Security : Oracle Audit Vault

Posted on August 15th, 2011 by Sanjit Anand | Print This Post | Email This Post

In security series, lets know another product.

Oracle Audit Vault is a security product that automates the consolidation of audit data into a secure repository, enabling efficient monitoring and reporting. This makes Oracle Audit Vault is a powerful solution providing a secure repository, built-in reporting, event alerting.This uses Oracle data security to protect audit data end-to-end. It helps to:

• Consolidate and secure audit data from multiple instances of these databases – Oracle, Microsoft SQL Server, Sybase, IBM DB2.
• Oracle Audit Vault is having out-of-the box compliance reports such as SOX, PCI and HIPAA requirements.
• This also have entitlement reports for Oracle database to showing users, privileges and roles.
• Policies can be created for SQL statements, schema objects, database privileges like alter, create, drop, grant etc.
• Oracle Audit Vault raise alerts for suspicious activity on sensitive data like employee salaries, credit card numbers etc.
• This have feature to capture before/after data value changes from Oracle database transaction logs.
• Audit Vault can be administered and managed separately through Audit Vault server and Console

Functional architecture of Audit Vault consists of two major components :

• Audit Vault Server – A stand-alone stacked application that contains a data warehouse built on a customized installation of Oracle Database.
• Audit Vault Collection Agent – The Agent is responsible for managing the collectors, which are specific to an audit source the source database and the Audit Vault Server by pulling the audit trail data from the source and sending it to the Audit Vault Server over SQL*Net.

Scenarios Lets try to do a fitment of this product . here is one problem.

Customer is having a large set of sensitive data that gets Access or modified frequently but not audited then probably .

Solution: If have similar problem , Implement Oracle Audit Vault. The approach would be:

• Develop a policy to identify and protect sensitive information.
• Automate the collection and consolidation of audit data.
• Quickly and automatically detect unauthorized activities that violate security and governance policies.

Oracle Note:

• Oracle Audit Vault Page
• Data Sheet
• Oracle Audit Valut FAQ

1. OECD – Standard Audit File for Tax Purposes (SAF-T)@ORACLE
2. Database Auditing
3. Understanding Security in : Oracle Financials and Manufacturing
4. Oracle Fixed Asset:Security by Book
5. Security :Oracle User Management