Automate and scale database security with efficient vulnerability checks

August 26, 2022 | 4 minute read
Shiva Prasad
Sr Principal Product Manager
Text Size 100%:

Cyber-attacks have become more advanced and often take advantage of a new or known vulnerabilities that the DBA has not had the time or opportunity to deal with. Securing Oracle databases is much like securing any other system to protect sensitive data against these attacks.

Oracle Enterprise Manager (EM) compliance solution provides out-of-the-box tools to secure your database assets based on your security best practices by leveraging industry and regulatory standards like the Center for Internet Security (CIS) and Security Technical Implementation Guide (STIG). You can also customize security controls based on your own policies to attain the desired level of security posture.

The EM compliance solution now expands to support out-of-the-box standards for Database Security Assessment Tool (DBSAT) v2.2.2, amalgamating threat detection and security posture management. At the fleet level, the DBSAT compliance standard enables concurrent assessment of numerous databases for vulnerabilities. DBSAT helps identify areas where database configuration, operation, or implementation introduces risks and recommends changes and controls to mitigate those risks.

 

Diagram of DBSAT standard
Figure 1: Compliance check with DBSAT standard

EM DBSAT vulnerability checks benefit operations, security, and compliance

  • Reduce operational cost by using automatic assessment of security status in the Oracle Database at scale

  • Automate corrective actions to remediate violations, and improve the security posture of your Oracle Databases

  • Secure configurations and limit user privileges by leveraging native reports to identify risks

The following EM DBSAT compliance standard categories can be used to assess database vulnerabilities and potential risks to safeguard and continuously monitor the database environment. This aids in creating a security strategy and knowledge base on sensitive data, configuration, and user privileges.

DBSAT compliance standard categories
Figure 2:  DBSAT compliance standard categories

 

The Compliance dashboard provides an enterprise view of how compliant or at-risk an organization or business area is. The dashboard contains charts representing the compliance score for your EM DBSAT standard, showing the least compliant database targets.

  

EM Compliance Dashboard
Figure 3: EM Compliance Dashboard

 

Both the native DBSAT report and EM compliance evaluation report provide an overview of security posture which can be easily viewed by DBAs, IT management, CISO office, or auditors.

 

security assessment report
Figure 4:  Initial overview of DBSAT security assessment report 

    

Security Features
Figure 5:  Native DBSAT security assessment report

 

Summary

Starting with EM 13.5 release update 5, you can use the out-of-the-box DBSAT standard to associate all managed databases for concurrent security assessment of each database instance. EM generates a native DBSAT report besides its compliance evaluation report. You can use either of the reports to mainly identify high-risk areas and remediate them to increase the security posture of each database instance as well as at scale.

 

Learn More

DBSAT Compliance Standard

Manage Compliance in Enterprise Manager

 

 

Shiva Prasad

Sr Principal Product Manager

Resources for
Why Oracle
Learn
What's New
Contact Us
Oracle Chatbot
Disconnected