Database Security Assessment Tool Features
Assess database security
Oracle Database Security Assessment Tool (DBSAT) analyzes the database configuration, users and their entitlements, and current security policies. It helps you uncover security risks and improve the security posture of Oracle Databases within your organization by using proven Oracle Database security best practices, Center for Internet Security (CIS) Benchmark recommendations, and the US Department of Defense (DOD) Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) for the Oracle Database.
It's easy to get started. Just download DBSAT from My Oracle Support note 2138254.1, copy it to your database server, unzip the archive, and run it.
DBSAT collects and analyzes metadata from your Oracle Databases, providing both summary and detailed information about the findings.
The security assessment reports findings in the following domains:
- Database configuration
- Data encryption
- User accounts
- Auditing
- Privileges and roles
- Authorization control
- Fine-grained access control
- Network configuration
- Operating system
Discover sensitive data
DBSAT can help you understand what kind and how much sensitive data a database has and where it is located. It can also help you discover sensitive columns in English and provides sample files for seven major European languages—Dutch, French, German, Greek, Italian, Portuguese, and Spanish—and can be extended to include your unique sensitive types and categories.
Oracle best practices, CIS Benchmark, and DISA STIG
Many regulations, such as EU GDPR, PCI DSS, Sarbanes-Oxley, and various breach notification laws, promote regular security assessments on the most critical systems, such as databases, to reduce IT risks. It is crucial to regularly assess database security posture, considering recommendations from different regulations, security frameworks, and vendor best practices. DBSAT can help you with that task. The DBSAT assessment reports are available in HTML, JSON, spreadsheet, and text formats.
Whether seeking STIG compliance, adherence to CIS benchmark, or alignment with Oracle's best practices, users can easily find and prioritize findings based on their specific requirements.
DBSAT executes checks and maps its findings to:
- Oracle Database STIG
- Oracle Database CIS Benchmark
- Oracle best practices
- European Union General Data Protection Regulation (EU GDPR) 2016/679 articles and recitals
On-premises or in the cloud
DBSAT can be run on Oracle Database 11.2.0.4 and later, whether deployed on-premises or in the cloud, and it works with both Oracle Database Standard Edition 2 and Enterprise Edition. It also supports Autonomous Database, Autonomous JSON Database, Oracle Exadata Database Service, and Oracle Base Database Service. DBSAT considers the specifics of each deployment type, executes targeted checks, and offers specific recommendations.
Fleet view, baselining, alerts, and drift reports
Oracle offers a range of assessment tools to help evaluate and enhance your security posture.
DBSAT is a command-line tool that can help you to more effectively assess the security configuration of a single Oracle Database. If you have dozens, hundreds, or thousands of databases, you will require automation and other enterprise-grade features.
With Oracle Data Safe (an Oracle Cloud service) and Oracle Audit Vault and Database Firewall, you can use the power of DBSAT in a framework that includes dashboards, reports, automated scheduling of assessments, fleet-wide risk views, configuration drift detection, APIs, and more.
