Radenta Technologies, one of the country’s leading solutions integrators and a member of Oracle PartnerNetwork (OPN), is introducing Oracle Database Security Assessment Tool (DBSAT) with a one-time free assessment valid until December 15, 2023.
DBSAT is a command-line tool that helps identify areas where database configuration, operation or implementation introduces risks and recommends changes and controls to mitigate those risks. Applicable for databases on premise or in the cloud, DBSAT helps assess how securely the database is configured, determines who the users and their entitlements are, and identifies where sensitive data resides within the database.
DBSAT also considers existing regulatory compliance to Republic Act 10173 or the Data Privacy Act (https://privacy.gov.ph/data-privacy-act/) protecting individual personal information and communications systems in the government and the private sector; and Cyber Security Philippines CERT (https://cert.ph/about) recognized as the first registered Computer Response Team in the Philippines. The team is under the Division of the Software Engineering Institute in Carnegie Mellon University in Pennsylvania, United States.
If the data is encrypted, someone needs to get into the database as an authorized user. Are there users using default passwords? Can someone escalate privileges? Is auditing on? Who has DBA-lie privileges? What are the known vulnerabilities of this database version? Have those been patched? Which packaged applications are running? Are they running with powerful system privileges? What type of sensitive data do they process?
These are the questions running inside a hacker’s mind. Owners, controllers or processors of data and organizations need to think similarly, that is, way before hackers target their databases.
The process does not stop here. Maintaining a solid security posture is not easy. Organizations struggle to assess the security of their databases due to lack of database security expertise, shortage of time, lack of proper prioritization, and misunderstanding of the risks. Database security knowledge may also be scattered between the database administrators and the IT security team.
DBSAT accelerates the assessment process by providing a view on how securely the database is configured, who are the users and what are their entitlements, what security policies are in place, what security controls are implemented, and where sensitive data resides. DBSAT then produces a series of findings that provides high-level status, risk levels, summary details and references.
The findings are provided in multiple formats such as HTML, Microsoft Excel, JSON, and text file so that organizations can incorporate the data as part of their configuration and risk management tools.
DBSAT can discover sensitive data. It scans the database metadata for sensitive data using customizable regular expression patterns. This provides organizations with an insight on how much data they have and where it resides, enabling them to apply appropriate access controls, auditing, masking, and encryption.
To summarize, Oracle Database Security Assessment Tool (DBSAT) provides sensitive data recovery, robust security and compliance reporting, simplifies and accelerates compliance and comes with flexible deployment options.