Database Firewall (AVDF) is a complete Database Activity Monitoring (DAM) solution that combines native audit data with network-based SQL traffic capture. AVDF includes an enterprise-grade audit data warehouse, host-based audit data collection agents, powerful reporting and analysis tools, alert framework, audit dashboard, and a multi-stage database firewall. The Database Firewall uses a sophisticated parsing engine to inspect SQL statements before they reach the database and determines with high accuracy whether to allow, log, alert, replace, or block incoming SQL.

Dozens of out-of-the-box compliance reports provide easy-to-use, programmable, custom reports for regulations like GDPR, PCI, GLBA, HIPAA, IRS 1075, SOX, and UK DPA. Reports aggregated network events and audit data from monitored systems. Summary reports, trend graphs, and anomaly reports can be used to quickly review user activity characteristics and help identify anomalous events. Report data can be easily filtered, allowing quick analysis of specific systems or events. Security managers can define threshold-based alert conditions on activities that may indicate attempts to gain unauthorized access and/or abuse system privileges. Fine-grained authorizations allow security administrators to restrict auditors and other users to information from specific sources, enabling a single repository to be implemented for the entire enterprise.

By collecting native audit data from databases, AVDF provides a comprehensive view of database activity along with the full execution context, regardless of whether the statement was executed directly, via dynamic SQL, or via procedures stored. In addition to consolidating audit data from databases, operating systems, and directories, audit data can be collected from application tables, JSON data sources, using REST APIs, or XML files using custom collectors. Database audit data can be automatically purged from the target database after it has been moved to the Audit Vault Server, freeing up valuable space for business data.

Security controls can be customized with online monitoring and blocking on some databases and monitoring only on other databases. The multi-stage database firewall can be implemented online as a database proxy server, or out of band in network sniffing mode, or with a host-based agent that relays network activity to the server. firewall for analysis and logging. Delivered as a preconfigured software appliance that can be deployed on the Linux-compatible hardware of your choice, a single Audit Vault Server can consolidate audit data and firewall events from thousands of databases. It is also available on the Oracle Cloud Marketplace and can be deployed on an Oracle Cloud Infrastructure lease in minutes. Both Audit Vault Server and Database Firewall can be configured in a high availability mode for fault tolerance.

Oracle Audit Vault and Database Firewall 20 supports cloud and on-premises databases with a single pane of glass, giving customers insight into activities in their databases.