverage, simplified and consistent policy enforcement, the ability to handle emerging regulations, and expanded platform support. These advances help ensure your databases remain secure and compliant, even as your environment grows and changes.

Some of the highlights of the AVDF 20 journey are listed below. 
Database Security Posture Management: Assess the security configuration of the Oracle database fleet. Also, discover sensitive data and privileged users for the Oracle database. 
Centralized provisioning and management of Oracle database audit policies: Define once, enforce everywhere across the fleet.
Monitor local/bequeath connections: Monitor local or bequeath database connections to ensure complete visibility, regardless of how users log in.
Monitor and block NNE and TLS traffic: Monitor and audit activity even over encrypted channels.
Single view of the audit policy deployment across targets: Compliance-ready consolidated report now displays audit policy status.
Tracking before/after value changes to business records: Capture before/after values for business-critical transactions and meet compliance requirements.
Global Sets across the fleet: Collection of similar values, such as IP addresses, database users, etc., for consistent policy configurations and simplified report filtering. 
Agentless audit collection for quick deployments: Start audit collection quickly—no agents to deploy.
Auditing activities on the AVDF appliance itself: Activity monitoring for the AVDF appliance, including activities on the console, embedded database, and operating system.

Let’s look at them in detail. 

Key AVDF features for the Oracle database fleet:

AVDF centralizes database auditing and protection, helping you enforce consistent security policies, monitor changes, and safeguard your entire Oracle database fleet

  1. Database Security Posture Management (DSPM): Our most significant milestone was the evolution of a Database Activity Monitoring (DAM) solution to a fully integrated DSPM solution with AVDF 20.9. The shift to DSPM enabled AVDF to provide security configuration assessment for enterprise databases and the discovery of sensitive data and privileged user capabilities.
  • ​​​​​Security Assessment: The Security Assessment feature provides a centralized, simplified view of the security posture across all your Oracle databases. Summarized risk findings help prioritize and guide immediate action on potential risks associated with your Oracle database fleet. Out-of-the-box assessment and drift reports can be scheduled. You can also detect and track security configuration drift by defining a security baseline and monitoring deviations.
Screenshot of a Security assessment, simplified view
Security Assessment – Simplified View
  • ​​​​​Discover Sensitive Objects and Privileged Users: With the DSPM evolution of AVDF, you can now discover sensitive data and privileged users. You can also create global sets for sensitive data and privileged users, which can then be leveraged in alert policy conditions, All Activity, and compliance reports. This enables easy filtering in reports and simplifies the creation of targeted alert conditions, enhancing both efficiency and accuracy in monitoring.
  1. Centralized provisioning and management of Oracle database audit policies: AVDF can now centrally deploy and manage Oracle audit policies across your database fleet. Out-of-the-box, AVDF provides pre-defined audit policies—such as those for monitoring schema changes, logon and logoff events, and critical administrative activities. In addition, separate pre-defined policy sets are available to address specific compliance requirements for standards like CIS and STIG. Administrators can provision these policies directly from the AVDF console, ensuring consistency and reducing manual effort.
  2. Monitor and block NNE and TLS traffic: The Database Firewall inspects, logs, and blocks SQL statements coming over encrypted Oracle Native Network Encryption (NNE) and Transport Layer Security (TLS) connections.
  3. Single view of the audit policy deployment across targets: AVDF provides a consolidated report displaying audit policy status across all registered Oracle databases, including container and pluggable databases.

