Because Oracle Database is used to store critical data, it is frequently the target of attacks, from both inside and outside the organization. Any malicious action, such as the deletion of an important table or a change to a role, can have important consequences, from poor database performance to data exfiltration, which can lead to business losses and reputational damage. Enforcing a proper Oracle 12c audit policy and maintaining a complete Oracle 12c audit trail are essential for ensuring data security and passing compliance audits.
The Essential Elements of Oracle 12c Auditing
Establishing an Oracle 12c audit policy that serves both your internal security needs and all compliance requirements your organization is subject to can be a challenge. Here are just some of components of DBMS audit that need close attention:
- Keeping an eye on system privileges and roles to detect privilege escalation in time to prevent data loss
- Auditing changes to schema objects to ensure data integrity and availability
- Auditing specific operations and SQL statement execution to make sure no one is trying to modify or delete sensitive data without a valid reason
- Monitoring user activity with specific focus on spikes in failed activity to make sure no malicious intentions in the system go unnoticed
Some Features of Unified Auditing
Version 12c of Oracle Database introduced unified auditing. The biggest change from the previous audit options is the consistency of audit data. With the consolidated Oracle 12c unified audit trail, all the audit records are stored in a new schema, which makes it easier to access them. Allowing access based on roles, such as audit admin and audit viewer, helps you enforce the least-privilege principle. Predefined unified audit policies help you concentrate on common security concerns, such as failed activity, modifications to instance configuration and data deletion. However, to handle other needs, such as granular monitoring of SYS users, you might have to write a script to create a new policy.
Beyond the Scope of Native Audit Trail
While native auditing tools in Oracle 12c enable some visibility into what’s going on with your business-critical data, they come with important limitations. Netwrix Auditor for Oracle Database enables you to overcome those limitations:
- Unlike the native database audit tools, Netwrix Auditor for Oracle Database doesn’t degrade Oracle performance, no matter how large the audit trail is, thanks to its non-intrusive architecture.
- The two-tiered audit data storage enables you to keep your audit trail for as long as required to meet the applicable compliance standards and security concerns.
- With alerts on threat patterns, you will know immediately if someone tries to change critical instance configuration, access sensitive data, or misuse privileges.
- The Interactive Search feature enables you to easily create queries by user, type of action, event timestamp and location, and save them for future use.