On the Third Day of 23ai, Viscosity Gave To Me…

AI-Powered Data Security: Protecting Your Database with Oracle 23ai 

Ensuring data security within your organization is crucial if you are to remain compliant with the increasing data security regulations. Cyberattacks may lead to data breaches, operational disruptions, monetary loss, reputational loss, and other negative impacts.

According to industry reports:

• Almost one-third of attacks are performed by internal actors.
• Over half of internal attacks are on databases.

Sensitive data—such as personally identifiable information, financial details, and healthcare records—makes databases attractive to hackers or insiders who want to steal data for monetary, strategic, or personal reasons.

Hackers try to exploit weaknesses in user and admin credentials, applications, and database configurations. How do you manage against a legion of attackers?

Oracle provides a rich set of default security features to manage user accounts, authentication, privileges, application security, encryption, network traffic, and auditing. We will review some AI-Powered Data Security capabilities in Oracle Database 23ai that help to protect your data.

Oracle SQL Firewall

Oracle SQL Firewall inspects all incoming database connections and SQL statements, ensuring that only explicitly authorized SQL runs in the database.

SQL Firewall helps to:

• Provide real-time protection by restricting database access to only authorized SQL statements and database connections.
• Mitigate SQL injection attacks, anomalous access, and credential theft/abuse risks.
• Enforce trusted database connection paths.

To use Oracle SQL Firewall, follow three steps: first, enable Oracle SQL

Firewall; second, capture the user's normal SQL activities; and third, enable and enforce allowlists.

1. Enable SQL Firewall with the following function:
   
   dbms_sql_firewall.enable;  
   
   
2. Capture the normal SQL activities: 
   For every database user that you want to protect with SQL Firewall: you must enable SQL Firewall to learn the normal SQL traffic of the database user. After you review the captured SQL statements, you can generate an SQL Firewall policy with allow-lists that set the baseline for allowed SQL statements and allowed contexts. Use the following function to capture SQL activities:
   
   exec dbms_sql_firewall.create_capture('user');

You can query SQL Firewall-specific data dictionary views to review this captured data and determine whether the collected SQL statements and connection paths are adequate to constitute the allow lists.

• dba_sql_firewall_capture_logs
• dba_sql_firewall_allowed_ip_addr
• dba_sql_firewall_allowed_os_prog
• dba_sql_firewall_allowed_os_user
• dba_sql_firewall_allowed_sql

3. Enable and enforce the allow-lists: Use the following procedure to enforce allow-lists:
   
   exec dbms_sql_firewall.generate_allow_list ('user');

            You can use the ENFORCE parameter to determine the enforcement:

• ENFORCE_CONTEXT: Enforces the context (IP Address, OS User and OS Program) allow-list.
• ENFORCE_SQL: Enforces the SQL allow-list.
• ENFORCE_ALL: Enforces the context and SQL allow-lists.

Oracle Data Safe

Oracle Data Safe is a cloud-native tool that enables you to achieve data privacy and compliance for your Oracle Databases. In addition, Data Safe monitors and assesses your database configurations, user accounts, and security controls to assist you in securing your databases.

Data Safe Key Features:

• Security assessment: Evaluate your database security posture. Analyze security parameters, user roles, and privileges, categorize and prioritize risks, and present a dashboard on the results.
• User assessment: Identifies risky and overprivileged users. Evaluate profile information, such as user type, password policies, last login, and password age, and present a dashboard with the risk summary classified by Critical, High, Medium, and Low.
• Activity auditing: Collects data from your database and identifies anomalous operations. Manages audit and alert policies from the Data Safe console.
• 23ai SQL Firewall: Data Safe helps you train and centrally manage 23ai SQL Firewall. Data Safe collects the violation logs and lets you analyze and report on violations.
• Sensitive data discovery: Discover and classify sensitive data based on a library of more than 150 predefined sensitive data types that easily can be extended with custom data types to meet any organization’s requirements.
• Data masking: Works together with Sensitive Data Discovery to replace sensitive data with realistic yet obscured data for safe use in non-production environments.

All these features are displayed in interactive dashboards, so you can easily drill down into any specific area of interest.

You can use Data Safe in the following target databases:

• Autonomous Database
• Oracle Cloud Database
• Oracle On-Premises Database
• Oracle Database on Compute
• Oracle Cloud@Customer Database
• Amazon RDS for Oracle Database

Steps to get started with Oracle Data Safe:

On your target database:

• Create an Oracle Data Safe Service Account.
• Grant Roles to the Oracle Data Safe Service Account: the Oracle Data Safe wizard in OCI Console provides the datasafe_privileges.sql script.

On your OCI Console:

• Add Oracle Data Safe's NAT Gateway IP Address to Your Virtual Cloud Network's Security List.
• Start the Data Safe Wizard: the wizard will guide you through the process of deploying Data Safe in your target database.

With the appropriate security measures in place, data can be protected from many types of attack vectors, such as man-in-the-middle attacks, packet sniffing, or data tampering. Both Oracle SQL Firewall and Oracle Data Safe use IA models to capture SQL activities and classify sensitive data, helping you to reduce risk and protect data from theft, destruction, or misuse.