Rationalizing Database Auditing

Many people find is difficult to understand the value of detective systems like database auditing. There’s a common analogy that having a detective system is like sitting and watching the bullets fly by when a preventative system would be like wearing a bullet proof vest.
Without diminishing from the value preventative controls, let us help you understand why they are far from being sufficient.

The Bank

The Bank
The best way to intuitively understand the problem and its solution is to translate the virtual world of bits and bytes to the real physical world. Lets take a bank as a well understood example of a secured facility.
A bank that has only automatic preventative controls would have only a vault. No guards, no alarms, no cameras.. only a big vault door with a secret combination.
This description fits a mail box more than a bank – the right key will grant you full access.

A Real Bank

A Real Bank
What makes a bank different than a mailbox? Why do people consider bank security to be excellent and mailbox security to be very limited?
The reason is that a bank security system has a lot more than merely a vault with a combination. There are guards watching people that enter the bank. There are guards watching people that go to the vault. There are guards doing patrols at night. There are security cameras recording everything and guards that watch those. There are motion sensors, pressure sensors, heat sensors..
In other words, a lot of technology and personnel both inside and outside the vault.

The Gaps

What the bank has and your Oracle database does not is a variety of sensors that allow security personnel to monitor what’s going on.
Declarative Auditing allows security personnel to watch specific activities, while Intelligent Auditing is an automation that can point out suspicious activity. It is important not to rely on automation alone, so a good system should be able to do both.
This is Core Audit

What's next?

I want to know more about Core Audit!
Great! Here are a few options:
  • Read more about Core Audit features, reports, etc.
  • Try our Online Demo and play with Core Audit right now
  • Ask for a Personal Demo from one of our experts and get all your questions answered
  • Download a Free Trial and experience Core Audit on your systems
I only want more information, not a product
Not a problem, here is a list of relevant pages, and we are always available to answer any question
  • Fraud – Read
  • Hackers – Read
  • Intelligent Auditing – Read
  • Incident investigations and forensic analysis – Read
  • Cost of a database breach – Read
  • Oracle database security – Read