Reduce Database patching effort and elevate security posture with Enterprise Manager

January 29, 2024 | 3 minute read
Romit Acharya
Principal Product Manager
Text Size 100%:

Oracle Database is a leading relational database in the market. Customers of all sizes leverage its rich capabilities to propel their business-critical applications. Protecting data is foundational and hence keeping databases at an elevated security posture is quintessential.

There are many aspects to keeping databases secure. Applying all recommended security patches promptly, standardizing Oracle Home configurations, and managing elevated privileges are some examples.This blog showcases a process to assess and apply recommended patches at scale.

Unpatched vulnerabilities are the livelihood of many bad actors. Nearly 50% of the breaches are due to unpatched vulnerabilities according to various reports like Verizon's annual DBIR. Some surveys indicate similar findings due to databases containing known vulnerabilities.

An effective approach to mitigate such risks on unpatched vulnerabilities involves promptly applying security patches. While this might seem straightforward, ensuring patching efficiently is time-consuming, and error-prone and hence often overlooked due to competing business priorities. 

Comprehensive list of tasks to be handled by database administrators

  1. Review Oracle CPU Bulletins when published every quarter
  2. Manually map CVEs to patches published in My Oracle Support (MOS)
  3. Compile a list of recommended patches
  4. Assess patch severities
  5. Identify affected databases
  6. Apply recommended patches to secure

This requires a substantial investment of the database administrator’s time. We have observed that on average, an Enterprise IT spends over 12 person-weeks annually just to do this manual assessment, which is one-quarter of the database administrator's time in a year. This considerable time investment contributes to why enterprises often lag in the crucial task of regularly patching their systems, leaving them exposed to potential security threats.

Introducing Fleet Maintenance Hub: A Comprehensive Solution

Reduce patching effort and elevate your security posture with the brand new feature, Fleet Maintenance Hub that is part of Oracle Enterprise Manager Fleet Maintenance. This solution enables the ability to patch and secure all types of Oracle databases wherever they are in a hybrid multi-cloud environment. The database can reside on commodity hardware, Oracle Exadata ecosystems like Exadata Database Machine, Exadata Cloud@Customer, Exadata Database Service, or even in any public cloud like Oracle Cloud or AWS.

Fleet Maintenance Hub is a comprehensive one-stop dashboard with guided intelligent workflow to streamline and simplify the end-to-end patching experience. Fleet Maintenance Hub provides visual insights into recommended patches, impacted databases, and workflow for remediation.

 

Fleet Maintenance gif

 

 

Fleet Maintenance Hub automatic assessment of recommended patches


As Oracle publishes recommended patches, it becomes imperative for database administrators to apply these to impacted databases. Fleet Maintenance Hub does an automatic assessment of recommended patches posted in My Oracle Support (MOS) when Oracle Enterprise Manager is wired accordingly. Alternatively, the latest patch catalog can be uploaded to Oracle Enterprise Manager, and the Fleet Maintenance Hub intelligent backend will automatically identify precisely required patches for each gold image. This eliminates the need for manual assessment as described above.

Databases subscribed to gold images can be effortlessly patched with near-zero downtime using Fleet Maintenance's out-of-place patching model. 

Gold Image Refresh

Leverage Fleet Maintenance Hub's guided workflow to either create or refresh your existing gold image. Fleet Maintenance Hub empowers database administrators to effortlessly generate a new version by selecting an existing Oracle Home and the recommended patches.

Patch databases

Once the desired gold image is created, this new version is designated as the Current version. Database administrators can leverage the update workflow to efficiently update databases subscribed to the latest image version.

Summary

Fleet Maintenance Hub transcends being a mere tool; it stands as a strategic solution, providing your team with the capability to effortlessly oversee database security proactively.

Introduced with Enterprise Manager 13.5 RU16, users on this version or above please explore Fleet Maintenance Hub for a comprehensive review of security posture.  For a more comprehensive grasp of Fleet Maintenance Hub, check out the links provided in the "Learn more" section. 

 

Resources

 


 

Romit Acharya

Principal Product Manager


Previous Post

Monitor WebLogic on Kubernetes using Oracle Enterprise Manager

Yutaka Takatsu | 7 min read

Next Post


Accelerate Database-as-a-Service for DevOps across on-premises and cloud

Sravanth Mouli | 3 min read