Database Insider Edition
Oracle Corp
April 2012 Stay Connected: TwitterFacebookYoutubeBlog
Back to the main page
SANS Institute Analyst Program: Oracle Database Security Reviews

As a trusted source for information security training and certification, the SANS Institute Analyst Program performs research to help identify trends in IT, IT security, operations, and IT auditing. Recently, the SANS Institute conducted product reviews of Oracle Database’s security defense-in-depth solutions.

Enterprise databases contain the “crown jewels” of many organizations, and protecting sensitive data requires best security practices including
  • Mitigate database bypass. Preventing access to data at the operating system, storage, network, and media layers is important in order to secure sensitive information and enable regulatory compliance. Organizations need the ability to transparently encrypt data at rest and in motion.
  • Prevent application bypass. Privileged database users are often granted the proverbial keys to the kingdom, with access to critical enterprise information that is not relevant to their job. Implement access controls within the database in order to limit access to application data by privileged database users such as DBAs.
  • Monitor database activity and block threats. According to multiple reports, most external-based attacks are conducted through SQL injection, one of the most popular methods of hacking into Websites and back-end databases. To combat such attacks, organizations need a strategy that includes the ability to monitor database activity over the network and block unauthorized activity.
  • Consolidate auditing and compliance reporting. Most organizations use database auditing, but few actually monitor audit trails for threats, or conduct regular database audits to quickly detect and remediate potential security problems. Organizations should consolidate all database audit trails into a centralized secure repository in order to detect suspicious activity in real time.
  • Protect data in nonproduction environments. IT departments regularly copy sensitive and regulated production data to nonproduction environments for testing and QA purposes, which puts that data at risk. Organizations need to mask or deidentify sensitive data before copying to nonproduction environments.
The SANS Institute Analyst Program’s hands-on analysis provides an independent review of each Oracle Database security solution that addresses these best practices.

Oracle Advanced Security provides transparent encryption of data at rest and in motion.

Oracle Database Vault controls privileged user access.

Oracle Database Firewall monitors database activity and blocks threats.

Oracle Audit Vault provides database activity auditing, alerting, and reporting.

Oracle Data Masking deidentifies nonproduction data.
Back to Top
Oracle Information InDepth newsletters bring targeted news, articles, customer stories, and special offers to business people who want to find out how to streamline enterprise information management, measure results, improve business processes, and communicate a single truth to their constituents.

Please send questions or comments to

For answers to questions about subscribing, unsubscribing, and managing your Oracle e-mail communications preferences, please see the Oracle E-Mail Communications page.

Copyright © 2012, Oracle Corporation and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor is it subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.