Viscosity
logo-black
  • Data
    • Database Services
      • Performance Assessment
      • Proactive Healthcheck
      • Database Migration & Consolidation
      • Performance Tuning
    • Microsoft Services
      • Microsoft Azure Services
      • Microsoft SQL Server Services
      • Microsoft Gold Azure Partner
    • Oracle Services
      • Oracle Database 19c
      • Oracle Database 23ai
      • RAC
      • GoldenGate
      • Data Guard
      • Oracle & SQL Database
    • Viscosity Remote Services
  • Apps
    • App Dev Services
    • Oracle APEX
    • Viscosity AMP
    • Viscosity-ai
    • Shane-ai
  • Cloud
    • Cloud Services
    • Hybrid Cloud
    • Viscosity Edge Cloud
    • Virtualization & Cloud Expertise
    • Microsoft Azure Services
  • Infrastructure
    • Infrastructure Services
    • Exadata
      • Exadata Resale & Services
    • Oracle Database Appliance
      • Oracle Database Appliance Resale & Services
      • ODA Health Checks
    • Zero Data Loss Recovery Appliance
    • VMware to KVM Migration
  • Events
    • Upcoming Events
    • Virtual Training
    • 2025 Past Events
    • 2024 Past Events
    • 2023 Past Events
    • 2022 Past Events
  • About
    • About Us
    • News
    • Blogs
    • Publications
    • Contact
Hit enter to search or ESC to close
ENGAGE WITH US

database administration , data security , oracle 23ai , oracle data safe , SQL Firewall

On the Third Day of 23ai, Viscosity Gave To Me…

By Julio Ayapan
December 11, 2024

AI-Powered Data Security: Protecting Your Database with Oracle 23ai 

Ensuring data security within your organization is crucial if you are to remain compliant with the increasing data security regulations. Cyberattacks may lead to data breaches, operational disruptions, monetary loss, reputational loss, and other negative impacts.

 

According to industry reports:

  • Almost one-third of attacks are performed by internal actors.
  • Over half of internal attacks are on databases.

Sensitive data—such as personally identifiable information, financial details, and healthcare records—makes databases attractive to hackers or insiders who want to steal data for monetary, strategic, or personal reasons.

 

Hackers try to exploit weaknesses in user and admin credentials, applications, and database configurations. How do you manage against a legion of attackers?

 

Oracle provides a rich set of default security features to manage user accounts, authentication, privileges, application security, encryption, network traffic, and auditing. We will review some AI-Powered Data Security capabilities in Oracle Database 23ai that help to protect your data.

 

Oracle SQL Firewall

Oracle SQL Firewall inspects all incoming database connections and SQL statements, ensuring that only explicitly authorized SQL runs in the database.

 

SQL Firewall helps to:

  • Provide real-time protection by restricting database access to only authorized SQL statements and database connections.
  • Mitigate SQL injection attacks, anomalous access, and credential theft/abuse risks.
  • Enforce trusted database connection paths.

To use Oracle SQL Firewall, follow three steps: first, enable Oracle SQL

Firewall; second, capture the user's normal SQL activities; and third, enable and enforce allowlists.

 

  1. Enable SQL Firewall with the following function:

    dbms_sql_firewall.enable;  

  2. Capture the normal SQL activities: 
    For every database user that you want to protect with SQL Firewall: you must enable SQL Firewall to learn the normal SQL traffic of the database user. After you review the captured SQL statements, you can generate an SQL Firewall policy with allow-lists that set the baseline for allowed SQL statements and allowed contexts. Use the following function to capture SQL activities:

    exec dbms_sql_firewall.create_capture('user');

You can query SQL Firewall-specific data dictionary views to review this captured data and determine whether the collected SQL statements and connection paths are adequate to constitute the allow lists.

