Oracle Audit Vault Review

Custom alerts give us traceability of non-DBAs accessing databases as a power user.

What is most valuable?

Reports and alerts are most valuable to us. Management wanted complete traceability of non-DBAs accessing databases using a database power user account. With the help of Audit Vault custom alerts, we were able to control this with 100% compliance.

How has it helped my organization?

Some major improvements in organizational operations:

  • Our organization has a complete alert and control mechanism to identify unauthorized access of PROD databases.
  • Compliance with United States government security and audit standards.
  • Proactive control of audited parameters, like failed log-on attempts, to avoid Denial of Service (DoS) attacks.
  • Improved management awareness about database compliance metrics using Audit Vault.

What needs improvement?

Large scope of improvements:

  • A method to group targets (databases generating audit files) logically is missing; for example, PROD, QA, UAT & DEV targets.
  • An alert mechanism based on logical grouping is missing.
  • A simplified graphic mechanism for the management team.
  • Remote start and stop of the Audit Vault collector agent.
  • Sophisticated audit file management tools to control growth of audit files on the target server.

For how long have I used the solution?

We started our journey in mid-2010 and it’s still in live production.

What do I think about the stability of the solution?

This product is not stable for large environments with more than 50 targets. Also, it is not recommended for the Audit Vault data warehouse database to be a RAC. It seems that the product is not tested with more than 50 targets, so be ready for performance and usability surprises. To overcome these limitations, we worked with a core designer Audit Vault team and suggested product improvements for future releases. I hope they have incorporated these suggestions in the 12.1/12.2 versions.

What do I think about the scalability of the solution?

This product has scalability issues, which we resolved after working with a Audit Vault core designer. Some of the major issues are:

  • This product runs a dynamic partition creation DDL on core warehouse tables at runtime, which is not recommended. The problem escalates when you introduce RAC as a warehouse database. This feature simply kills the warehouse RAC database from a performance point of view.
  • The Audit Vault collector process on warehouse databases is designed to consume more memory to speed up processing and avoid a CPU spike. This holds good when collectors are limited, but when your target base grows, this kills the database server and results in frequent database restarts due to full memory capacity.
  • The collector process on target servers is not able to identify abrupt Audit Vault server reboots and freezes. To resolve the same, you need to restart all collectors, one-by-one, manually.
  • While adding a new target, if you have old Audit Vault files (say one or two years old) and if the agent captures that file, then the internal Audit Vault mechanism starts day-wise partition creation. That results in shared pool locks and it gets worse in the case of RAC. The workaround is to clean up all existing audit files and then reinstall the agent.

How are customer service and technical support?

I love Oracle support because of its flexible nature. We faced many major roadblocks during implementation, from a scalability point of view. It gave us pleasure to work directly with an Oracle core designer team to address all issues within our timeline. So, the support is excellent.

Which solution did I use previously and why did I switch?

This was our first solution.

How was the initial setup?

Initial setup is very simple. There are not many components. Our only worry was the collector process, which runs on the target environment. Also, management of the same is a bit tedious, as remote agent start/stop is not available.

Which other solutions did I evaluate?

There are not many products available in this segment. We evaluated a couple of products from small organizations, but this is the only solution available for enterprise-class organizations.

What other advice do I have?

Go ahead and implement the latest version. The product is really good with many built-in features and controls.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Oracle Audit Vault reviews from users
Find out what your peers are saying about Oracle, IBM, Imperva and others in Database Security. Updated: July 2021.
524,194 professionals have used our research since 2012.
Add a Comment
ITCS user
1 Comment

author avatarSubhash Kasundra (Capgemini)

Audit Vault implementation review