In the current cybersecurity landscape, industries across the board are encountering a substantial increase in breaches due to exploiting vulnerabilities.
Annual data breach reports reveal that many systems with known Critical Vulnerabilities and Exposures (CVE) remain unpatched, despite the availability of security patches. This is a significant factor in breaches, with more than 26% attributed to delays in applying security patches.
To mitigate these security vulnerabilities, Oracle has built an Observability and (O&M) Database Vulnerability Detection service (now in Limited Availability) for external databases. This service helps improve your security posture by offering insights into CVEs and providing specific patch recommendations for remediation.
The O&M Database Vulnerability Detection service offers continuous risk assessment for external Oracle databases, identifying unpatched vulnerabilities. It provides comprehensive insights into prioritized CVEs, visual severity indications based on Common Vulnerability Scoring System (CVSS) scores, and the number of impacted database resources. Furthermore, it provides precise patch recommendations for each CVE or database resource to remediate vulnerabilities and improve security posture.
Key components of the O&M Database Vulnerability Detection Service include:
Discovery of precise CVEs affecting databases at the fleet level:
As shown in Figure 1, the Vulnerability Detection dashboard shows:
- Database with detected vulnerabilities
- Severity-wise vulnerability distribution
- Precise patch recommendations for each database and CVE
- Vulnerability trend across the compartment for registered database resources
Automate assessment of each CVE with comprehensive insights
The Vulnerability Detection Service automates the evaluation of each CVE with comprehensive insights as shown in Figure 1
- Most vulnerable databases
- Top vulnerabilities at the fleet level
The relationship between CVE colors and font size indicates the level of impact on affected database resources. For example: A CVE with an orange color and bigger font size indicates, that more databases are impacted with High severity. Visual indications will help both database and security administrators to analyze vulnerabilities and recommend patches to remediate.
Precise patch recommendations to remediate vulnerabilities
The Vulnerability Detection Service lists databases with impacted vulnerabilities and patch recommendations against each database as shown in Figure 2:
- See a list of databases with impacted vulnerabilities (CVE IDs)
- Risk score for each CVE based on the CVSS scoring system
- Recommended mandatory patches against each database
Console Experience
Find the Vulnerability Detection service within Database Management under the Observability & Management portfolio.
Service availability regions
The Vulnerability Detection Service is available in the regions below during the Limited Availability phase for customers who are using Oracle 12c and above external databases.
- Canada Southeast (Toronto)
- US East (Ashburn)
- Germany Central (Frankfurt)
- Brazil East (Sao Paulo)
- Japan East (Tokyo)
- US West (Phoenix)
Get started today
If you’re interested in participating in the O&M Vulnerability Detection Service Limited Availability program, part of the OCI Database Management service, please get in touch with us by emailing us (Harish.Niddagatta@oracle.com).