Overview

Omega Core Audit provides a software security solution to help customers approach the complex and difficult security challenges in Oracle Database Systems – protecting against outsider and/or insider threats, unauthorized access and enforcing duty separation in meeting regulatory compliance requirements, those being external or internal.

Omega Core Audit implements strong practices of Access Control, Continuous Auditing and Real-Time Protection, providing clear visibility and control into database activity, even for privileged users and more, the DBA-s, thus leading to a safer and more secure information system.

This is a top requirement for database owners looking to protect sensitive business or privacy related data of their customers, employees and partners, thus conforming to best security compliance standards and recommendations.

Omega Core Audit can be virtually used by any organization that uses an Oracle Database and it is looking to implement database information security compliance standards, best industry practices and strong internal security controls.

The type of out-of-box, software-only solution, allows for quick implementation without interfering with existing functionalities and needs no additional software licenses or devices.

Introducing Omega Core Audit

Omega Core Audit is an out-of-box, software-only security and compliance solution. It is a full back-end solution that is installed in minutes and easily managed by its applicative interface. It combines the Oracle native auditing and security features with state-of-art and added value programming and automation. It brings easiness to its users letting them focus only on the conceptual security tasks, without concentrating on complex technical security configurations, made easy and plainly presented to them via its rich user interface.

Security applied at the core – from within the database – ensures same rigid level of compliance from all possible connection directions, applications, users or devices and offers immediate auditing and protection action before user’s actions or transactions. It also requires no (or very minimal, industry recommended) changes in existing security configurations and it is not dependent by them.

Omega Core Audit approaches the Access Control, Auditing and Protection security requirements by implementing a policy-rule-condition evaluation system and user multi-factorial authorization. Auditing and Real-Time Protection are triggered by defining Protection Area and applying authorization rules on them.

Controlling privileged accounts

Database privileged accounts, DBA-s, Application Owners and Batch Accounts also represent the most common “door” for attacks. This can lead to unauthorized access and information compromising. Omega Core Audit restricts privileged accounts and DBA-s from accessing and modifying application data and also from manipulating the database beyond their regular duties, even if they have (and many do) the necessary privileges that permit so.

Separation of Duty

Omega Core Audit separates duties of normal database management from those related to audit, security and compliance. Furthermore it comes with four out-of-box predefined roles: Auditor, Account Manager, Security Analyst and Administrator for full functionalities.

Database Auditing and Protection for Compliance made easy

Omega Core Audit relives the information owners and system administrators from the complex tasks of performing auditing and protection tasks that can take long and periodic hours to develop, setup, maintain and report. It combines native security with a policy-rule-condition evaluation system that makes its usage simple for all Information Security staff, be those Managers, Officers, or Auditors and also DBA’s and System Administrators assigned with information security compliance duties. Omega Core Audit ensures an answer to the classical questions – Who/What/How/When/Where in regard to users’ activity in the system. To best meet compliance requirements you need to control access, audit and protect data from unauthorized access and also have an effective and accurate reporting.

Software Editions – Basic vs Full

The Omega Core Audit deployment comes in two editions:

* Basic Edition The Basic edition is free solution that you can use in Live and Production environments.
The Basic edition is the default on install.

* Full Edition The Full Edition is a commercial solution and uses all features of the software.

SIEM and Log Management Systems Integration

Omega Core Audit’s open structure allows and enables automatic delivery of audited events to SIEMs and Log Management Systems that support records ingest through one of:
Push directly through TCP in XML format – built-in supported by the LMS module
Pull by Oracle query – supported by its open structure and as specifically by each SIEM

Splunk is the first SIEM to be officially supported in built-in and full mode.