A lot of organizations offer security assessments: Many of them very good at what they do.
But "Defense-in-Depth" requires assessment in depth which means database security must be assessed in depth too.
We customize assessments for each of our customers and and include elements from Oracle "best practices", Center for Internet Security (CIS), STIG, NIST, and DFARS, as well as checks on your processes, procedures, and documentation.
When we do this we never access your systems or view your data. We provide scripts to your technical team that capture the necessary metadata.
All of our scripts are written in plain text, will be fully reviewed before you run them, and become yours to reuse after the assessment.
Here is a few of the many hundreds of the checks we include in every Oracle database security assessment:
- Can an user with oinstall or DBA group privileges alter installation files?
- Can a user with escalated privileges read plain text versions of encrypted data from database memory?
- Can users with normal privilege read source code?
- Can a user with phished credentials log into your databases?
- Is the Listener configuration using all of the security options included in your existing license?
- Do protections extend to DR (Disaster Recovery) and data replication sites?
The overwhelming majority of Oracle Databases will fail not one of these tests ... but all of them.
Each of these breaches can be stopped with what you have already licensed.
To find how out more contact us and register for a technical, no sales pitch, Lunch & Learn for your CISO and your team.
|
|