Databases Reference
In-Depth Information
privileged users' changes and sensitive data access. Oracle Databases dating back to
Oracle 9
i
Release 2 can be monitored. A software development kit (SDK) is available
for building custom audit collectors.
Oracle acquired a product now known as Database Firewall in 2010. The product per‐
forms traditional network firewall operations, but with a focus on limiting access to
database capabilities, such as SQL injection. In Oracle Database 12
c
, the Database Fire‐
wall product has been added to Audit Vault.
Flashback Data Archive
Flashback technology was introduced in
Chapter 3
, because this capability is based on
rollback segments. Although Flashback was initially introduced with Oracle9
i
, Oracle
Database 11
g
first enabled a particular use of Flashback that can help address compliance
issues.
Flashback Data Archive gives you the ability to see all of the changes that occur to a
record throughout its lifetime. This type of history tracking can provide the key infor‐
mation required to demonstrate compliance, as well as to track the source of errors in
compliance or usage.
Transparent Sensitive Data Protection
Tied to the Oracle Database 12
c
release, Enterprise Manager includes a new capability
called Sensitive Data Discovery. This procedure helps to discover the existence of po‐
tentially sensitive data by examining a number of sources, including the data dictionary
and metadata for applications, and uses information such as data relationships to iden‐
tify sensitive data that might need attention, such as encryption, redaction, or encrypt‐
ing. All data security features in Oracle Database 12
c
can use this information in a feature
called Transparent Sensitive Data Protection to create policies to protect the sensitive
data. The policy is uniformly implemented over all occurrences of a particular type of
sensitive data, and the policies can be changed to keep in step with changing audit and
protection requirements.
