Oracle's database monitoring and auditing tool can now access data from two more third-party databases and applications, the company announced yesterday.
When first released in May 2007, Audit Vault could collect data only from Oracle databases, limiting its effectiveness. In July, Oracle added Microsoft SQL Server compatibility to Audit Vault and enhanced the product's ability to produce customizable reports with Oracle Application Express, according to Samar.
Built using Oracle's data warehouse software, Audit Vault collects and stores data from various data sources to help companies monitor database user activity, identify potential security or regulatory breaches, and create reports for internal and external auditors to comply with federal and state regulations like PCI and SOX.
If, for example, a user tries multiple passwords to gain access to an application or database, the Audit Vault can "raise a red flag" about the suspicious behavior, Samar said. Users can also create custom reports focused on specific types of activity or users.
"The idea that companies are taking is 'trust but verify,' " he said, adding that Audit Vault's new capabilities to connect to IBM, Sybase and Microsoft databases were prompted, in part, by customer demand.
Samar said most companies today collect audit data with homegrown scripts and applications, a time-consuming and inefficient process. Others use network and database traffic-sniffing software from vendors like Guardiam to monitor user activity. Audit Vault simplifies the process, he said, by collecting audit data directly from the source and storing it for reporting and analysis in a single repository.
Most database management systems, including those from IBM and Microsoft, have built-in but siloed monitoring capabilities, making it difficult to gain a "horizontal view" of database activity throughout an enterprise, according to Trent Henry, an analyst with Midvale, Utah-based Burton Group.
Audit Vault's ability to monitor non-Oracle databases will make it easier to monitor enterprise-wide database activity with a single tool, and therefore easier to spot suspicious user behavior that targets multiple proprietary databases.