A lot of organizations offer security assessments: Many of them very good at what they do.
But "Defense-in-Depth" requires assessment in depth which means database security must be assessed in depth too.
We customize assessments for each of our customers and and include elements from Oracle "best practices", Center for Internet Security (CIS), STIG, NIST, and DFARS, as well as checks on
your processes, procedures, and documentation. When we do this
we never access your systems or view your data. We provide
scripts to your technical team that capture the necessary metadata. All of our scripts are
written in plain text, will be fully reviewed before you run
them, and become yours to reuse after the assessment.
Here is a few of the many hundreds of the checks we include in
every Oracle database security assessment:
The overwhelming majority of Oracle Databases will fail not one of these tests ... but all of them.
- Can an user with oinstall or DBA group privileges alter installation files?
- Can a user with escalated privileges read plain text versions of encrypted data from
- Can users with normal privilege read source code?
- Can a user with phished
credentials log into your databases?
- Is the Listener configuration
using all of the security options included in your existing license?
- Do protections extend to DR (Disaster Recovery) and data replication sites?
Each of these breaches can be stopped with what you have already
To find how out more contact us and register for a technical, no sales pitch, Lunch & Learn for your
CISO and your team.