Database audit appliances offer one simple approach to achieving independence. As network devices, such appliances can extract detailed audit information from network traffic traveling to and from a database. Such a device can operate in stealth mode (no IP address, etc.) and remain completely invisible to attackers. All activity is tracked and records cannot be tampered with at any point. In addition, since network devices can be deployed by independent security/audit personnel, they enable independence of audit and database administration (DBA) job functions when desired.
Audit appliances also offer performance and cost advantages versus native database mechanisms. Native audit mechanisms are notorious for consuming database CPU and disk resources. The performance decline experienced when these audit features are enabled forces many organizations to scale back or abandon auditing altogether. This performance drawback is a clear disincentive to appropriate audit practices. Audit appliances, on the other hand, operate at line speed and have zero impact on database resources. By offloading audit overhead to independent appliances, organizations can enable extensive tracking, deploy fewer database servers, require less load balancing, and reduce costs.
Native database audit mechanisms do not meet the fundamental audit requirement for independence. To make matters worse, they impact performance to an extent that drives many organizations to abandon database auditing altogether. As database attacks and legislation take center stage, organizations will be pressed to find and implement independent audit solutions. Database audit appliances represent an immediate, cost effect approach.