Oracle Audit Vault is a standalone, $57,500 product that helps companies meet their compliance requirements in connection with safeguarding data. When Audit Vault came out in June 2007, it monitored the Oracle database system and collected selective operational information, such as what data has privileged database administrators changed inside the system; what new tables have been created; whose privileges have been upgraded; and whether anyone tried multiple log-ins to a database area he or she didn't have rights to access. The audit data is stored in a specialized, secure Oracle data warehouse.
In June 2008, Oracle added support to Audit Vault for monitoring Microsoft's SQL Server as well as its Oracle 10g and 11g software.
As of this week, Audit Vault also supports monitoring of Sybase versions 12.5 and 15 as well as IBM's DB2 version 8.2 or 9.5 running on Linux, Unix, and Windows, said Vipin Samar, VP of database security. Audit Vault, however, does not support collecting DB2 audit information on the mainframe, where many instances of DB2 run.
"It collects all the audit data into a centralized data warehouse," where analysis can be performed in real time and compared to enterprise data security policies, Samar said.
If someone has attempted to log on to an area of a database that's off limits to him, an alert can be sent to managers' dashboards. Attempts to create tables, add users to production databases, or store unauthorized data sets are violations of many companies' security policies and such events can also be used to trigger alerts, Samar added.
Audit Vault can be used for compliance, generating reports that satisfy requirements of Sarbanes-Oxley, the Health Insurance Portability And Accountability Act, the Payment Card Industry, and the Data Security Standard.
Oracle customers buy an agent for each type of database system that they seek to monitor. It's priced at $3,500 per CPU.