 

  • dba_sql_firewall_capture_logs
  • dba_sql_firewall_allowed_ip_addr
  • dba_sql_firewall_allowed_os_prog
  • dba_sql_firewall_allowed_os_user
  • dba_sql_firewall_allowed_sql
  1. Enable and enforce the allow-lists: Use the following procedure to enforce allow-lists:

    exec dbms_sql_firewall.generate_allow_list ('user');

            You can use the ENFORCE parameter to determine the enforcement:

 

  • ENFORCE_CONTEXT: Enforces the context (IP Address, OS User and OS Program) allow-list.
  • ENFORCE_SQL: Enforces the SQL allow-list.
  • ENFORCE_ALL: Enforces the context and SQL allow-lists.

Oracle Data Safe

Oracle Data Safe is a cloud-native tool that enables you to achieve data privacy and compliance for your Oracle Databases. In addition, Data Safe monitors and assesses your database configurations, user accounts, and security controls to assist you in securing your databases.

 

Data Safe Key Features:

  • Security assessment: Evaluate your database security posture. Analyze security parameters, user roles, and privileges, categorize and prioritize risks, and present a dashboard on the results.
  • User assessment: Identifies risky and overprivileged users. Evaluate profile information, such as user type, password policies, last login, and password age, and present a dashboard with the risk summary classified by Critical, High, Medium, and Low.
  • Activity auditing: Collects data from your database and identifies anomalous operations. Manages audit and alert policies from the Data Safe console.
  • 23ai SQL Firewall: Data Safe helps you train and centrally manage 23ai SQL Firewall. Data Safe collects the violation logs and lets you analyze and report on violations.
  • Sensitive data discovery: Discover and classify sensitive data based on a library of more than 150 predefined sensitive data types that easily can be extended with custom data types to meet any organization’s requirements.
  • Data masking: Works together with Sensitive Data Discovery to replace sensitive data with realistic yet obscured data for safe use in non-production environments.

All these features are displayed in interactive dashboards, so you can easily drill down into any specific area of interest.

 

You can use Data Safe in the following target databases:

  • Autonomous Database
  • Oracle Cloud Database
  • Oracle On-Premises Database
  • Oracle Database on Compute
  • Oracle Cloud@Customer Database
  • Amazon RDS for Oracle Database

Steps to get started with Oracle Data Safe:

On your target database:

  • Create an Oracle Data Safe Service Account.
  • Grant Roles to the Oracle Data Safe Service Account: the Oracle Data Safe wizard in OCI Console provides the datasafe_privileges.sql script.

On your OCI Console:

  • Add Oracle Data Safe's NAT Gateway IP Address to Your Virtual Cloud Network's Security List.
  • Start the Data Safe Wizard: the wizard will guide you through the process of deploying Data Safe in your target database.

With the appropriate security measures in place, data can be protected from many types of attack vectors, such as man-in-the-middle attacks, packet sniffing, or data tampering. Both Oracle SQL Firewall and Oracle Data Safe use IA models to capture SQL activities and classify sensitive data, helping you to reduce risk and protect data from theft, destruction, or misuse.

 

 

Conclusion

Oracle 23ai’s AI-powered data security tools, like SQL Firewall and Data Safe, are redefining how organizations protect sensitive data. Whether you're securing databases in the cloud or on-premises, these innovations offer a proactive, AI-driven approach to risk reduction. Stay tuned for more insights in our 12 Days of Oracle 23ai series, and take your database security to the next level.

 

Happy Holidays! 🎄

All posts
About Author
Julio Ayapan

Julio is a Senior DBA for Viscosity North America, with over 9 years of experience in multiple virtualizations, software development, and database technologies across different industries. He is an expert in database administration, analytics, operating systems, and cloud technologies. Julio is an Oracle Certified Professional and Expert, actively participates in Oracle-related forums, and maintains a Personal Technology blog.

You might also like
SUBMIT YOUR COMMENT
logo for footer

Viscosity's core expertise includes:

Data Transformation, Emerging Technology, High Availability & Scalability Solutions, Cloud Migrations, Performance Tuning, Data Integrations, Machine Learning, APEX Development, and Custom Application Development.


Solutions

Resources

Partnerships

Careers

Clients

 

Contact
Email: sales@viscosityna.com

Telephone:
(469) 444-1380

Address:
3016 Communications Pkwy Suite 200, Plano, TX 75093

Copyright 2025. All Rights Reserved by Viscosity North America.