Organizations today have hundreds or even thousands of databases, applications, and operating systems where user and administrator activities need to be audited and monitored for security and compliance reasons. That oversight requires continuous collection and analysis of huge amounts of activity data in order to run reports and generate alerts on anomalous activities for further investigation. Of course, network monitoring and database auditing solutions have existed for several years, but organizations must now rethink how to achieve 360-degree visibility while facing shrinking IT resources and considering not just today’s demands, but also those of tomorrow.
We are thrilled to announce that the fully revamped and refreshed Oracle Audit Vault and Database Firewall 20 is now available to help you meet auditing and monitoring requirements for your databases whether they are on-premises or on the cloud. Oracle Audit Vault and Database Firewall 20 brings not just improved ease-of-use and wider coverage, but also enhancements to address enterprise requirements for extensibility, scale, and security.
We upgraded the user interface engine to give a modern, responsive, and intuitive look and feel. We simplified and optimized the UI for common workflows and easier navigation. Both Audit Vault and Database Firewall components can now be managed from the same console, centralizing the administrative activities.
To reduce the cost of operations, we brought the proven best practices through single-click provisioning of out-of-the-box audit policies for Oracle databases. Along with dozens of out-of-the-box reports on the activity data from across all your resources, you can easily filter reports by a given user, IP address, type of activity, time period, or any combination. For Oracle databases, we can provide both the before and after values for transactions on specific tables or schemas, making it easy to track the lifecycle of sensitive data.
We extended coverage by collecting audit data from PostgreSQL in addition to our existing support for Oracle, MySQL, Microsoft SQL Server, SAP Sybase, and IBM Db2 LUW databases. With our rich and extensible audit collection framework, you can collect and analyze audit data from almost any system that generates an audit trail. Our collector framework now reads audit data stored in JSON or XML files, database tables, or available via RESTful API - making it possible to collect audit data from databases such as MongoDB via a simple attribute mapping table.
Database Firewall continues to stand out as a major differentiator through its highly accurate grammar analysis of the SQL statements, and its ability to identify anomalous SQL traffic. The multi-stage database firewall analyzes different contextual conditions to implement access control policies without impacting the database. At the simplest level, it can allow or deny SQL statements based on connection metadata such as IP address, OS user name and database user name. Next, Database Firewall uses allow-list and deny-list rules on clusters of SQL statements to block and raise alerts on SQL injection attempts well before the SQL has even reached the database. Finally, the Database Firewall can enforce policies based on table names and even the type of SQL statement.
To simplify deployment across complex networks, customers can now use the Host Monitor agent on Windows (in addition to Linux, AIX, Solaris) to forward a copy of the SQL traffic to the Database Firewall independent of the actual network topology.
In response to customer feedback, we added support for automatically archiving the audit data to low-cost storage locations after a predefined time period. For centralized user management, we now support authentication and authorization with Microsoft Active Directory and OpenLDAP.
Oracle Audit Vault and Database Firewall 20 supports both network-based SQL monitoring and database auditing with the needed scale and flexibility that enterprise organizations demand. It implements the ever-important ‘trust but verify’ security principle and can serve as the first line of defense for your data assets.
我们升级了用户界面引擎,以提供现代,响应迅速和直观的外观。我们简化和优化了UI,以实现常见的工作流程并简化了导航。现在可以从同一控制台管理Audit Vault和Database Firewall组件,从而集中管理活动。
为了降低运营成本,我们通过单击配置Oracle数据库的现成审计策略,提供了行之有效的最佳实践。连同来自你的所有资源的许多活动数据的现成报告,可以轻松地按给定用户,IP地址,活动类型,时间段或任意组合过滤报告。对于Oracle数据库,我们可以提供特定表或模式上的事务的before和after值,从而可以轻松跟踪敏感数据的生命周期。
除了对Oracle,MySQL,Microsoft SQL Server,SAP Sybase和IBM Db2 LUW数据库的现有支持之外,我们还通过从PostgreSQL收集审核数据来扩展覆盖范围。借助我们丰富而可扩展的审核收集框架,可以从几乎任何生成审核跟踪的系统中收集和分析审核数据。我们的收集器框架现在可以读取存储在JSON或XML文件,数据库表中或通过RESTful API提供的审核数据,从而可以通过简单的属性映射表从数据库(例如MongoDB)收集审核数据。
数据库防火墙通过对SQL语句的高度精确的语法分析以及识别异常SQL流量的能力,继续成为主要的差异化产品。多级数据库防火墙分析不同的上下文条件以实施访问控制策略,而不会影响数据库。在最简单的级别上,它可以基于连接元数据(例如IP地址,OS用户名和数据库用户名)来允许或拒绝SQL语句。接下来,数据库防火墙在SQL语句的群集上使用允许列表和拒绝列表规则,以在SQL尚未到达数据库之前就阻止和引发有关SQL注入尝试的警报。最后,数据库防火墙可以基于表名甚至SQL语句的类型强制执行策略。
为了简化跨复杂网络的部署,客户现在可以使用Windows上的Host Monitor代理(除了Linux,AIX,Solaris之外),将SQL流量的副本独立于实际的网络拓扑转发到数据库防火墙。
为了响应客户的反馈,我们增加了对在预定时间段后自动将审核数据归档到低成本存储位置的支持。对于集中式用户管理,我们现在支持Microsoft Active Directory和OpenLDAP的身份验证和授权。
Oracle Audit Vault和Database Firewall 20支持基于网络的SQL监视和数据库审核,并具有企业组织所需的所需规模和灵活性。它实施了极为重要的“信任但验证”安全原则,并且可以作为您数据资产的第一道防线。
