Because databases often reside well behind the firewall, they can seem to be less exposed to security threats than other applications, and therefore database security is often neglected. However, databases like Oracle 11g often store business-critical information, which makes them an attractive target for both external attackers and malicious insiders. Knowing what is happening in the database is critical to spotting malicious actions in time to prevent data breaches. If you enable the audit trail in Oracle 11g, you can start to keep an eye on privileges, data access and account changes, so you can respond quickly whenever a threat emerges.
If your Oracle 11g databases store cardholder data, PII, health records, intellectual property or other sensitive data, you need to ensure the integrity and confidentiality of that data — which requires a reliable audit of user activity. Two main audit options are available in Oracle 11g: standard auditing and fine-grained auditing (FGA). Standard audit provides you some visibility; for example, you can audit user sessions in Oracle 11g by SQL statements, schema objects and privileges (the SYS and DBA roles usually need to be monitored most closely). With FGA, you can focus on most important objects (for instance, tables and rows with customer data) and set up auditing based on data values and other parameters. Unfortunately, both audit options come with important limitations.
While standard auditing usually creates one record for each session, FGA audits every statement and creates a record each time someone tries to select, modify or delete an object. Both audit options keep audit trail records either in the database itself, or in XML and operating system files. Depending on the size of your database and the auditing period, the audit trail can become so large that it degrades system performance, threatening the availability of your critical data. But you can’t just delete the audit records, because you need them to pass compliance audits. Moreover, trying to investigate potentially harmful events, such as privilege escalation, using piles of hard-to-read event logs is a slow process, and you’re apt to miss important things. On top of that, every time you need to alter audit settings, you need to create yet another script, which can be a cumbersome and error-prone task.
Netwrix Auditor for Oracle Database helps minimize the time and effort needed for Oracle 11g auditing: