Availability and Security Monitoring Solution for ORACLE Databases by SAGESSE TECH

Any database scan focuses on three major basic threats:

Loss of integrity, loss of confidentiality and loss of availability. Oracle Database Security Scanning is also based on these three threats. In this document, the security scanning solution created by Sagesse Consultancy for Oracle DB Security is shortly introduced.egrity, loss of confidentiality and loss of availability. Oracle Database Security Scanning is also based on these three threats. In this document, the security scanning solution created by Sagesse Consultancy for Oracle DB Security is shortly introduced.

SAGESSE DATASAGE is a tool which connects to any Oracle Database via SIEM Database Connectors and scans the whole database to find out problems related to the configuration, availability, access controls and compliance of the database and reports the problem on SIEM Dashboards. Incidents are created in the corresponding SIEM for the detected problems in the database. The scanned Oracle Databases can be standalone databases or they can databases on which ERP Systems( e.g. SAP, Oracle EBS ) or other applications are running .

SAGESSE DATASAGE comes with a predefined set of ~150 Queries which can be implemented as part of the installation package and used on the spot. These queries access the Oracle Database for scanning it for the following areas :

- Configuration of the database:

Has the database been optimally configured in terms of security?

- Monitoring of the database:

Have essential policies been activated to log important database activity?

Are the objects with the business-critical data in the monitoring involved? Does reporting exist for the simple evaluation of the logs or tools to improve sustainability?

- Availability of the database:

Is the setup sufficient to access the database before the requested loss of availability? For example, if a data loss of a maximum of 30 minutes is required, can this requirement be met?

- Access control of the database:

Who accesses my database and which concepts are implemented which one enforce policy based on the principle “Everyone does not get the rights they need more and not less (Least Privilege)”?

- Compliance / sustainability of the database:

Here it is examined whether essential sustainable concepts have been implemented. It is essentially about transparency and control. In addition, compliance with external influences such as laws is checked.

SAGESSE TECH, global SAP Security / Oracle Security / ERP Security Tech Company, is providing SAP Threat Detection and Monitoring Products, SAP PenTest Framework and an SAP Audit Service which control these kinds of configurations, vulnerabilities and much more in your SAP Systems. Their products and services can help you to integrate your SAP System into your central threat detection solutions and foster your NIS2 Compliance.

Additionally, you can contact SAGESSE TECH(E-mail : info@sagesseconsultancy.com or kaankars@sagesseconsultancy.com ), if you would like to have a Vulnerability Scanning, SAP Audit or SAP PenTest on your SAP Systems.