There’s nowhere to hide! Introducing local connection monitoring in Audit Vault and Database Firewall 20.13

November 18, 2024 | 4 minute read
Nazia Zaidi
Senior Principal Product Manager - Audit Vault and Database Firewall
Text Size 100%:

Oracle Audit Vault and Database Firewall (AVDF) 20.13 is a feature-packed release update that concentrates on your critical requirements and introduces significant features focusing on usability and expanding enterprise support.

Here is what’s new in the latest AVDF Release:

  1. Monitor administrator activities over local or bequeath connections
  2. Audit activity by AVDF auditors and administrators
  3. Added support for Oracle Database 23ai
  4. Collect violation logs from Oracle Database 23ai SQL Firewall
  5. Added support for agentless collection when AVDF is in high availability configuration
  6. Deploy AVDF in AWS
  7. Use global sets in alert policy conditions
  8. Customize database security assessment severity
  9. Updated AVDF assessment to the current version of the Database Security Assessment Tool (DBSAT)

Now, let's review in detail.

  • Nowhere to hide! Monitor administrator activities over local or bequeath connections: With AVDF 20.13, you can now inspect commands issued using local connections to the database through loopback (non-Oracle and Oracle) and bequeath (Oracle) when the database firewall is deployed in Host Monitor (HM) mode. With this feature, you now have complete visibility into database activities performed by all users including administrators -even if they connect to the database from the database server!
  • Who watches the watcher? AVDF does! Audit activity by AVDF auditors and administrators: AVDF already audits critical operating system and database level activities performed on the AVDF system. 20.13 introduces monitoring for activities performed at the AVDF console and via the command-line interface. We’ve also introduced a new set of AVDF system audit reports, including AVDF console, database, and operating system auditing. These reports will help you view and analyze administrators' and auditors' activities and can help you meet regulatory requirements for self-audit.
AVDF System Reports: AVDF console audit reports
Figure 1: AVDF System Reports: AVDF console audit reports

 

  • Added support for Oracle Database 23ai: AVDF 20.13 extends support for Oracle Database 23ai. 
    • You can now collect audit and database firewall events from Oracle Database 23ai.
    • You can now manage and provision Oracle Database 23ai audit policies from AVDF.
  • Collect violation logs from Oracle Database 23ai SQL Firewall: SQL Firewall is built into the Oracle Database 23ai kernel to address both SQL injection attacks and compromised accounts. SQL Firewall is included with your AVDF license, so as you add Oracle Database 23ai targets to AVDF you can begin to take advantage of SQL Firewall immediately. With AVDF 20.13, you can now collect SQL Firewall violation logs to analyze possible threats and generate alerts based on SQL Firewall policy violations. SQL Firewall violation events are available to auditors in the ALL ACTIVITY report of AVDF. 
  • Agentless collection when AVDF is in high availability configuration: Agentless audit collection is a popular choice when testing use cases, doing proof of concepts, and scenarios where you don’t want to install agents on the target. Enhancing this functionality in AVDF 20.13, the agentless collection is now extended to work seamlessly when the AVDF Server is configured in high availability mode.
  • Deploy AVDF in AWS: AVDF can now be installed on AWS, giving you greater flexibility in your deployment. You can download AVDF 20.13 AWS-supported images from the Oracle Software Delivery Cloud, upload them to an AWS S3 bucket, and create instances of AVDF on AWS.
  • Use global sets in alert policy conditions: Global sets allow you to group lists of IP addresses, OS/DB users, privileged users, sensitive objects, and client programs into sets that can be reused across multiple database firewall policies, ALL ACTIVITY, and GDPR compliance reports. You can now use these global sets in alert policy conditions, improving usability and efficiency. You can also filter the ALL ACTIVITY report based on a global set and use that filter to create alert policy conditions with a single click.
Alert Policy with Global Sets
Figure 2: Alert Policy with Global Sets

 

  • Customize database security assessment severity: With AVDF 20.13, the security assessment feature gives you the flexibility to change the default severity level of a security check or defer the test according to your organization's requirements and set that as a baseline for the subsequent assessments.
  • Updated AVDF assessment to the current version of the DBSAT: The current release of DBSAT brings valuable updated checks and recommendations that come from the Oracle Best Practices, US Department of Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) for Oracle Database and the current Center for Internet Security (CIS) Benchmark. AVDF's security assessment feature is updated with the current release of DBSAT to provide the latest security checks and recommendations. 

Get started today

Like every AVDF release update, AVDF 20.13 includes important functional and security fixes. We strongly recommend that you apply the AVDF 20.13 release update to enhance the usability, stability, and security of your AVDF deployment.

Watch AVDF short videos for the key new features of AVDF 20.13 and its value proposition. 

You can download the updated software from Oracle Support (patch 37088743) or a fresh install software package from the Oracle software delivery cloud.

You can also install AVDF on Oracle Cloud Infrastructure. The AVDF 20.13 image is available from the Oracle Cloud Marketplace, and you can provision a complete AVDF system in just a few minutes. 

Learn More

Nazia Zaidi

Senior Principal Product Manager - Audit Vault and Database Firewall

Nazia Zaidi is the Sr. Principal Product Manager of Oracle Audit Vault and Database Firewall (AVDF). She has two decades of experience in database, database security, and cloud security technologies. Nazia helps Oracle's customers strategize their information/cloud security posture to meet varying business and regulatory requirements. She advises across a broad range of security solutions and markets, including financial institutions, government, defense, technology, telecom, healthcare, and retail.

Show more

Previous Post

Announcing Oracle Database 23ai Free container images for ARM-based Apple MacBook computers

Gerald Venzl | 4 min read

Next Post


Oracle Transaction Manager for Microservices (MicroTx) on Azure, AWS, and GCP

Todd Little | 3 min read