The two most valuable features of this product are:
- Database access control
- Auditing of users
First of all, it is very easy to configure users and their appropriate roles and permissions on a database. The product allows us to set rules and restrictions at very minute levels.
Secondly, it audits user activities and presents relevant information in graphs and tabular formats; includes details, such as time, query and objects. We can create custom alerts for transactions and monitor and block incoming requests.
It also helps in IT auditing as we can retrieve required information in a matter of clicks.
Improvements to My Organization:
Information technology outsourcing: Audit Vault and Database Firewall has helped us in many ways; specifically, to restrict and control access to data. It also has helped us identify/recover from many accidental transactions. The product has helped us to organize and monitor different applications and their transactions.
Using the features provided by this product, we have implemented restrictions on data access for individual users accessing the application to perform activities on the database. Restrictions/monitoring can be configured for column/row level as well. With Oracle Audit Vault and Database Firewall, you can create alerts for suspicious activity, create changes to privileged users, create historical reports on schema changes and data-level access. Audit Vault also can audit OS and network events. It can also be used to audit other databases (such as MYSQL, IBM, etc.) and databases in the cloud.
Room for Improvement:
According to Oracle, the best practice is that Audit Vault Server and DB Firewall should be deployed on different boxes (servers). There is no option to co-locate them together. If you wish to deploy AV server and Database Firewall, you will need two servers; one dedicated to Database Firewall and the other dedicated to AV Server.
Use of Solution:
I have been using this product for over 1.5 years.
We haven’t had any stability issues as yet, as you can even configure for HA (High Availability) as well.
Security controls can be customized with in-line monitoring and blocking on some databases and monitoring only on other databases. The Database Firewall can be deployed in-line, out-of-band, or in proxy mode to work with the available network configurations.
For monitoring remote servers, the Audit Vault Agent on the database server can forward the network traffic to the Database Firewall. Delivered as a soft appliance, a single Audit Vault Server can consolidate audit logs and firewall events from thousands of databases.
Both Audit Vault Server and the Database Firewall can be configured in a HA mode for fault tolerance.
Technical support, both online at support.oracle.com and the ability to contact and create service requests with Oracle, gives a lot of room for the end user to play with. Oracle is also a very mature solution and has support for all kinds of implementations and administration tasks, and even has mature documentation regarding errors and possible alerts that may arise.
Previously, we were using Oracle Database default auditing and security measures, but always faced problems in reading audit data and creating custom alerts and reports. It is also limited to the amount of data to restriction that can be applied, such as auditing of unknown connections.
Installation and configuration of Oracle Audit Vault and Database Security is very simple and a server can be deployed in a matter of minutes once the media is in hand.
Cost and Licensing Advice:
Oracle provides highly stable and well-documented products and their support assures value for your money.
If an organization is interested in additional security over their Oracle database, this is the best option available, as it is easy to deploy and configure.
Disclosure: My company has a business relationship with this vendor other than being a customer: My current employer is a Platinum partner of Oracle and has implemented this, as well as many other products, over the years.