Oracle Audit Vault and Database Firewall provides a first line of defense for databases and consolidates audit data from databases, operating systems, and directories. A highly accurate SQL grammar-based technology monitors and blocks unauthorized SQL traffic before it reaches the database. Information from the network is combined with detailed audit information for easy compliance reporting and alerting. With Oracle Audit Vault and Database Firewall, monitoring controls can be easily tailored to meet enterprise security requirements.
Database Firewall for Activity Monitoring and Blocking
Oracle Database Firewall provides a sophisticated next-generation SQL grammar analysis engine that inspects SQL statements going to the database and determines with high accuracy whether to allow, log, alert, substitute, or block the SQL. Oracle Database Firewall supports white list, black list, and exception list based polices. A white list is simply the set of approved SQL statements that the database firewall expects to see. These can be learned over time or developed in a test environment. A black list includes SQL statements from specific users, IP addresses, or specific types that are not permitted for the database. Exception list-based policies provide additional deployment flexibility to override the white list or black list policies. Policies can be enforced based upon attributes, including SQL category, time of day, application, user, and IP address. This flexibility, combined with highly accurate SQL grammar analysis, enables organizations to minimize false alerts, and only collect data that is important. Database Firewall events are logged to the Audit Vault Server enabling reports to span information observed on the network alongside audit data.
Fine Grained, Customizable Reporting and Alerting
Dozens of out-of-the-box reports provide easy, customized reporting for regulations such as SOX, PCI DSS, and HIPAA. The reports aggregate both the network events and audit data from the monitored systems. Report data can be easily filtered, enabling quick analysis of specific systems or events. Security Managers can define threshold based alert conditions on activities that may indicate attempts to gain unauthorized access and/or abuse system privileges. Fine grained authorizations enable the Security Manager to restrict auditors and other users to information from specific sources, allowing a single repository to be deployed for an entire enterprise spanning multiple organizations.
What's New in Oracle Audit Vault and Database Firewall Release 12.1.2
New Enterprise-Grade Features
iSCSI SAN storage support for audit repository
NFS storage support for audit data archiving
Simplified Audit Vault Agent deployment
Audit Vault Agent automatic update
Policy alerts forwarding to syslog
Audit Vault repository protection by Oracle Database Vault
Extended Platform Support
Database Firewall support for Oracle Database 9i and MySQL 5.6
Windows and Linux 32-bit host OS for Audit Vault Agents
Oracle Linux 6.x OS (with auditd 2.2.2 up to version 6.4) auditing support
Additional Improvements and Enhancements
Oracle Database 12c user entitlement report enhancement
Easier UI for Secured Target registration
Reports improvements on audit data quality and completeness
Single button download of Audit Vault Server diagnostic files