Securing Business-Critical Data with Database Auditing in Oracle 11g

Because databases often reside well behind the firewall, they can seem to be less exposed to security threats than other applications, and therefore database security is often neglected. However, databases like Oracle 11g often store business-critical information, which makes them an attractive target for both external attackers and malicious insiders. Knowing what is happening in the database is critical to spotting malicious actions in time to prevent data breaches. If you enable the audit trail in Oracle 11g, you can start to keep an eye on privileges, data access and account changes, so you can respond quickly whenever a threat emerges.

Some Capabilities of Oracle Database Auditing in Version 11g

If your Oracle 11g databases store cardholder data, PII, health records, intellectual property or other sensitive data, you need to ensure the integrity and confidentiality of that data — which requires a reliable audit of user activity. Two main audit options are available in Oracle 11g: standard auditing and fine-grained auditing (FGA).  Standard audit provides you some visibility; for example, you can audit user sessions in Oracle 11g by SQL statements, schema objects and privileges (the SYS and DBA roles usually need to be monitored most closely). With FGA, you can focus on most important objects (for instance, tables and rows with customer data) and set up auditing based on data values and other parameters. Unfortunately, both audit options come with important limitations.

What Happens when You Enable Audit Trail in Oracle 11g

While standard auditing usually creates one record for each session, FGA audits every statement and creates a record each time someone tries to select, modify or delete an object. Both audit options keep audit trail records either in the database itself, or in XML and operating system files. Depending on the size of your database and the auditing period, the audit trail can become so large that it degrades system performance, threatening the availability of your critical data. But you can’t just delete the audit records, because you need them to pass compliance audits. Moreover, trying to investigate potentially harmful events, such as privilege escalation, using piles of hard-to-read event logs is a slow process, and you’re apt to miss important things. On top of that, every time you need to alter audit settings, you need to create yet another script, which can be a cumbersome and error-prone task.

Streamlining Database Auditing in Oracle 11g with Netwrix Auditor

Netwrix Auditor for Oracle Database helps minimize the time and effort needed for Oracle 11g auditing:

  • Alerts on threat patterns notify you whenever potentially malicious activity is detected. The notifications provide all necessary details, including the event timestamp and what object was changed, where and by whom, enabling fast response and mitigating the risk of a data breach.
  • Interactive search of audit data help you quickly answer specific questions, whether you’re responding to an auditor’s request or conducting a security investigation.
  • Predefined reports provide a comprehensive view of user activity, including DBA activity audit, so you can make sure your data is safe and no one is trying to steal it or disrupt its integrity.
  • The cost-effective two-tiered storage can keep your audit trail available for as long as you need it, with no effect on database performance.
  • Role-based access control (RBAC) enables you to provide granular access to audit intelligence to exactly those who need it, including internal and external auditors, in accordance with the least-privilege principle.
  • The unified Netwrix Auditor platform provides complete visibility into the whole IT environment to give you context about user activity outside of Oracle 11g.

Oracle Database Overview from Netwrix Auditor: Failed Activity Over Time, Top Active Users and Actively Accessed Objects