- What platforms does the Oracle Audit Vault Collection Agent support?
The Oracle Valut Collection Agent is generally availale for the Linux x86/x64, Solaris SPARC 64-bit, HP-UX PA-RISC (64-bit), HP-Itanium, AIX5L Based Systems (64-bit). The Ports for Windows will be available soon.
For the latest information on supported Oracle Audit Vault platforms, review the certification matrix on the OracleMetaLink Web site. The OracleMetaLink Web site is available at:
http://metalink.oracle.com
If you do not have a current Oracle Support Services contract, then you can access the same information at:
http://www.oracle.com/technology/support/metalink/content.html
- Is there Oracle Audit Vault training available?
Oracle University has created a formal class for Oracle Audit Vault. If you are interested in taking the class, please call 1.800.529.0165 or contact your local Oracle University sales Representative.
In addition, Viewlets, Oracle By Example (OBE) exercises, and Audit Vault Best Practices will be available on the Oracle Technology Network along with additional collateral at the Audit Vault launch pad.
- What Oracle database editions are supported by Oracle Audit Vault?
Oracle Audit Vault supports Standard and Enterprise editions of the Oracle database.
- What platforms does Oracle Audit Vault server run on?
The Oracle Audit Vault server is generally available for the Linux X86/X64 platform (RedHat Enterprise Linux AS 3.0, 4.0, SuSE SLES9 & SuSE SLES10), Solaris Sparc (64 bit), HP-UX PA-RISC (64 bit) , HP-Itanium, AIX5L (64 bit). Ports for Windows will be available soon.
For the latest information on supported Oracle Audit Vault platforms, review the certification matrix on the OracleMetaLink Web site. The OracleMetaLink Web site is available at:
http://metalink.oracle.com
If you do not have a current Oracle Support Services contract, then you can access the same information at:
http://www.oracle.com/technology/support/metalink/content.html
- What versions of the Oracle Database does Oracle Audit Vault support?
Oracle Audit Vault consolidates audit data from Oracle Database9i Release 2 and later releases including Oracle Database 10g, Oracle Database 10g Release 2, and Oracle Database 11g.
- What is Oracle Audit Vault?
Oracle Audit Vault is a new security product that automates the audit collection and analysis process, turning audit data into a key security resource to help address today's top business challenges around compliance and insider threats. Oracle Audit Vault helps organizations enforce the trust-but-verify security principle and is part of Oracle's overall defense-in-depth security strategy that includes other components such as Oracle Database Vault for controlling access, Oracle Advanced Security for Transparent Data Encryption, and Oracle Identity Management for user management.
- Who is the target market for Oracle Audit Vault?
Oracle Audit Vault is a cross vertical product, appealing to any organization with data security, data privacy, and regulatory compliance challenges such as Sarbanes-Oxley (SOX). Specific industries with governance requirements will likely have strong interest in Audit Vault and be likely first adopters, including financial services, insurance, healthcare, pharmaceuticals, retail, energy, and government. In addition, customers who are increasingly concerned with insider threats and monitoring DBA or privileged user activity, especially with outsourced administration, will be interested in Audit Vault.
- What are the key benefits of Oracle Audit Vault?
Oracle Audit Vault addresses today's compliance and insider threat challenges by helping:
- Transparent Collection and Consolidation of Audit Data
- Simplify Compliance Reporting
- Detect Threats Early
- Provide a Secure and Scalable Repository
- Lower Cost and Complexity of Compliance with Audit Policies
- How does Oracle Audit Vault simplify compliance reporting?
Using Oracle Audit Vault, audit data is consolidated from across the enterprise, enabling internal/external IT Auditors, and IT security officers to utilize built-in reports and obtain an enterprise wide view of user access and activity. Reports relating to privileged user access, account management activity, role management activity, data access activity, and failed login attempts are included with Oracle Audit Vault. The drill-down capability provides full visibility into the details of the what, where, when, and who of the audit events.
Oracle Audit Vault has an open data warehouse schema allowing customers using Oracle Application Express, business intelligence tools such as Oracle BI Publisher or 3rd party business intelligence tools to build custom reports designed for their specific business needs.
- How does Oracle Audit Vault detect threats early?
Oracle Audit Vault continuously monitors inbound audit data, generating alerts based on IT policies, providing a proactive early warning for potential problems. Examples of alerts that can be defined include privileged user changes, schema modifications, and sensitive application data access.
- How does Oracle Audit Vault transparently collect and consolidate Audit Data?
Oracle Audit Vault utilizes native database auditing to create audit trail data on the Oracle Database sources. A Collection Agent continuously extracts the audit data from the source and sends it to the Oracle Audit Vault repository.
Oracle Audit Vault’s pre-defined reports show who is accessing what data and under what conditions. Oracle Audit Vault reports, combined with the protection of audit data within Oracle Audit Vault offer a means by which to demonstrate proof of compliance to internal and external auditors. In addition, Oracle Audit Vault alerts help detect threats early, helping keep systems in compliance with internal and external policies.
- How does Oracle Audit Vault provide security and scalability?
Oracle Audit Vault provides a secure audit warehouse environment designed for the storage, protection and analysis of large amounts of audit data. Oracle Audit Vault leverages Oracle Database Vault and Oracle Advanced Security to strictly control access and prevent tampering of audit data. Oracle Audit Vault leverages all the scaling features of Oracle database including Oracle Partitioning to enhance manageability and performance, enabling audit data to be physically partitioned based on business requirements.
