Académique Documents
Professionnel Documents
Culture Documents
Trust-but-Verify
An Oracle White Paper
May 2007
Introduction
Auditing is playing an increasingly important role in the areas of compliance,
privacy, and security. Satisfying compliance regulations such as SarbanesOxley and mitigating the risks associated with the insider threat are among the
top security challenges businesses face today. Today, the use of audit data as a
security resource remains very much a manual process, requiring IT security and
audit personnel to first collect the audit data, and then sift through enormous
amounts of dispersed audit data using custom scripts and other methods. Oracle
Audit Vault automates the audit collection and analysis process, turning audit
data into a key security resource to help address today's security and compliance
challenges.
AMERICAS
Sarbanes-Oxley (SOX )
EU Privacy Directives
-2-
related data such as social security numbers or credit cards on the underlying
storage media. Numerous high profile cases have been published regarding lost
or stolen disk drives and backup tapes. Reporting and monitoring process help
enforce the trust-but-verify principle by auditing the activities of all users,
especially the privileged users. In addition, such audit data can be used to alert
IT security personnel to issues that may violate a specific compliance regulation.
However, leveraging audit data today is an inefficient, time consuming and
costly process due to the fact that audit data is distributed across multiple
systems. Audit data needs to be consolidated, secured, and easily accessible by
IT security and audit personnel.
-3-
Simplify Compliance
Reporting
Monitor Policies
Reports
Detect Threats
With Alerts
Security
Oracle Database
9iR2
(Future)
Other Sources,
Databases
Oracle Database
Oracle Database
10gR1 Oracle Database 11gR1
10gR2
Using Oracle Audit Vault businesses are able to consolidate large volumes of
audit data from multiple sources and thereby obtain a complete view of audit
data using over one dozen built-in reports for analyzing audit data. In addition,
the collected audit data is analyzed for any suspicious activity, and an alert is
raised when that event occurs. Oracle Audit Vaults graphical user interface
also allows the IT Security Officers and IT Auditors to create and provision
auditing policies to the databases.
Central to Oracle Audit Vault is a secure data warehouse built on Oracle's
industry leading data warehousing technology and secured with Oracle's
industry leading Database security products such as Oracle Database Vault and
Oracle Advanced Security. Oracle Audit Vault includes Oracle Partitioning to
improve manageability and performance.
Oracle Audit Vault helps businesses improve their ability to comply with
regulatory requirements by ensuring the collection and accuracy of the audit
data, and by lessening the time and effort to demonstrate that mandated controls
are in effect and working.
-4-
requirements. The drill-down capability provides full visibility into the details
of the what, where, when, and who of the audit events.
Oracle Audit Vault provides standard audit assessment reports on activities
associated with account management, roles and privileges, object management,
and system management across the enterprise. For example, the account
management report can be used to monitor creation of new accounts as it might
violate internally or externally mandated security policies.
Oracle Audit Vault provides the capability to generate parameter driven reports
from the interface as well. For example, a report showing user login activity
across multiple sensitive databases can be easily generated. Reports can be
defined for specific time frames. For example, a Weekend report could be
defined and saved within Oracle Audit Vault based on audit data from a subset
of particularly sensitive databases. The report could then be used each Monday
morning to monitor the weekend activities. Another report might be defined to
help support an internal investigation involving a specific user on specific
databases.
The foundation of the Oracle Audit Vault has been developed on a flexible data
warehouse infrastructure that provides the ability to consolidate and organize
audit data so it can be easily managed, accessed, and analyzed. The Oracle
Audit Vault audit data warehouse schema can be accessed from any Oracle
Business Intelligence or reporting tools including Oracle BI Publisher and 3rd
party reporting tools to build custom reports for compliance and security
requirements.
-5-
-6-
Oracle Audit Vault continuously monitors inbound audit data, and generates
alerts when data in a single audit record matches a custom defined alert rule
condition. For example, a rule condition may be defined to raise alerts
whenever a privileged user attempts to grant someone access to sensitive data.
An alert can also be generated when a privileged user creates another privileged
user within the database. When an audit event is evaluated and the rule
condition is met, an alert is raised. Alerts for the purpose of reporting are
grouped by the sources with which they are associated. Alerts can be grouped
by the event category to which the event belongs, and by the severity level of the
alert (warning, critical, or informational).
-7-
Conclusion
Auditing is playing an increasingly important role in helping address global
regulatory compliance requirements and insider threats. Today, the use of audit
data as a security resource remains very much a manual process, requiring IT
security and audit personnel to first collect the audit data, and then sift through
enormous amounts of dispersed audit data using custom scripts and other
methods. Businesses need to consolidate, manage, monitor, and report on audit
data for a complete view of enterprise data access, giving IT security and audit
personnel the ability to analyze audit data in a timely fashion.
Oracle Audit Vault provides a powerful audit solution that helps simplify
compliance reporting, detect threats with early alerting, lower the cost of
compliance, and secure audit data. Oracle Audit Vault automates the
consolidation and analysis process, turning audit data into a key security
resource to help address today's security and compliance challenges. Numerous
built-in reports provide easy compliance reporting and the open data warehouse
provides extensible reporting using Oracle BI Publisher or 3rd party business
reporting solutions.
Oracle Audit Vault leverages Oracle's proven data warehousing and partitioning
capabilities to achieve massive storage scalability. Oracle Audit Vault can be
configured with Oracle RAC for high availability and flexibility at low cost.
Oracle Audit Vault uses Oracle's industry leading security capabilities to protect
audit data end-to-end, encrypting audit data during transmission and enforcing
separation of duty within Oracle Audit Vault.
Addressing regulatory compliance requirements and protecting against insider
threats in a global economy requires a defense-in-depth approach to security.
Auditing is a critical component of the defense-in-depth architecture, enforcing
the trust-but-verify principle.
-8-