Re: Opinions on Oracle Audit Vault and Firewall

From: Seth Miller <sethmiller.sm_at_gmail.com>
Date: Fri, 29 Sep 2017 11:08:12 -0500
Message-ID: <CAEueRAVVa_pEr=nsqsaN6ThprkthOtgqHynYmXMrGguExSiTzQ_at_mail.gmail.com>



Chris,

Although they work closely together, Audit Vault and Firewall are two completely different products. I work with AV on a regular basis and it is very easy to set up and use, especially if you can get other folks to manage the reporting and analytics half of the administration. As Leroy mentioned, you need to deploy an agent on every server that will be monitored but after that, most of the management is actually tuning the auditing in the database.

Firewall is a whole different story. It requires much more extensive physical setup and heavy involvement from networking and data center folks. In the one place where I implemented it, the data center people literally laughed at us when we told them we needed to tap into the switch spanning ports, so we ended up investing in an infrastructure that allowed us to have multiple physical paths to the spanning ports of our switching infrastructure. It was a pain, a long process, and ended up being much more expensive than we had anticipated.

My suggestion would be to start with AV. It's easy to install and easy to manage. When you are ready, move into Firewall slowly and with lots of planning. It wouldn't hurt to hire some folks that have done it before so you don't have to go through some of the pains I did.

Seth

On Fri, Sep 29, 2017 at 9:50 AM, Jeff Chirco <backseatdba_at_gmail.com> wrote:

> We had a security review with Oracle and they also recommended Audit Vault
> and Firewall. I did a demo and it seemed interesting but as a smaller shop
> here I was worried about the amount of overhead management for it and if it
> would prove worth while. I also haven't heard of many people using it. I
> asked the same question on here a few months ago and only got a few hits.
> If you do go with it or do a full demo I would love to hear your recap.
>
> Jeff
>
> On Tue, Sep 26, 2017 at 6:14 AM, Chris Stephens <cstephens16_at_gmail.com>
> wrote:
>
>> Is anyone on this list willing to share their experience and general
>> opinion of Audit Vault and Oracle Database Firewall?
>>
>> I'm looking for comments related to stability, easy of use, general value.
>>
>> We have security folks recommending that we license the products but I'm
>> not sure anyone really knows what advantages they offer. I'm also worried
>> that the promotional material doesn't exactly reflect real-world usage. I
>> personally haven't really heard of anyone using either product.
>>
>> Thanks for any input.
>>
>> Chris
>>
>
>

--
http://www.freelists.org/webpage/oracle-l
Received on Fri Sep 29 2017 - 18:08:12 CEST

Original text of this message