Data Safe Features

Prevent configuration drift

Quickly evaluate your database security posture. Data Safe identifies, categorizes, and prioritizes risks and delivers comprehensive assessment reports on security parameters, security controls in use, and user roles and privileges.

• Create and maintain security baselines to rapidly identify configuration risks.
• Enforce consistent use of security controls across the enterprise.
• Receive recommendations for regulatory compliance, such as with EU GDPR, DISA STIGs, and CIS benchmarks.

Enforce the principle of least privilege

Minimize user risk by managing privileges and authentications. Identify risky behavior and overprivileged users. Data Safe identifies which users present the highest risk, reviews privileges granted to those users, and allows for analysis of user activity. Evaluate profile information, such as user type, password policies, last login, and password age.

Monitor database operations

Collect audit data from databases and identify anomalous operations. Easily manage audit and alert policies. Leverage out-of-box audit reports or build custom reports to analyze database activity. Retain audit data to satisfy compliance requirements and support forensic investigation.

Mitigate risk from SQL injection

23ai SQL Firewall, a new feature built into Oracle Database 23ai, works by learning normal application behavior, including what SQL statements an application issues and the context that an application uses to connect to the database, such as network address, operating system user, and program used.

Once trained, 23ai SQL Firewall can do the following:

• Log and block deviations from normal behavior
• Identify unusual SQL statements
• Identify connections coming from addresses or programs not in the application’s profile

23ai SQL Firewall uses an allow-list approach, defining the finite set of allowable behavior, instead of attempting to guess at the near infinite choices an attacker might use to try and break into the database. There are no false positives.

Because 23ai SQL Firewall is built into the Oracle Database kernel, it cannot be bypassed. The firewall is not fooled by the use of synonyms or dynamic SQL, and it is not impacted by network encryption.

In addition to threat mitigation, 23ai SQL Firewall logs provide a valuable detective capability, logging all deviations from the policy even if the firewall is not placed in blocking mode.

Data Safe helps you train and centrally manage 23ai SQL Firewall. Data Safe collects the violation logs and lets you analyze and report on violations.

For more details, refer to Oracle SQL Firewall FAQ (PDF)

Understand data and risk

Discover and classify sensitive data based on a library of more than 150 predefined sensitive data types that easily can be extended with custom data types to meet any organization’s requirements. Predefined data types also come with predefined masking formats, such as personal identifiers, IT data, financial data, healthcare data, and employment data. Understand the data type, location, and amount of sensitive data within databases and use that information to determine associated risk and data protection needs.

Eliminate risk from DevTest

Replace sensitive data with realistic, yet obscured, data for safe use in nonproduction environments. Maintain complex data relationships needed for test, development, and analytics while minimizing the amount of sensitive data and associated risk. Data Safe offers predefined masking formats as well as the ability to define custom-masking formats to meet specific organizational requirements. All predefined sensitive data types come with a correlated masking format, vastly reducing the effort to execute masking jobs. Masking reports then demonstrate these security and compliance efforts.

View security posture and events

Immediately understand database security posture, view alerts, and manage data security at a glance with Data Safe’s interactive dashboard. Easily drill down into any specific area of interest or identified risk.

Cloud or on-premises

Leverage Data Safe to secure all Oracle Databases, including Oracle Autonomous Database, Oracle Database Cloud Service, Oracle Database Enterprise Edition, and Oracle Database Standard Edition running on-premises, as well as databases in Oracle Cloud Infrastructure (OCI), in third-party public clouds, or on Oracle Exadata Cloud@Customer.