Leverage Enterprise Manager to Simplify your Database Security Management
By Manish.Choudhary-Oracle on Apr 13, 2017
Are you concerned about securing your and your customers’ most valuable asset - the data? Are you worried about enforcing and managing different database security solutions to meet regulations such as European Union (EU) General Data Protection Regulation (GDPR)? Most of you must have used or heard about Oracle Database Security features and products that work together to offer a complete defense-in-depth and unified solution to your data security needs. But, did you know that you can manage these features and products from a central location? Yes, you can perform all database security management operations (and much more) from one place! Let us see how.
Oracle Enterprise Manager is Oracle's integrated enterprise information technology (IT) management product line, which provides built-in monitoring, administration and lifecycle management capabilities for traditional and cloud environments. Oracle Enterprise Manager provides pluggable entities called plug-ins that offer special management capabilities customized to suit specific target types. While some of these plug-ins such as Oracle Database plug-in are installed by default, others such as Oracle Audit Vault and Database Firewall plug-in can be installed either using Oracle Enterprise Manager’s self-update feature or by downloading and installing the plug-in using offline mode (reference MOS note 1394908.1 for more information on deploying plug-ins).
Oracle Enterprise Manager, with the help of plug-ins, enables you to perform centralized monitoring and administration of Oracle Database Security solutions deployed in your environment. These solutions include:
- Discovering sensitive data in databases to enable targeted protection
redaction(sometimes referred to as dynamic data masking) of sensitive data before display by applications, which helps you reduce proliferation of sensitive data and minimize business risk of data breaches due to sensitive data exposure
- Encrypting individual columns or entire application tablespaces with Transparent Data Encryption (TDE) to protect against unauthorized access from outside of the database environment
- Enforcing trusted-path access control and controlling the risk of compromised administrator credentials by reducing administrator access to data using Database Vault
- Extracting and obfuscating entire copies or subsets of application data to reduce proliferation of sensitive data while sharing with partners
- Deploying Oracle Audit Vault and Database Firewall to protect against threats such as SQL Injection as well as for audit data consolidation, monitoring and compliance reporting
Let us take an example to understand how powerful Enterprise Manager and these plug-ins are and how they can make your life easier. The Oracle Audit Vault and Database Firewall (AVDF) plug-in provides an interface within Enterprise Manager for administrators to manage and monitor Audit Vault and Database Firewall components. The homepage gives you an overview of the overall health of the system, while drill-down pages let you monitor and manage specific components. Some of the operations that can be performed from within the Enterprise Manager are:
- Automatically discover Oracle components such as Audit Vault Server, Database Firewall, databases and Audit Vault Agent on a host server
- Deploy Audit Vault Agent by simply pushing it out from the Enterprise Manager, and create audit trails for hundreds of databases in a short time
- Monitor and manage Secured Targets, Audit Agents, Audit Trails, Database Firewalls and Enforcement Points
- Monitor the underlying stack of AVDF system such as host server, databases, and ASM storage
- Set up proactive notifications along with performance and availability monitoring to provide better understanding regarding the system health and any potential issues
You do not need to access AVDF product interfaces to perform these monitoring and management tasks. Likewise, other Oracle Database Security features and products provide interfaces within Oracle Enterprise Manager with the help of plug-ins so that you can monitor and manage your most critical security operations from one place.
These plug-ins have independent release cycles, so every time a new version of an Oracle product is released, a new version of the plug-in supports monitoring of that new product version in Enterprise Manager. Oracle continuously strives to provide unparalleled security solutions for your mission-critical data and applications. Oracle has recently released a new set of plug-ins for Oracle Enterprise Manager 13c Release 2. Please check Oracle Enterprise Manager documentation to learn how to deploy and use these plug-ins.
Oracle Enterprise Manager plug-ins are quite powerful and provide numerous important functionality. So, do not wait any longer, go ahead and try these plug-ins to see what you have been missing. To learn more, please visit our Oracle Technology Network webpage.