Major Feature Additions for Oracle and Non-Oracle Databases:

  1. Tracking before/after value changes to business records: Many organizations not only want to track the activity of their applications but also want to audit the before and after values of some transactions.  In addition, many compliance regulations, such as the Indian government’s Ministry of Corporate Affairs’ (MCA) amendments to its Audit & Auditors’ Rule (2014), require businesses to track changes to business records and create edit logs for these changes. AVDF could already track before and after values for the Oracle database. We extended this feature to cover Microsoft SQL Server and MySQL databases. Over subsequent Release Updates, we have added primary-key value and session information to the reports.
Data Modification - Before-After Values Report
Data Modification – Before-After Values Report

 

  1. Monitor local/bequeath connections: AVDF monitors administrator activity via local and bequeath connections on the host with the Host Monitor agent of Database Firewall, providing visibility into database activities even on local sessions.
  2. Global Sets across the fleet: Global Sets are collections of database, OS users, IP addresses, or database objects that you can define once and use across AVDF features, including Database Firewall policies, alert policies, All Activity, and compliance reports.
  3. Agentless audit collection for quick deployments: AVDF collects audit data from Oracle Database and Microsoft SQL Server without requiring agent installation, streamlining operations and making it ideal for restricted environments where agents cannot be installed, remote systems, and Proofs of Concept (POCs).
  4. Auditing activities on the AVDF appliance itself: AVDF tracks and reports administrative actions at the AVDF console, embedded database, and operating system levels to support regulatory self-auditing requirements.
Screenshot of an AVDF system report showing audit events
AVDF System Reports – AVDF Console Audit Report

Expanded Platform Support in the Past Five Years:


AVDF now covers more databases and deployment patterns—so you can standardize auditing and monitoring across your fleet. New additions include:

  • Oracle Database: Versions 21c, 23ai (with SQL Firewall), and Autonomous Database
  • Microsoft SQL Server: Versions 2019/2022; Always On/Cluster deployments  
  • PostgreSQL: Versions 12 through 15 for audit collection
  • MongoDB: Capture audit events from 4.4 and 5.0 via JSON and CSV imports
  • QuickCSV Collector: Import CSV audit logs from MariaDB, EnterpriseDB, and others

Summary of Key Features added since releasing AVDF 20.1:

Here is the list of AVDF 20 Release Update announcements, along with a summary of the key new features:

AVDF 20 Release Updates

Key updates

20.14
  • Session details added to before/after value tracking for MS SQL Server
  • Dedicated SQL Firewall Violations report

20.13
  • Monitor local/bequeath connections to the database
  • Audit activity by AVDF administrators
  • Support Oracle Database 23ai
  • Collect violation logs of SQL Firewall
  • Agentless audit collection when Audit Vault Server is deployed in high availability mode
  • AVDF deployment on AWS
  • Use of global sets in alert policy conditions
  • Customize severity or defer security assessment findings

20.12
  • Discover unmonitored databases
  • Centralized view of enabled audit policies

20.11
  • Integration with identity providers for single-sign-on
  • QuickCSV audit collector
  • Use global sets in All Activity/Compliance reports
  • Fleet-wide security assessment drift chart

20.10
  • Include primary key in before/after value tracking
  • Monitor security configuration drift from the baseline
  • Support Global sets for the session_context values (IP address, OS user, DB client program, DB user)
  • Agentless audit collection for MS SQL Server

20.9
  • Centralized security assessments for Oracle databases
  • Discover sensitive objects and privileged users
  • Before/after values for MS SQL Server
  • Audit insights into top user activities
  • Operational system alerts for AVDF deployments
  • Out-of-place upgrades for reduced downtime

20.8
  • Decrypt TLS traffic & analyze SQL statements with Database Firewall
  • Block SQL traffic from undefined service name in Database Firewall
  • Restart Audit Vault agents from console

20.7
  • Export/import Database Firewall policies
  • Agent auto-restart on host/process restart

20.6
  • Pre-update operational checks
  • Audit trail downtime report for historical visibility

20.5
  • STIG unified audit policy for Oracle 21c
  • Custom CSV audit collector support
  • FIPS 140-2 compatibility for embedded database and OS

Launching AVDF 20
  • Combines auditing with real-time SQL traffic monitoring
  • Single console for all audit and firewall operation
  • Support for Oracle, non-Oracle, OS, cloud, on-premises
  • Centralized, scalable, regulatory-ready architecture

 

Next Steps:

To take advantage of all the latest features and improvements, update your AVDF environment to Release Update 20.15

Learn More