Oracle Audit Vault Review

A powerful, full-featured network data security solution


What is our primary use case?

Our primary use case is to filter the database traffic internally and to know who is doing what in the database and why they are doing it at any point in time.

How has it helped my organization?

Generally, security is enhanced and monitoring traffic and data became possible using this solution rather than others. You can audit and configure notifications so that you get notified when somebody accesses particular objects within the database. It's one of the key features. 

What is most valuable?

The ability to isolate the view and who has the rights to view the audit logs is valuable to us. Senior executives can check the system, the IT team, the IT individuals, and the administrators. 

Another interesting feature is the ability to view the traffic by the IT, as well as individual machines. This can help scale down trailing traffic on the network. It makes it possible to look into a traffic jam from a particular machine by MAC and IP address.

Also, address administrators cannot go in and delete audit trails which would otherwise allow users to circumvent the audit trail. In the implementation of the Oracle Audit Vault, we can monitor not only Oracle Databases, but also monitoring, server databases that within the environment. It isn't only specific Oracle Database.

What needs improvement?

This kind of solution should supply more analytical data for the traffic that comes in. I think that that side is not as strong as some other products. However, it is stronger in other areas and superior in some ways for security. The Oracle product monitors the database and not the operating system as well which is an area that can use improvement.

What do I think about the stability of the solution?

The solution itself is stable, but if there is a skills gap within the department and none of the IT guys understand that in Oracle Audit Vault and Database Firewall solution things can go wrong. If customers don't train the in-house employees properly as to how the solution is deployed limited skills can result in stability issues.

After the deployment, I recommend designating two or three people to get training. I do provide a bit of information into a general report to help clients but it may not always be enough. There is also the possibility of falling back into bad habits after a while when making changes in the system.

What do I think about the scalability of the solution?

The product is highly scalable. You can grow it by adding on multiple nodes and those nodes would definitely be able to be monitored in a server upon which you deploy an application. So there is really not any limitation on scalability. You can just add on or reduce other services within the environment. The fewer servers, the more efficient the logging. More servers may create problems for users coming through.

The Audit Vault server is isolated from the production server environment configuration, so ideally there's not any interference in terms of scalability. You could grow on demand. 

How are customer service and technical support?

My technical expertise allows me to handle many technical trainings, in Blackberry and other solutions for Oracle, for Oracle customers in Nigeria, in Ghana, in Zambia, in Tanzania, and in Kenya. I handle many Oracle customers. They purchase through a local Technology Associate which is an Oracle partner here. Oracle has contacted me in the past to handle issues because I am able to deploy that solution. 

If you previously used a different solution, which one did you use and why did you switch?

As a consultant, I install different products based on client need. I have experience also with Imperva SecureSphere Database Security and IBM Guardian which are products I still recommend and deploy.

How was the initial setup?

This product is not very easy to set up. You set up separate machines and it's isolated from the production environment and the other system which you're auditing. After that, you just point the IP addresses on which production cybers are running. Then it starts monitoring them. 

Sometimes there have to be additional changes within the database, within the production server, and some other basic configurations. For example, in 12C you have unified audit trail, and in other versions of Oracle like 9-9, 10G, 11G, you don't have the unified auditing. Unified auditing in 12C is a bit complex so you have to configure it to log the traffic activities. Another example is doing what we call a 'petition auditing' whereby you use triggers to audit.

If a client wants to capture all database traffic to all the servers for both successful logins and unsuccessful logins and store a complete audit trail data and that cannot be tampered with by the administrators, this takes additional setup. Assigning user privileges can take some time to do correctly so users cannot misuse their privileges.

Generation of distributional reports, tracking the sign off of those reports, encryption of tentative data in the database all need to be configured since Oracle has other features such as Transparent Database Encryption, TDE. 

Because of my experience with the solution, I am able to deploy within three to five days. But the whole system needs to be considered. Machines must have enough processing power and the storage for the audit trail data because that data can grow rapidly if not monitored well. Storage can become a challenge. 

With deep knowledge and understanding of these technologies, I can seamlessly and quickly deploy the solution. It will be far more difficult for users who are not already familiar with the solution.

What was our ROI?

I've seen a return on investment for many customers though it is hard to tell exactly. For me, having clients with successful, useful deployments means my business continues to be successful. For clients the superior security, power, customizability and reasonable ease of use return in time savings and secure data.

What's my experience with pricing, setup cost, and licensing?

On licensing, Oracle is very expensive. Oracle handles the licensing. I just do the deployment. Especially now that they are moving towards the cloud, cloud licensing becomes very expensive. Maybe sales guys do not always advise customers better as to the advantages, but customers generally have a fear of the costs of licensing for Oracle specifically.

In terms of cost, in addition to the standard licensing fees, there are add-ons. It costs in resources and software as well as deployment to create and manage a complete set of Cloud services, including infrastructure as a service, creditors service, customer service, etc. 

I've recommended that for monitoring purposes and management capability and even for non-Oracle databases approach to go for Enterprise Manager Cloud Control. Just deployment of this firewall without Cloud Control will not get most users optimal value. 

Technology keeps evolving all the time. I think one needs to really do a lot of research and innovation to get to know what's new in different products before they can acquire any product at all. It's very important. For me, before I advise the customer on the product or upgrade, I do comprehensive research.

Which other solutions did I evaluate?

Again, as a consultant, our job is to provide the best solution for a particular client's needs. We are constantly evaluating products to keep flexible and make the base deployments. For example, if the client basically uses everything purely Oracle it usually makes sense to go with Oracle Audit Vault.

What other advice do I have?

I would rate Oracle Audit Vault an eight out of ten. The features are there, but the users don't know how to take full advantage of them. I would strongly recommend that, when evaluating products, they need to understand the key features to leverage them. 

But again, at the end of the day, it's the mandate of the sales guy to get the customers to understand the product as they go to buy. If a sales guy is not selling well then there's a challenge. I'll pick out the key important features that will provide the most value. 

I always try to educate clients and tell them to spread out and do a proper proof of concept. If another product is better for resolving specific issues, it is the one they should deploy.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email