Oracle DAM (Audit Vault/Data Vault)

Introduction

Oracle Audit Vault and Database Firewall (DAM) provides a first line of defense for databases and consolidates audit data from databases, operating systems, and directories. A highly accurate SQL grammar-based engine monitors and blocks unauthorized SQL traffic before it reaches the database. Database activity data from the network is combined with detailed audit data for easy compliance reporting and alerting. With Oracle Audit Vault and Database Firewall, auditing and monitoring controls can be easily tailored to meet enterprise security requirements.

AVDF includes an enterprise quality audit data warehouse, host-based audit data collection agents, reporting and analysis tools, alert framework, audit dashboard, and sophisticated next-generation Database Firewall. The Database Firewall uses a sophisticated grammar analysis engine to inspect SQL statements going to the database and determines with high accuracy whether to allow, log, alert, substitute, or block the incoming SQL. AVDF comes with collectors for Oracle Database, Oracle MySQL, Microsoft SQL Server, IBM DB2 (on LUW), SAP Sybase, Oracle Key Vault, Microsoft Active Directory, Linux, AIX, Windows, Solaris, and HPUX.

Fine Grained, Customizable Reporting and Alerting

Dozens of out-of-the-box compliance reports provide easy, customized reporting for regulations such as

  • SOX
  • PCI DSS, and
  • HIPAA

Reports aggregate network events and audit data from the monitored systems. Summary Reports, Trend Charts and Anomaly Reports can be used to quickly review characteristics of user activity and help identify anomalous events. Report data can be easily filtered, enabling quick analysis of specific systems or events. Security Managers can define threshold based alert conditions on activities that may indicate attempts to gain unauthorized access and/or abuse system privileges. Fine-grained authorizations enable the Security Manager to restrict auditors and other users to information from specific sources, allowing a single repository to be deployed for an entire enterprise spanning multiple organizations.

Enterprise Audit Data Consolidation and Lifecycle Management

Native audit data provides a complete view of database activity along with full execution context irrespective of whether the statement was executed directly, through dynamic SQL, or through stored procedures. In addition to consolidating audit data from databases, operating systems, and directories, the Audit Collection Plugin can be used to collect audit data from application tables or XML files and transfer them to the Audit Vault Server.
Audit data from databases may be automatically purged after it has been moved to the Audit Vault Server. Audit Vault Server supports data retention policies spanning days, weeks, or years on a per source basis, making it possible to meet internal or external compliance requirements. To prevent unauthorized access or tampering, Audit Vault and Database Firewall encrypts audit and event data at every stage, in transmission and at rest.

Deployment Flexibility and Scalability

Security controls can be customized with in-line monitoring and blocking on some databases and monitoring only on other databases. The Database Firewall can be deployed in-line, out-of-band, or in proxy mode to work with the available network configurations. For monitoring remote servers, the Audit Vault Agent on the database server can forward the network traffic to the Database Firewall. Delivered as a soft appliance, a single Audit Vault Server can consolidate audit logs and firewall events from thousands of databases.

Both Audit Vault Server and the Database Firewall can be configured in a High Availability mode for fault tolerance.

Oracle Audit Vault & Database Firewall
KEY FEATURES
  • Performs activity monitoring and blocking on the network and consolidates audit data from Oracle, MySQL, Microsoft SQL Server, SAP Sybase, and IBM DB2 databases.
  • White list, black list, and exception list-based enforcement on the network
  • Collects audit data from systems deployed on-premise and in the cloud
  • Built with an extensible audit collection framework with templates for XML and table based audit data
  • Includes dozens of built-in customizable compliance reports and delivers proactive alerting and notification
  • Supports interactive, PDF, and Excel reports
  • Incorporates a fine-grained audit data access authorization model
  • Highly scalable architecture supports large number of databases with high traffic volumes
  • Delivered as a secure, preconfigured software appliance for convenience and reliability
  • Supports high availability deployment options
KEY BENEFITS
  • First line of defense that transparently monitor or blocks unauthorized traffic, provides a complete view of database activity, and consolidates audit data
  • Achieve compliance quickly with packaged and customizable reports
  • Meet both security and compliance requirements with a single deployment
  • Lower cost of ownership with highly accurate SQL analysis, out-of-the-box reports, and proactive alerts