Oracle database auditing product aids compliance

Audit Vault consolidates and manages information from databases

Oracle Monday announced general availability of auditing software that consolidates and manages information from databases, providing an in-depth view of audit data.

Oracle Audit Vault is the company’s first product to specifically address auditing requirements, although Oracle has previously embedded some auditing capability inside its databases, according to Vipin Samar, the vendor’s vice president of database security.

With today’s release, Oracle can help customers gather information from multiple databases to generate reports and alerts, thus uncovering insider threats and aiding compliance with regulations like the Sarbanes-Oxley Act, HIPAA and the Payment Card Industry data security standard, he says.

“Using the product, organizations can consolidate audit silos across their enterprise and securely house the audit data in a single location,” Oracle states in a press release. “Additionally, Oracle Audit Vault’s alerting capability assists organizations in detecting unauthorized access early, helping mitigate risk and potential financial liabilities.”

The product adds to the security capabilities Oracle introduced with Database Vault, which controls user access to databases.

Audit Vault works only with three Oracle databases: Oracle Database 10g Release 1, Oracle Database 10g Release 2 and Oracle9i Database Release 2. It does not support any databases made by other vendors, though Samar says because of customer demand Oracle will make the product work on SQL and IBM databases sometime within the next fiscal year.

Audit Vault is one of several products that take a new approach to auditing by looking deeply within the database, as opposed to all other kinds of infrastructure, says Trent Henry, senior analyst with the Burton Group. Audit capabilities within databases have traditionally impacted database performance, and these new tools attempt to eliminate that problem, he says.

A number of third-party vendors have made such products, including Imperva and Lumigent.

Third-party vendors have the advantage of supporting multiple databases, while Oracle supports only its own, Henry says.

Oracle, though, has intimate knowledge of databases, and many organizations that already rely on numerous Oracle products might be willing to give Audit Vault a try, he says.

Testing suggests Audit Vault does not significantly harm database performance, he says. Still, some enterprises are wary of auditing databases and would rather use an appliance that watches traffic over the network, according to Henry.

Audit Vault costs $50,000 per processor, according to Samar.

Oracle decided to develop the product because of the market demand for tools that help comply with SOX and other regulations governing security and privacy. “All of them have a very critical auditing element,” Samar says. “They want to know who is accessing your systems and under what conditions. They also want to know if companies have any control over them.”

Learn more about this topic

Oracle releases first ECM product since buying Stellent

04/30/07

SOX compliance made easier with pre-configured audit reports

03/26/07

Credit card industry struggles to enforce security standard

01/25/07

Join the discussion
Be the first to comment on this article. Our Commenting Policies