Oracle Audit Vault can optionally be deployed with Oracle Real Application Clusters (RAC) for additional scalability.
- Many customers are looking to follow the COSO/COBIT framework for their compliance auditing requirements. How does Oracle Audit Vault help them?
Oracle Audit Vault meets COBIT objectives such as the ability to monitor and report activities such as changes in audit policy, successful and failed logons, alerting for failed logons, tracking of user privileges and general system security via event logs.
- How does Oracle Audit Vault help with PCI compliance?
The Payment Card Industry (major credit card companies) has developed the Data Security Standard (DSS) as a guideline to help organizations that process card payments prevent credit card fraud, hacking and various other security issues. A company processing card payments must be PCI compliant or they risk losing the ability to process credit card payments. PCI DSS details security procedures, specifying that organizations must
- "implement automated audit trails for all system components,"
- "secure audit trails so they cannot be altered,"
- "limit viewing of audit trails to those with a job-related need,"
- "protect audit trail files from unauthorized modifications," and
- "retain audit trail history for at least one year, with a minimum of three months available online."
(From Security Audit Procedures v 1.1, Requirement 10: Track and monitor all access to network resources and cardholder data.) Oracle Audit Vault helps organizations to address each of these requirements.
- How does Oracle Audit Vault differ from Oracle Database Vault?
Oracle Database Vault is a security option for Oracle Database Enterprise Edition that provides strong access controls inside the database to prevent access to application data from highly privileged users, including the DBA.
Oracle Audit Vault is a new security product that monitors the enterprise-wide database activity, helping address compliance and insider threat challenges by collecting and consolidating audit data from multiple databases. Oracle Audit Vault helps enforce the trust-but-verify security principle and is part of Oracle's overall defense-in-depth security strategy.
Oracle Database Vault controls the "Who, What, When, Where and How" of the database activity, while Oracle Audit tells you about the "Who, What, When, Where and How" of the database activity.
- What platforms does Oracle Audit Vault server run on?
The Oracle Audit Vault server is generally available for the Linux X86/X64 platform (RedHat Enterprise Linux AS 3.0, 4.0, SuSE SLES9 & SuSE SLES10), Solaris Sparc (64 bit), HP-UX PA-RISC (64 bit) , AIX5L (64 bit). Ports for Windows, and HP-Itanium will be available soon.
- What platforms does the Oracle Audit Vault Collection Agent support?
Linux x86/x64, Solaris SPARC 64-bit, HP-UX PA-RISC (64-bit), AIX5L Based Systems (64-bit), and Windows
- What versions of the Oracle Database does Oracle Audit Vault support?
Oracle Audit Vault consolidates audit data from Oracle Database9i Release 2 and later releases including Oracle Database 10g and Oracle Database 10g Release 2.
- When will Oracle Audit Vault support non-Oracle databases and applications?
Oracle understands that audit data collected from non-Oracle databases is a critical requirement for some customers. Oracle plans to offer the ability to collect audit data from non-Oracle databases and applications into a future release of Oracle Audit Vault. Specifically inclusion of SQL Server audit data is planned for release in the coming fiscal year, followed by IBM UDB audit data.
We also plan to release Audit Vault Collector SDK that can be used by partners and customers to write custom audit collectors for sources or applications not directly supported by Oracle today. The SDK is currently in beta and available to selected partners and customers.
- How are customers addressing the auditing problem today?
To meet the requirements from auditors, most customers are using home-grown scripts to collect the audit data, and analyze them. Besides running into the well-known challenges of using manual methods and scripts, they have difficulty in collecting the audit data from multiple systems, scaling up, securing the audit data, analyzing it for alerts and other irregularities, creating reports to meet individual requirements from the auditors, and in being able to send the audit settings centrally. Since archival and management of audit data has become a mandatory requirement for many compliance regulations, it requires a scalable, secure, and flexible product that meets the requirements not just for this quarter, but for years to come.
Some customers have been looking at small niche vendors, but none of them provide the depth and the flexibility required in addressing the audit data collection and management problem.
- How does Oracle Audit Vault fit into Oracle’s compliance framework/GRC solution/strategy?
Oracle Audit Vault is part of Oracle’s Governance, Risk, and Compliance (GRC) and will serve as an audit repository and audit analysis tool for many of the Oracle products, which comprise the GRC solution. Oracle Audit Vault serves as the backbone of secure audit, one of the five principle areas identified in the Oracle GRC platform.
- How prevalent is database auditing?
Database Auditing is quite prevalent in more regulated industries such as Financial Services, Health Care, Energy, and Public sector. Some customers do heavy auditing, while some mainly audit the privileged user activities. After Oracle came out with Fine-grain auditing (FGA) in Oracle9i, many customers started to use that to audit access to sensitive data.
- Is there Oracle Audit Vault training available?
Oracle University is creating a formal class for Oracle Audit Vault, please watch for announcements. In addition, Viewlets and Oracle By Example (OBE) exercises will be available on the Oracle Technology Network along with additional collateral.
- Where do I go to learn more?
Visit http://www.oracle.com/goto/auditvault for white papers, data sheets and other materials, or contact an Oracle representative near you.
Bookmark
