Database Security Assessment Tool Features

Assess database security

Oracle Database Security Assessment Tool (DBSAT) analyzes the database configuration, users and their entitlements, and current security policies. It helps you uncover security risks and improve the security posture of Oracle Databases within your organization by using proven Oracle Database security best practices, Center for Internet Security (CIS) Benchmark recommendations, and the US Department of Defense (DOD) Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) for the Oracle Database.

It's easy to get started. Just download DBSAT from My Oracle Support note 2138254.1, copy it to your database server, unzip the archive, and run it.

Collecting metadata and generating a Security Assessment with DBSAT.

DBSAT collects and analyzes metadata from your Oracle Databases, providing both summary and detailed information about the findings.

The security assessment reports findings in the following domains:

  • Database configuration
  • Data encryption
  • User accounts
  • Auditing
  • Privileges and roles
  • Authorization control
  • Fine-grained access control
  • Network configuration
  • Operating system

Discover sensitive data

DBSAT can help you understand what kind and how much sensitive data a database has and where it is located. It can also help you discover sensitive columns in English and provides sample files for seven major European languages—Dutch, French, German, Greek, Italian, Portuguese, and Spanish—and can be extended to include your unique sensitive types and categories.

Executing a Sensitive Data Assessment with DBSAT.

Oracle best practices, CIS Benchmark, and DISA STIG

Many regulations, such as EU GDPR, PCI DSS, Sarbanes-Oxley, and various breach notification laws, promote regular security assessments on the most critical systems, such as databases, to reduce IT risks. It is crucial to regularly assess database security posture, considering recommendations from different regulations, security frameworks, and vendor best practices. DBSAT can help you with that task. The DBSAT assessment reports are available in HTML, JSON, spreadsheet, and text formats.

Anatomy of a DBSAT finding.

Whether seeking STIG compliance, adherence to CIS benchmark, or alignment with Oracle's best practices, users can easily find and prioritize findings based on their specific requirements.

DBSAT executes checks and maps its findings to:

  • Oracle Database STIG
  • Oracle Database CIS Benchmark
  • Oracle best practices
  • European Union General Data Protection Regulation (EU GDPR) 2016/679 articles and recitals

On-premises or in the cloud

DBSAT can be run on Oracle Database 11.2.0.4 and later, whether deployed on-premises or in the cloud, and it works with both Oracle Database Standard Edition 2 and Enterprise Edition. It also supports Autonomous Database, Autonomous JSON Database, Oracle Exadata Database Service, and Oracle Base Database Service. DBSAT considers the specifics of each deployment type, executes targeted checks, and offers specific recommendations.

Fleet view, baselining, alerts, and drift reports

Oracle offers a range of assessment tools to help evaluate and enhance your security posture.

DBSAT is a command-line tool that can help you to more effectively assess the security configuration of a single Oracle Database. If you have dozens, hundreds, or thousands of databases, you will require automation and other enterprise-grade features.

With Oracle Data Safe (an Oracle Cloud service) and Oracle Audit Vault and Database Firewall, you can use the power of DBSAT in a framework that includes dashboards, reports, automated scheduling of assessments, fleet-wide risk views, configuration drift detection, APIs, and more.

Data Safe Security Assessment
Security Assessment with Oracle Audit Vault and Database Firewall

注:为免疑义,本网页所用以下术语专指以下含义:

  1. 除Oracle隐私政策外,本网站中提及的“Oracle”专指Oracle境外公司而非甲骨文中国 。
  2. 相关Cloud或云术语均指代Oracle境外公司提供的云技术或其解决方案。