Oracle Audit Vault and Database Firewall: Product Overview and Analysis

See our complete list of top database security vendors

Bottom Line

Oracle Audit Vault and Database Firewall (AVDF) is particularly relevant to regulated industries that need to satisfy regulatory compliance requirements for collecting and retaining audit data from databases, as well as those needing extra protection for customer credit card data in order to comply with address regulations such as PCI-DSS. Although it serves many kinds of databases, AVDF is probably most applicable to enterprises already committed to Oracle but who also manage a wide range of other databases.

Product Description

Oracle Audit Vault and Database Firewall (AVDF) monitors Oracle and non-Oracle database traffic to detect and block threats, while also improving compliance reporting by consolidating audit data from databases, operating systems, directories, and other sources. Oracle AVDF can also gather operating system audit data, as well as audit data from other databases via custom collectors.

Database Security Features Rated

Databases served: Very good

Oracle AVDF supports Oracle, MySQL, DB2, Sybase and Microsoft SQL Server databases, as well as other DBs via custom collectors. AVDF also supports operating systems, directories, file systems, and application-specific audit data.

Problem solved: Very good

AVDF addresses two critical security and compliance needs:

• Protection against database attacks such as SQL injection, application bypass, client spoofing and other malicious activities at the network level
• Collection and monitoring of audit data to detect unauthorized or suspicious activity and generate reports to support corporate and regulatory compliance with regulations such as GDPR, SOX, and PCI.

A SQL grammar-based engine in AVDF monitors and blocks unauthorized SQL traffic before it reaches the database. It acts as the database’s first line of defense on the network, enforcing expected application behavior while helping prevent SQL injection, application bypass, and other malicious activities from reaching the database.

Database activity data from the network is combined with audit data from the monitored systems for compliance reporting and alerting. Out-of-the-box reports provide customized reporting for regulations such as GDPR, SOX, PCI DSS, and HIPAA.

Value: Good

AVDF is an inexpensive add-on for databases that can help companies needing extra firewall protection and/or additional audit and compliance coverage.

IT Central Station gave AVDF a 7.6 out of 10 rating, slightly behind direct competitors such as IBM Guardium and Imperva SecureSphere.

Implementation: Fair

An AVDF appliance deploys quickly and does not require OS kernel modifications or drivers on the database servers. The Audit Vault Server component consolidates audit data from Oracle and non-Oracle databases, operating systems, directories, file systems, and application-specific audit data.

At the same time, Database Firewall acts as the database’s first line of defense on the network, enforcing expected application behavior and helping prevent SQL injection, application bypass, and other malicious activities from reaching the database.

An Oracle DBA asked about AVDF’s ease of use had the following comments: “Initial setup was not straightforward, because we should have considered the network environment when we decided the policy configuration. The complexity of AVDF depends on the system (network) environment. If the number of DBs to be protected is high, you should consider organizing the network environment.”

Management: Very good

AVDF includes a GUI-based console that enables users to manage firewall and audit policies, monitor and respond to alerts, and generate reports.? In addition, AVDF is supported through Oracle Enterprise Manager, Oracle’s on-premises management platform.

The DBA gave it four stars and said, “By integrating two major functions (auditing and database firewall) into a single product, it became easier to use, and the scope is really wide.”

Support: Very good

Technical support for AVDF is provided by Oracle’s Global Support organization. Customer and partner product training is available through Oracle University. In addition, the Oracle Technology Network hosts an on-line Oracle Audit Vault and Database Firewall forum. The DBA gave it eight out of ten for support.

A Database Management Manager at a financial services firm had the following to add about AVDF: “We can get quick support from Oracle support.”

Cloud: Good

AVDF provides visibility into system use and activity tracking for both on-premise and cloud systems across a hybrid data center.

Intelligence

Database Firewall incorporates an SQL grammar engine that analyzes and evaluates SQL statements on the fly from network traffic. The Database Firewall analyzes these SQL level interactions and can alert on policy violations, optionally blocking or re-writing SQL statements in the process.

Delivery

Oracle Audit Vault and Database Firewall is packaged as a full-featured software appliance that contains everything needed to install the product on bare hardware, including the operating system. During installation, it configures all the software (OS, networking, database and so on) with minimal user involvement.

Agents

The Audit Vault functionality of AVDF uses lightweight agents to transfer audit data from target systems, optionally removing the data from the target system in order to conserve space on the system. Database Firewall can be deployed as a proxy for all network traffic between database clients/application servers and provides the flexibility for both active and passive monitoring. Database Firewall can also be deployed on a network tap or span port to enable passive monitoring of database activity.

Pricing

AVDF starts at $6,000.