Oracle has merged the core capabilities of the Oracle Audit Vault and Oracle Database Firewall products, creating the new Oracle Audit Vault and Database Firewall product which expands protection beyond Oracle and third-party databases with support for auditing the operating system, directories and custom sources.
Now delivered as a software appliance-based platform, Oracle Audit Vault and Database Firewall is designed to provide critical detective and preventive control to protect against the abuse of legitimate access to databases that is responsible for almost all data breaches and cyber attacks, says Oracle.
“It is really one single, streamlined solution to do both security and compliance for Oracle and non-Oracle databases, and extending beyond databases, to operating systems, file systems, and directories – essentially the structure surrounding your database,” notes Vipin Samar, vice president, Database Security, Oracle. “And once you have got your data into one single store, then you can analyze it on the security side and on the compliance side.”
Part of Oracle's comprehensive portfolio of database security solutions, Oracle Audit Vault and Database Firewall complements Oracle Advanced Security and Oracle Database Vault.
“Data governance is increasingly important in many organizations and, as we know from the IOUG survey [“Closing the Security Gap: 2012 IOUG Enterprise Data Security Survey”] that we did earlier this year, we have very few organizations that are monitoring sensitive data access - who is reading that data, who is updating that data - so it is critical that organizations put in place this kind of a solution to monitor and audit that kind of activity,” adds Roxana Bradescu, director of product marketing, Data Security, Oracle.
“Monitoring really happens before any transaction hits the database,” says Bradescu. “Essentially, the Database Firewall component of Oracle Audit Vault and Database Firewall sits in front of all the databases and can monitor for any kind of unauthorized activities like SQL injection attacks - another one of those things that every organization is worried about – and can block them before they even reach the database so it is both a detective and a preventive solution.”
The new Oracle Audit Vault and Database Firewall product provides SQL Traffic monitoring of all certified versions of Oracle and third-party databases, including Microsoft SQL Server, SAP Sybase, IBM DB2, and MySQL; a unique approach to SQL grammar analysis to reduce millions of SQL statements into “clusters” for unrivaled accuracy and scalability; and easy to create whitelists, blacklists and exception lists to better detect unauthorized database activity including SQL injection attacks.
It also provides the ability to collect, consolidate, and manage native audit and event logs from Oracle and third-party databases; additional support for collecting and consolidating audit and event logs from Microsoft Windows, Microsoft Active Directory, Oracle Solaris and Oracle Automatic Storage Management Cluster File System, as well as XML and table-based audit sources through XML-based Audit Collection Plugins.
The consolidated, centralized repository enables all audit and event logs to be analyzed in real-time against pre-defined policies; offers visibility into stored procedure execution, recursive SQL and operational activities; comes with dozens of built-in reports to meet compliance requirements; and provides a range of alerts, including multi-event alerts and alert thresholds.
More information is available about Oracle Audit Vault and Database Firewall.