Security Experts:

Oracle Boosts Security, Availability With New MySQL Enterprise Extensions

Oracle has released new commercial extensions for MySQL Enterprise during the inaugural MySQL Connect conference, which took place during the Oracle OpenWorld conference in San Francisco. The extensions focus on security and availability, and are available for MySQL Enterprise and MySQL Cluster CGE.

Oracle LogoOn the security side of things, MySQL Enterprise Audit is said to provide “out-of-the-box” auditing solutions that are easy to use, enabling “customers conform to industry best practices and satisfy regulatory requirements.”

According to Oracle, MySQL Enterprise Audit gives customers the ability to implement policy-based monitoring and logging of query activity executed on MySQL databases, dynamically enable/disable audit stream, and implement policies that log all or selected login or query based activities. Additionally, MySQL Enterprise Audit helps users automatically rotate audit log files based on size, without the need for other third party software or custom scripts.

It’s a slimmed down DAM offering that enables “policy-based monitoring and logging of query activity executed on MySQL databases,” according to release notes.

Unfortunately, out of the box anything rarely works at 100-percent, and security is never achieved on compliance alone. While the new extension for MySQL Enterprise customers will no doubt help, something like this is far from a silver bullet.

In addition to the auditing tool, Oracle also released the Distributed Replicated Block Device (DRBD) for Oracle Linux and Oracle Solaris Cluster integration. MySQL Enterprise High Availability with DRBD allows the creation of highly available services (via synchronous replication with mirroring and automatic failover between nodes) using commodity servers and open source software.

The offerings are available now for existing Oracle customers, via the Support Portal or Oracle’s Software Delivery Cloud.

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.