Oracle Audit Vault and Database Firewall monitors Oracle and non-Oracle database traffic to detect and block threats, as well as improves compliance reporting by consolidating audit data from databases, operating systems, directories, and other sources. It can be deployed on-premises or in the Oracle Cloud.
Oracle Audit Vault and Database Firewall (AVDF) is a complete Database Activity Monitoring (DAM) solution that combines native audit data with network-based SQL traffic capture. AVDF includes an enterprise quality audit data warehouse, host-based audit data collection agents, powerful reporting and analysis tools, alert framework, audit dashboard, and a multi-stage Database Firewall. The Database Firewall uses a sophisticated grammar analysis engine to inspect SQL statements before they reach the database and determines with high accuracy whether to allow, log, alert, substitute, or block the incoming SQL. AVDF comes with collectors for Oracle Database, Oracle MySQL, Microsoft SQL Server, PostgreSQL, IBM Db2 (on LUW), SAP Sybase, Oracle Key Vault, Microsoft Active Directory, Linux, Windows, AIX, Solaris, and HPUX. A Quick-JSON collector simplifies ingesting audit data from databases like MongoDB. In addition to the provided collectors, AVDF's extensible framework allows simple configuration-based audit collection from JDBC-accessible databases and REST, JSON, or XML sources, making collection from most other systems easy. A full featured Java SDK allows creation of collectors for applications or databases that don't use a standard technology to record their audit trail.
Dozens of out-of-the-box compliance reports provide easy, schedulable, customized reporting for regulations such as GDPR, PCI, GLBA, HIPAA, IRS 1075, SOX, and UK DPA. Reports aggregate network events and audit data from the monitored systems. Summary reports, trend charts and anomaly reports can be used to quickly review characteristics of user activity and help identify anomalous events. Report data can be easily filtered, enabling quick analysis of specific systems or events. Security managers can define threshold based alert conditions on activities that may indicate attempts to gain unauthorized access and/or abuse system privileges. Fine-grained authorizations enable security managers to restrict auditors and other users to information from specific sources, allowing a single repository to be deployed for an entire enterprise.
By collecting native audit data from databases, AVDF provides a complete view of database activity along with full execution context irrespective of whether the statement was executed directly, through dynamic SQL, or through stored procedures. In addition to consolidating audit data from databases, operating systems, and directories, audit data can be collected from application tables, JSON data sources, via REST APIs, or XML files using custom collectors. Audit data from databases may be automatically purged from the target database after it has been moved to the Audit Vault Server, freeing up valuable space for business data. Audit Vault Server supports data retention policies on a per source basis, making it possible to meet internal or external compliance requirements. To prevent unauthorized access or tampering, AVDF encrypts audit and event data at every stage, in transmission and at rest. For Oracle Databases, AVDF can track changes to data, user entitlements, and stored procedures. Historical tracking of important data attributes lets you quickly report on the lifecycle of a data attribute. User entitlements tracking enables easy reporting on which users have what privileges, along with differential reporting on what has changed since the last report. Maliciously modified stored procedures are a frequent vector for data theft - stored procedure tracking helps you quickly spot changes. With support for Oracle's unified audit, it is easy to implement best practices for auditing using pre-seeded audit policies.
Security controls can be customized with in-line monitoring and blocking on some databases and monitoring only on other databases. The multi-stage Database Firewall can be deployed in-line as a database proxy server, or out-of-band in network sniffing mode, or with a host-based agent that relays network activity back to the firewall for analysis and recording. Delivered as a pre-configured software appliance that can be deployed on Linux-compatible hardware of choice, a single Audit Vault Server can consolidate audit data and firewall events from thousands of databases. It is also available from the Oracle Cloud Marketplace and can be deployed in an Oracle Cloud Infrastructure tenancy within minutes. Both Audit Vault Server and the Database Firewall can be configured in a High Availability mode for fault tolerance.
Oracle Audit Vault and Database Firewall 20 supports both cloud and on-premise databases with one single dashboard, giving customers insight into the activities on their databases.