Tuesday, 3 October 2017

Oracle Database Security Products covering 360 degree Security

We often see customers are looking for various security products available to provide comprehensive security solutions. But most of them we see are segmented that means no single solutions can cover everything(360 degree security solution). We saw bunch of Oracle Security products are available ranging from Database to Middleware. I will brief about Database Security products in this article.

Oracle has a bunch of Security Products, combined them a comprehensive database security solutions can be availed to provide 360 degree security protection.


Broadly these products are categorized under EVALUATE, PREVENT, DETECT, DATA DRIVEN SECURITY

Let us see what are the products coming under which category.

1. EVALUATE: Privilege Analysis, DataBase Security Assessment
2. PREVENT: Database Vault, Data Redaction, Data Encryption, Data Masking and Subsetting, Key Management
3. DETECT: Database SQL Firewall, Audit Vault
4. DATA DRIVEN SECURITY: Label Security, Real Application Security, Row Level Security



DBSAT-(Database Security Assessment Tool): It captures all security parameters and their configurations, security features and options being used and recommendations.

Privilege Analysis: It comes along with Oracle Database Vault license. It evaluates the privileges and roles and filters out necessary and unnecessary privileges.

Database Vault: Privilege account management, Multi-factor authorizations etc. Separation of duties

Data Encryption: Encrypts data at rest in column or tablespace levels.

Data Redaction: Also known as dynamic masking, it mask data on the basis of policy and applies on the basis of factors.(Users, roles, Ip address etc) ex: Credit card number XXXX-XXXX-XXXX-1234

Data Masking and Subsetting: It masks data completely in the underlying table hence reduce the sensitive data exposure to the test and dev like non-prod environments.

Oracle Key vault: Protects keys, certificates, wallet contents etc. and manage key life cycle.
It acts like HSM. TDE keys can be access directly from OKV.

Audit Vault and Database Firewall: DB Firewall can be deployed as first line of defense. It analyses incoming sqls and detects anomaly. Audit vault is a central auditing and monitoring system which can be integrated with DB firewall to work together in detecting anomaly and alert to the security admin.


If you are interested in these technologies, Kindly contact viewssharings@gmail.com.



No comments:

Post a Comment