13 November 2020
0 Comment
What is Oracle Data Safe
Data Safe is a unified control center for your Oracle Databases that helps you understand the sensitivity of your data, assess data-related risks, mask sensitive data, implement and monitor security controls, evaluate user security, monitor user activity, and meet data security compliance requirements. . Whether you are using Oracle Autonomous Database. Data Safe, Oracle Database Cloud Service (Exadata, Virtual Machine or Bare Metal) or on-premises Oracle Databases in your own data center, offers essential data security capabilities that help you reduce risk and increase security.
Delivers a unified set of essential security services for Oracle Databases
Mitigates user, data, and configuration risk
Helps demonstrate regulatory compliance
Cloud service – provides value immediately
Requires no special security expertise
Database Security Assessment
Comprehensive assessment •Security parameters •Security controls in use •User Roles and Privileges
Identify drift from your security baseline
Actionable reports •Prioritized recommendations •Mappings (GDPR, STIG, CIS) •Configuration Drift
Detecting configuration drift
1.Review the security assessment
2.Mitigate the risks that make sense for your environment, accept those you can not or do not need to mitigate
3.Establish a security baseline and schedule periodic assessments
4.Monitor for changes to that baseline
User Risk Assessment
Identify over-privileged risky users
Evaluate Static profile: user type, password policies, …
Evaluate Dynamic profile: last login / IP / password change, audit data, …
Reduce risk by managing user roles, privileges and policies
User Activity Auditing
Simplify audit provisioning and collection
Specify compliance / alert policies
Collect audit data from databases, and track sensitive operations •
Summary and detailed reports
Sensitive Data Discovery
Prioritizes security efforts by finding the location, type and amount of sensitive data
Discovers / classifies 125+ sensitive data types across PII, finance, health, job, … •Name, address, SSN, salary •Credit card information •Medical data, Job data, Education data
Supports user defined sensitive types
Reports amount / type of sensitive data
Sensitive Data Masking
Mask data identified as sensitive •Predefined 50+ masking formats
Automated format selection
Rich masking transformations •Random, Deterministic, Reversible •Shuffle, Conditional, Compound •SQL expression based
User-defined
Masking report
Supported Databases (cloud and on-premises)
Oracle Database Enterprise Edition versions 11.2.0.4 up
Oracle Database Standard Edition versions 11.2.0.4 up
Autonomous Database (both shared and dedicated) *
Exadata Cloud Service *
Cloud Database System – Standard Edition *
Cloud Database System – Enterprise Edition *
Cloud Database System – High Performance *
Cloud Database System – Extreme Performance *
Exadata Cloud at Customer versions 11.2.0.4 up *
Oracle Database Appliance versions 11.2.0.4 up Exadata versions 11.2 up
Data Safe helps you discover the amount and location of sensitive data across hundreds of columns spanning multiple schemas and tables. Customers can also easily add their own custom precision types. Once you know how much sensitive data you have and where it is located, it’s easier to assess risk and protect that data.
Sensitive Data Discovery comes with more than 125 predefined sensitive data types:
Data Safe vs. Audit Vault and Database Firewall (AVDF) Capabilities
| Capabilities | Data Safe | AVDF |
| Manage audit policies on the database | Yes | Yes |
| Pre-defined compliance reports and alerts | Yes | Yes |
| Oracle Database auditing | Yes | Yes |
| SQL Server, Sybase, IBM DB2, MySQL, PostgreSQL database auditing | – | Yes |
| Operating system auditing for Linux, Windows, Solaris, AIX | – | Yes |
| Database Firewall for SQL network traffic monitoring and blocking | – | Yes |
| Collect audit data from custom apps, tables, XML, JSON | – | Yes |
| Advanced auditing (Before/After values, stored procedures) | – | Yes |
Data Safe vs. DBSAT Capabilities
| Capabilities | Data Safe | DBSAT |
| Overall security configuration status | Yes | Yes |
| Configuration drift detection and reporting | Yes | – |
| User Risk Assessment | Yes | – |
| Sensitive Data Discovery | Yes | * |
| Centralized management of assessment on multiple targets | Yes | – |
| Historical reports and management | Yes | – |
| Supports cloud, on-premises and Cloud@Customer targets | Yes | Yes |
| Supports column names in Spanish, German, Greek, Italian, French, Dutch, Portuguese | Yes |
Data Safe vs. Audit Vault and Database Firewall (AVDF) Capabilities
| Capabilities | Data Safe | AVDF |
| Manage audit policies on the database | Yes | Yes |
| Pre-defined compliance reports and alerts | Yes | Yes |
| Oracle Database auditing | Yes | Yes |
| SQL Server, Sybase, IBM DB2, MySQL, PostgreSQL database auditing | – | Yes |
| Operating system auditing for Linux, Windows, Solaris, AIX | – | Yes |
| Database Firewall for SQL network traffic monitoring and blocking | – | Yes |
| Collect audit data from custom apps, tables, XML, JSON | – | Yes |
| Advanced auditing (Before/After values, stored procedures) | – | Yes |
Have a nice day.
Tags: