Oracle Audit Vault Review

Integration with our SIM facilitates auditing by providing us with a complete picture


What is our primary use case?

We have a few applications that use the Oracle Audit Vault as a broker service to log into the application. It uses the credentials provided by this solution. We are not using the firewall component.

How has it helped my organization?

This solution acts as a complete data warehouse for our audit data. Anytime we need to search for details about what happened, from a proactive monitoring perspective, or react to see what access permissions were granted or denied, we can look at this.

We have an alert mechanism implemented, and we also use some of the built-in reports. The reports are typically used by management, and we have a risk management dashboard. Management looks at the reports, and the indicators in them, to determine what level the security has been at over the past month. They can tell whether it has improved or gone down.

What is most valuable?

The most valuable feature is that Oracle Access Vault is integrated with our SIM (Security Information Management tool), which gives us a complete picture of what access is being provisioned in our organization. We do not use the interface provided by Oracle Audit Vault, except to export the data into our SIM.

What needs improvement?

The reporting is an area of the solution that needs to be improved.

Customized reporting is something that we are struggling with, and it is quite tough for us. Every time we need to prepare a custom report, we have to involve the vendor. This is unlike other solutions where the reports are easy to customize.

Another problem with reporting emerges on the topic of compliance and certain international standards. The standard set of reports do not provide sufficient details for the PCS and ISO standards.

It is important to have better integration with most of the tools to manage unstructured data or SIM solutions. If we change vendors for our SIM then we want to have the best possible support.

For how long have I used the solution?

More than four years.

What do I think about the stability of the solution?

This product is quite stable and robust. We have not faced any issues with respect to stability in the past few years.

What do I think about the scalability of the solution?

We do not have heavy requirements in terms of scalability on our end, so I am unsure.

We currently have between ten and twelve users. These people are middle management, our database administrator, and I am the Data Center Lead.

This solution is extensively used on a daily basis, as it is one of the pillars of our overall monitoring solution. We have no plans to increase usage at this time.

How are customer service and technical support?

Since our first contact with Mannai, they have been able to resolve most of our issues. Only in cases of problems that they cannot fix will they raise an SR with Oracle. Generally, they are quite capable.

Which solution did I use previously and why did I switch?

We did not use a specific solution prior to this one.

We do not use the database firewall component that is included with this solution. For our database activity monitoring, we rely on IBM Guardium.

How was the initial setup?

The installation itself is quite straightforward, but the configuration does not happen at the same time. We have fine-tuned our configuration over the past year or two, which has reduced the high number of false positives. We now only receive clear, actionable alerts. Most of these kinds of tools require a lot of fine-tuning to be done, based on your environment. It all depends on how fast you can do it, based on your database requirements.

It took approximately three months to deploy this solution and bring it into production.

What about the implementation team?

We used a reseller for assistance with the implementation of this solution. They are the Mannai Corporation, here in Doha, and they are quite good.

The majority of the deployment was handled by them, and we only had two people involved. These people were our DBA and backup DBA, and they are now users of the solution.

For the maintenance of this solution, if we have an issue then we simply call Mannai and they will come and fix it.

What was our ROI?

When it comes to security solutions it is very difficult to calculate ROI. There is no clear cut ROI for which you can put a number in terms of operational effectiveness or security-related components.

What's my experience with pricing, setup cost, and licensing?

This solution is definitely not expensive, and it is a small fraction of the overall database licensing costs. It is a simple add-on license, but it is not perpetual so we have to pay licensing fees every year.

Which other solutions did I evaluate?

We evaluated a lot of solutions before choosing this one, and some of them were used for a very long time. One of these was Imperva. The determining factor was the cost. Since we are already an Oracle customer, we received a large discount on the product.

Other than pricing, most of the solutions in the same space provide a similar type of output. The benefit of going with Oracle is, if you are using an Oracle database then the integration is quite strong internally.

What other advice do I have?

If you are with Oracle completely and you do not have a mix of databases then this is a great solution. However, if you have a solution that includes a mix of databases then it has a lot of limitations.

The advantage of going with Oracle Audit Vault comes from its integration with data encryption, masking, and all of the Oracle security technologies.

Overall, this solution delivers what it is intended to do and we are quite happy with the product. There are, however, improvements required in terms of reporting.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest