5 Replies Latest reply on Oct 4, 2010 10:07 PM by 766212

    Oracle Audit Vault vs Third Party Tools


      Please post your experience in using or evaluating third-party tools to monitor database activities and performing vulnerability assessments. I am currently evaluating tools such as Guardium, DBProtect, and IPLocs and need feedback from the members of this forum of their experiences and pros and cons…

      Edited by: rizviqa on Feb 2, 2009 4:17 AM
        • 1. Re: Oracle Audit Vault vs Third Party Tools
          All of these tools are positives and negatives but there are three things Audit Vault can do that none of its competitors can touch.

          1. Fully supported by Oracle and will be in the future. No other product can make that guarantee.

          2. Has access to Oracle internals so, for example, some of these products can monitor network traffic but it is easy for someone to run something on the server, inside the database, that produces zero network traffic.

          3. Guaranteed to work with all current and future Oracle security features.

          <just a personal opinion>
          As I look at what some of these products do I am, quite frankly, amazed Oracle hasn't sued them. Some of these products seem to have reverse engineered Oracle in violation of the license terms and it is possible, at any point in time, for Oracle to slam the door on them.
          </just a personal opinion>
          • 2. Re: Oracle Audit Vault vs Third Party Tools
            Thanks!!!! I agree with your points.

            What product do you use or recommend to perform Vulnerability Assessments? Does Audit Vault offer a mechanism to run periodic vulnerability assessments?
            • 3. Re: Oracle Audit Vault vs Third Party Tools
              OEM Grid Control is a good place to start.

              But the best place is with Pete Finnigan's blog.
              No one knows Oracle security as well as Pete: Not even Oracle.
              His website contains gem after gem after gem. It is better than any product.
              • 4. Re: Oracle Audit Vault vs Third Party Tools
                I have used DBProtect for a number of years. It depends on what you really want to do with your audits.
                DBProtect offers both a vulnerability module and an auditing module -- they have rolled both into one product now.
                If you do NOT have an externally facing database and your main issue is to keep a basic eye on your databases this system does basic monitoring and you can tailor it further if you don't mind the clunky customizing interface and can make it do what you want. They have an upgrade process even they don't fully trust....but it is supposedly getting better. Overall they are improving -- they now have Oracle host-based sensors for Unix and finally for Windows. I'm not sure how reliable the one for Windows is yet. Not that it's bad, just haven't been using it long. Forget about the network-based sensors as they are troublesome and if you have a web-based app where the web&app servers are on the same box with the database it can't detect anything as there is No network traffic directly to the database.....of course only small systems would be configured this way.

                While DBProtect is not terrible it is wise to see what else is out there besides it and Audit Vault as the Oracle product is much more expensive....so it depends on your exposure, your auditors requirements, your database and organization size and budget and assorted other concerns. In the end you have to leap in and choose, try it out and see if it fits for you and then change it if necessary (always a painful thought -- financially and technically) -- Good Luck.....I'm keeping my eyes open myself so if you find anything good please recommend on-line.
                • 5. Re: Oracle Audit Vault vs Third Party Tools
                  we tried to setup audit vault and it was far from easy, had a huge overhead, and on top of it all had vulnerabilities. There's a new product in the market that we're now looking at and looks very impressive IMHO. it's called Core Audit from Blue Core Research.

                  Pros: it's an easy setup. took us 5 mins to set it this up and start collecting as opposed to Audit Vault which took hours. It's low overhead.

                  Cons: No Sqlserver support yet. They only support oracle database.

                  good luck