Case Study

Oracle Audit Vault Implementation

For

Finance Sector
 CASE STUDY
Client Company Profile
It has been involved in
banking for over 300
years.
It operates in over 50
countries with more than
1, 47,000 employees.
The Client’s strength is
reflected in high ratings
from the main credit
agencies.
Benefits
Integration and data
security tracking database
such as Oracle, Microsoft
SQL Server, IBM DB2,
Sybase.
Integration of pre-built
reports, compliance with
security policies and
monitoring.
Send alerts to
administrators when
there is suspicious activity
on the Database.
Support security policy
management on many
centralized database.
© SIMPLE LOGIC IT PVT.LTD, All rights reserved.
Oracle Audit Vault Implementation
OVERVIEW:
The Company has experience and expertise in providing world-class banking
solutions for corporate, small and medium enterprises constantly attempt to
work towards customer advantages.
Their banking solutions are tailored to specifically meet your banking
requirements. In the UK we have over 50 areas of industry expertise
including Oil and Gas, Manufacturing, Personal, Wholesale, Property, Energy,
Food & Drink, Transport, Automotive, Hotels, Media, Telecoms, Utilities,
Pharmaceuticals and Business Services.
Our Relationship Directors / Managers have appropriate linguistic skills,
global contacts and in-depth experience of cross-border banking.
BUSINESS CHALLENGE:
Avoiding costs and simplifying the audit reporting.
The customer wanted to comply with internal security policies.
Only authorized employees should have access to sensitive data.
Privileged users like DBA’s, network administrators, system
administrators shouldn’t be able to access the sensitive data.
Simplify the audit process by providing a secure audit infrastructure.
The solution must provide flexible, transparent and highly adaptable
security controls that require no application changes.
The banking customer is concerning about the risk of unauthorized
access by privileged users to sensitive banking information.
The bank intents to bring its system into compliance with existing and
newly emerging regulations as well as industry best practices.
2
 CASE STUDY Oracle Audit Vault Implementation

Environment
Platform: IBM AIX, Windows
Server 2003
Databases: Oracle 10g,MS
SQL Server 2005

Oracle Audit Vault 10g.

ORACLE SOLUTION:

Simple Logic Tech Team installed and configured Oracle Audit Vault for
Client’s 5 Oracle databases and 2 MS SQL 2005 server databases.
Implemented only authorized employees have data access to sensitive
data. Privileged users like DBA’s, network administrators, system
administrators aren’t able to access the sensitive data.
Cost savings achieved based on server consolidation for centralized data
and secure process optimization.
Implemented a transparent solution for mitigating the risk of insider
threats and complying with regulations.
Configured to restricted ad-hoc database changes and enforces controls
over how, when and where the most sensitive application data can be
accessed.

3
© SIMPLE LOGIC IT PVT.LTD, All rights reserved.
CASE STUDY Oracle Audit Vault Implementation

BENEFITS:
Audit Vault provides powerful security controls for protecting banking
applications and sensitive data.
Data security administrators and auditors can manage, compare and
provision Oracle database auditing settings across the enterprise directly
from the Oracle Audit Vault console, lowering overall maintenance costs.
Lower IT costs with audit policies—Centrally manage audit settings
across all databases from a single console
Transparently collect and consolidate audit data—Collect audit data in
a timely fashion across disparate systems
Simplify compliance reporting—Easily analyze audit data and take action
in a timely fashion with out-of-the-box reports or custom reporting via
the industry's only open warehouse schema for audit information

Compliance & Security Reports

Oracle Audit Vault provides powerful built-in reports to monitor a wide range of
activity including privileged user activity and changes to database structures. The
reports provide visibility into activities and provide detailed information on who,
what, when and where. The latest release of Oracle Audit Vault provides an exciting
new reports interface built on the widely popular Oracle Application Express
technology. The new reports provide an easy-to-use interface with the ability to
create colorful charts and graphs as well as the ability to customize the report
format. Report columns can be re-ordered as well as removed. Rules can be put in
place to automatically highlight specific rows so that report users can quickly spot

4
© SIMPLE LOGIC IT PVT.LTD, All rights reserved.
CASE STUDY Oracle Audit Vault Implementation

suspicious or unauthorized activity. Reports will include audit information from

Oracle, Microsoft SQL Server, IBM DB2 Unix, Linux, & Windows, and Sybase ASE
databases, providing a holistic picture of activity across the enterprise. Oracle Audit
Vault provides numerous standard audit assessment reports categorized into areas
such as compliance and alerts. Out-of-the-box reports

include information on database account management, roles and privileges, object

management, and login failures. Oracle Business Intelligence, Oracle BI Publisher
and other 3rd party reporting tools can be used to build additional reports to meet
specific compliance and security requirements.

Security and Monitoring Alerts

Oracle Audit Vault provides security personnel with the ability to detect and alert
on activities that may indicate attempts to gain unauthorized access and/or abuse
system privileges. Oracle Audit Vault can generate alerts for system defined and
user defined audit events. Oracle Audit Vault continuously monitors the audit data
collected, evaluating the activities against defined alert conditions. Alerts can be
associated with any auditable database event including system events such as
changes to application tables and creating privileged users.

5
© SIMPLE LOGIC IT PVT.LTD, All rights reserved.
CASE STUDY Oracle Audit Vault Implementation

Audit Policies
Oracle Audit Vault provides centralized management of Oracle database audit
settings, simplifying the job of the IT security and internal auditors. Many
businesses are required to actively monitor systems for specific audit events or
audit policies. In most environments the definition and management of these audit
settings is a manual process. IT security personnel must work with internal auditors
to define audit settings on databases. In addition, internal auditors periodically
need to work with IT security personnel to ensure the audit settings have not been
changed. The collection of audit settings in use on a given database is sometimes
referred to as an audit policy.

6
© SIMPLE LOGIC IT PVT.LTD, All rights reserved.
CASE STUDY Oracle Audit Vault Implementation

7
© SIMPLE LOGIC IT PVT.LTD, All rights reserved.