Oracle extends Audit Vault third-party database compatibility

By Jeff Kelly, News Editor 29 Jan 2009 | SearchOracle.com

Oracle news and trends Digg This!     StumbleUpon     Del.icio.us

Oracle's database monitoring and auditing tool can now access data from two more third-party databases and applications, the company announced yesterday.

Oracle Audit Vault, which collects audit data for monitoring, analysis and compliance requirements, is now capable of capturing data from IBM's DB2 versions 8.2 and 9.5 for Linux, UNIX and Windows, and Sybase Adaptive Server Enterprise database servers versions 12.5 and 15.0, according to Vipin Samar, vice president of database security at Oracle.

When first released in May 2007, Audit Vault could collect data only from Oracle databases, limiting its effectiveness. In July, Oracle added Microsoft SQL Server compatibility to Audit Vault and enhanced the product's ability to produce customizable reports with Oracle Application Express, according to Samar.

Built using Oracle's data warehouse software, Audit Vault collects and stores data from various data sources to help companies monitor database user activity, identify potential security or regulatory breaches, and create reports for internal and external auditors to comply with federal and state regulations like PCI and SOX.

If, for example, a user tries multiple passwords to gain access to an application or database, the Audit Vault can "raise a red flag" about the suspicious behavior, Samar said. Users can also create custom reports focused on specific types of activity or users.

More on Oracle governance, risk and compliance Find out why one analyst thinks now is the time for customers to push Oracle to improve its GRC offerings   Read about Oracle's acquisition of GRC firm LogicalApps

"The idea that companies are taking is 'trust but verify,' " he said, adding that Audit Vault's new capabilities to connect to IBM, Sybase and Microsoft databases were prompted, in part, by customer demand.

Samar said most companies today collect audit data with homegrown scripts and applications, a time-consuming and inefficient process. Others use network and database traffic-sniffing software from vendors like Guardiam to monitor user activity. Audit Vault simplifies the process, he said, by collecting audit data directly from the source and storing it for reporting and analysis in a single repository.

Most database management systems, including those from IBM and Microsoft, have built-in but siloed monitoring capabilities, making it difficult to gain a "horizontal view" of database activity throughout an enterprise, according to Trent Henry, an analyst with Midvale, Utah-based Burton Group.

Audit Vault's ability to monitor non-Oracle databases will make it easier to monitor enterprise-wide database activity with a single tool, and therefore easier to spot suspicious user behavior that targets multiple proprietary databases.

Tags: Oracle governance, risk and compliance,  Oracle database security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Oracle governance, risk and compliance Guide to Oracle virtualization licensing and support Oracle updates Agile PLM for food and beverage compliance Understanding different Oracle development license strategies How to calculate Universal Power Unit license requirements Do I need new Oracle and Linux licensing to perform Linux testing? Can I make my Oracle Processor license central for multiple users? Oracle raises prices on database management packs Risk analysis software now part of Oracle Agile PLM software portfolio Oracle New Year's resolutions, part 2: GRC tips and customer resolutions revealed Oracle updates records management system Oracle governance, risk and compliance Research Oracle database security Oracle delivers database fixes in Critical Patch Update How to use DBMS_CRYPTO package for Oracle password encryption/hashing How to decrypt an Oracle password using John the Ripper and checkpwd How to use the CREATE SESSION command to track Oracle database logins How to troubleshoot Oracle critical patch updates using OPatch Can I automate Oracle patching when installing Oracle Standard Edition? Is it possible to automate Oracle CPUs for a DoD project? Three steps to help improve Oracle database security Tips for auditing and securing database backups in Oracle How to prevent a SQL injection attack in Oracle

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary