As Published In
Oracle Magazine
March/April 2013



Unified Database Activity Monitoring and Auditing

by David Baum


Oracle Audit Vault and Database Firewall simplifies database security and mitigates threats to corporate data.

According to a report from the Verizon RISK Team, more than 1 billion database records were breached around the world from 2004 to 2011.1 As companies endeavor to secure sensitive data within the enterprise, the need has emerged for cost-effective, easy-to-use tools that can be quickly deployed companywide. To that end, Oracle has merged and advanced two proven security solutions—Oracle Audit Vault and Oracle Database Firewall—into a single software appliance-based platform: Oracle Audit Vault and Database Firewall.

The new product goes well beyond merging the functionality of the existing Oracle Audit Vault and Oracle Database Firewall products, explains Roxana Bradescu, director of database security product management at Oracle. “We did a complete rearchitecture and introduced a brand-new platform. Organizations can detect unauthorized database activity and block that activity before it even reaches their databases. They can also lower the cost and complexity of compliance reporting by consolidating audit data,” she explains.

Improving Detection and Prevention

According to the 2012 IOUG Data Security Survey,2 only 25 percent of organizations are monitoring for unauthorized database activity on most of their databases. In addition, according to Forrester Consulting, an estimated 80 percent of IT security programs do not include a database security strategy.3

In a three-tiered architecture, once an application writes data to the database, there is no additional protection around that data, except for whatever security is implemented at the database layer. To thwart attacks, organizations must extend data protection efforts beyond perimeter and end-point defenses to the database level.

Oracle Audit Vault and Database Firewall streamlines enterprisewide monitoring, auditing, and compliance operations by permitting organizations to easily audit activity from their applications all the way to the database and the file system.

“Oracle Audit Vault and Database Firewall monitors all network traffic to Oracle and non-Oracle databases and can detect and block unauthorized activity,” says Bradescu. “But the special sauce is making sure authorized activity is not impacted. Accuracy and performance are critical. Oracle utilizes a unique SQL grammar analysis to ensure that attacks are stopped but business is not.”

Next Steps

 WATCH the product launch Webcast

 LEARN more

A Foundation for Complete Security

Oracle Audit Vault and Database Firewall provides a unified solution for activity monitoring, auditing, and reporting in conjunction with a robust database firewall that blocks unauthorized database activity.

“Effective monitoring and auditing is the first line of defense,” Bradescu says. “This new solution gives organizations complete visibility into database activity needed to protect data. Only native auditing can provide information about database sessions and full visibility into database activity such as stored procedures, nested procedures, recursive SQL, triggers, and scheduled jobs.”

Flexible white lists and black lists in the product enforce expected application behavior. Policies can also be established to monitor and audit the activities of privileged users, including SQL traffic monitoring of Oracle Database, Microsoft SQL Server, SAP Sybase, IBM DB2, and MySQL. Oracle Audit Vault and Database Firewall can consolidate audit data from Microsoft Active Directory, Microsoft Windows, Oracle Solaris, and Oracle Automatic Storage Management Cluster File System.

“Combining Oracle Audit Vault and Oracle Database Firewall is a logical step [because] it combines the real-time analytics and the ability to do ex post and forensic analytics on database activities,” says Martin Kuppinger, founder and principal analyst at Kuppinger-Cole. “Oracle also raises the bar with its broad support for heterogeneous database environments. We recommend evaluating this new offering as the baseline solution for database security.”

1 2012 Data Breach Investigations Report, conducted by the Verizon RISK Team with cooperation from US and international law enforcement agencies
2 Closing the Security Gap, 2012 Independent Oracle Users Group Survey
3 “Formulate a Database Security Strategy to Ensure Investments Will Actually Prevent Data Breaches and Satisfy Regulatory Requirements,” a Forrester Consulting paper

David Baum is a freelance technology writer.

Send us your comments