Oracle Audit Vault Review

The REDO_COLL function captures all changed values in the audited tables of a database.

What is most valuable?

The most valuable features of this product are auditing the old and new values after each change in the database, REDO_COLL and capturing application context functionalities.

REDO_COLL is a function provided by Oracle Audit Vault where the system captures all values that are changed in the audited tables of a database. So if someone fires an update in a table, the auditing system will not only capture the value which was enforced as part of the update, but will also capture the old value (before the update was done).

Application Context is an interesting implementation, where we can pass additional information about front-desk application users in the audit trail. So, when we look at an audit log we not only see the database user but also the application user who has viewed/changed the data.

How has it helped my organization?

Auditing as an imperative function of any Enterprise company. We require the audit logs for compliance needs and for tighter control of the infrastructure. Being in the Health Insurance industry and handling PHI & PII data, there are compliance mandates enforced by HIPAA. Oracle audit Vault helps us implement the control points enlisted under "Audit Requirements". HIPAA mandates us to track any/all access to ePHI data in our system, even if it is just a READ ONLY access. With Oracle Audit Vault, we have a centralized system to access all Audit Trails for sensitive data access.

What needs improvement?

The price factor makes it “out of reach" for small players in the IT industry. Even the SaaS model is very expensive. SaaS is an alternative hosting model where Oracle hosts the audit vault in their data center and installs audit collection agents on client data center. They host these appliances in their HIPAA-complaint data center where all controls are active. They work with the client to set-up secure channels for audit data and then sign BAA with the client. This auditing feature is made available as a service for which Oracle charges on a pro-rated basis.

Also, Audit Vault is not yet licensed to run with Other Cloud offerings like Amazon AWS, which makes it difficult to implement incase your existing tech-stack is on AWS or any other non-Oracle-Cloud Infrastructure.

For how long have I used the solution?

I have used this product for almost a year.

What was my experience with deployment of the solution?

Yes, its not certified to run with Amazon AWS.

What do I think about the stability of the solution?

I did not encounter any such issues. The product was both stable and scalable.

What do I think about the scalability of the solution?

I did not encounter any scalability issues either.

How are customer service and technical support?

The technical support is great.

Which solution did I use previously and why did I switch?

We did not use any other solutions. Our company needed a full auditing suite for our database along with capturing application context and REDO_COLL functionality. This product was our first choice.

How was the initial setup?

It has an appliance setup which is not supported on Amazon or any other third party cloud, making the process very cumbersome.

What's my experience with pricing, setup cost, and licensing?

The pricing policy is quite aggressive. We must equal the number of processors on DB in accordance with this appliance, thus making it very expensive.

Which other solutions did I evaluate?

We evaluated the IBM Guardium solution.

What other advice do I have?

If this product falls under your budget, then there is nothing like it in the market.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Oracle Audit Vault reviews from users
Add a Comment