Database Security & Compliance with Audit Vault and Database Firewall. Pierre Leon Database Security

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Database Security & Compliance with Audit Vault and Database Firewall. Pierre Leon Database Security"

Transcription

1 Database Security & Compliance with Audit Vault and Database Firewall Pierre Leon Database Security 1

2 Topics Encryption Authentication Authorising highly privileged users Access control by data classification Network-based access control & auditing Production data used elsewhere Enterprise-wide configuration management 3

3 ENCRYPTION 4

4 Encrypting Data At Rest Oracle Advanced Security Disk Backups Exports Application Off-Site Facilities Efficient encryption of all application data Built-in key lifecycle management No application changes required Works with Exadata and Oracle Advanced Compression 5

5 Transparent Data Encryption Automatic 2-Level Key Management Master key stored in PKCS#12 wallet or HW Sec Module! Column / Tablespace keys encrypted by MASTER KEY Security Admin opens wallet/hsm containing the MASTER KEY Table/Tablespace keys encrypt data on disk Copyright Oracle Corporation, 2010,2011. All rights reserved 6

6 Strong Authentication / Network Encryption Oracle Advanced Security Standards-based encryption for data in transit Strong authentication of users and servers No infrastructure changes required Easy to implement Copyright Oracle Corporation, All rights reserved 11

7 AUTHENTICATION 14

8 Strong Authentication Oracle Advanced Security Supported authentication servers Oracle Internet Directory (EUS) Kerberos Win2K/XP (Active Dir) Entrust (PKI) Radius API - Smartcards - SecurID tokens - Biometric devices Oracle Database Benefits! Authentication that is stronger than passwords! Integrate DB authentication with infrastructure Authentication Service Copyright Oracle Corporation, 2010,2011. All rights reserved 15

9 Centralised User and Role Management Enterprise User Security Client User authenticates with password, Kerberos or X509v3 certificate over SSL Authorise Database Privileges Example Verify A B Chained Authent. Fetch Global Roles from Directory Active Directory Kerberos Authentication OID/OVD/ODSEE stores user credentials and roles Copyright Oracle Corporation, 2010,2011. All rights reserved 17

10 Centralised User and Role Management Enterprise User Security Benefits Centralised user & role provisioning Reduce in-database user accounts Works with existing repositories Plugs into Identity Management solutions Oracle Identity Management Copyright Oracle Corporation, All rights reserved 18

11 AUTHORISING HIGHLY PRIVILEGED USERS 23

12 Protecting Sensitive Data Inside The DB Oracle Database Vault Security DBA Application Procurement HR Application DBA Finance select * from finance.customers DBA Automatic and customisable protective realms and DBA separation of duties Enforce who, where, when, and how using rules and factors Enforce least privilege for privileged database users Prevent application by-pass and enforce enterprise data governance Securely consolidate application data or enable multi-tenant data management EAL 4+ certified 24

13 Protecting Commands Command Rules & Authorisation Factors Application Procurement HR Finance User - Name - Authentication type - Session User - Proxy Enterprise Identity Network - Machine name - Client IP - Network Protocols Database - Database IP - Database Instance - Database Hostname - Database SID Runtime - Language - Date/Day of Week - Time Rules to control how users can execute almost any SQL statement regardless of the Realm in which the object exists Command rules can take into account 30+ built-in or custom Factors Command rules can be system-wide, schema specific, object specific, and comprised of rule sets Out-of-the command rules for Oracle and non-oracle applications 27

14 Example Break Glass Rule Set Rule Set Business Manager AND DBA Security Admin Rule Set 2 Hours AND Rule Set Objects AND Commands 28

15 Out of the Box Protection Templates For Application Data Pre-built policies include realms and command rules Prevent DBA from accessing application data Prevent privileged users from tampering with application objects Complements application security Transparent to existing applications Customisable Oracle E-Business Suite 11i / R12 PeopleSoft Applications Siebel, i-flex JD Edwards Enterprise One SAP Infosys Finacle 30 30

16 ACCESS CONTROL BY DATA CLASSIFICATION DYNAMIC DATA HIDING 31

17 Data Classification Oracle Label Security Confidential Sensitive Transactions Confidential Report Data Public Reports Sensitive Classify users and data based on business drivers Database enforced row level access control Users classification through Oracle Identity Management Suite Classification labels can be factors in other policies EAL4+ certified Copyright Oracle Corporation, 2010,2011. All rights reserved 32

18 ENTERPRISE-WIDE NETWORK-BASED ACCESS CONTROL & AUDITING 40

19 Oracle Audit Vault and Database Firewall Detective/Preventive Control for Oracle and Non-Oracle Databases Users Database Firewall Allow Log Alert Applications Substitute Block Firewall Events Auditor Security Manager Reports Alerts Policies!! Audit Data Audit Vault OS, Directory Services, File system & Custom Audit Logs 41

20 Audit and Event Repository " Based on proven Oracle Database technology Includes compression, partitioning, scalability, high availability, etc. Open schema for flexible reporting " Information lifecycle management for target specific data retention " Centralised web console for easy administration " Command line utility for automation and scripting 42

21 Expanded Enterprise Auditing " Databases: Oracle, SQL Server, DB2 LUW, Sybase ASE " New Audit Sources Operating Systems: Microsoft Windows, Solaris Directory Services: Active Directory File Systems: Oracle ACFS " Audit Collection Plugins for Custom Audit Sources XML file maps custom audit elements to canonical audit elements Collect and map data from XML audit file and database tables 43

22 Oracle Audit Vault and Database Firewall SQL Injection Protection with Positive Security Model SELECT * from stock where catalog-no='phe8131' White List Allow Applications SELECT * from stock where catalog-no=' ' union select cardno,0,0 from Orders --' Block Databases Allowed behavior can be defined for any user or application Automated white list generation for any application Out-of-policy database transaction detected and blocked/alerted 44

23 Oracle Audit Vault and Database Firewall Constraining Activity with Negative Security Model SELECT * FROM v$session Black List DBA activity via Applications DBA activity via Approved Workstation SELECT * FROM v$session Block Allow + Log Stop specific unwanted SQL interactions, user or schema access Blacklisting can be done on factors such as time of day, day of week, network, application, user name, OS user name etc Provide flexibility to authorised users while still monitoring activity 45

24 Oracle Audit Vault and Database Firewall Flexible Policy Enforcement Log Applications Allow SELECT * FROM accounts Becomes Alert SELECT * FROM dual where 1=0 Substitute Block SQL Grammar Analysis reduces millions of SQL statements into clusters Decision time is not influenced by the number of rules in the policy Enforcement at SQL level: block, substitute, alert and pass, log only SQL substitution foils attackers without disrupting applications 46

25 Audit and Event Data Security " Soft Appliance Hardened OS Preconfigured database " Fine-grained Administrative Groups Sources can be grouped for access authorisation Individual auditor reports limited to data from the grouped sources " Separation of Duty Separate administrator and auditor roles to restrict access Super-auditor manages data access permissions per source per auditor user " Alerting enhancements Multi-event alerts with thresholds & group-by 47

26 Performance and Scalability " Audit Vault Supports monitoring and auditing multiple hundreds of heterogeneous database and non-database targets Supports wide range of hardware to meet load requirements " Database Firewall Decision time is independent of the number of rules in the policy Multi-device / multi-process / multi-core scalability 8 core can handle between 30K 60K transactions/second 48

27 Flexible Deployment Architecture In-Line Blocking and Monitoring Applications and Users Remote Monitoring Out-of-Band Monitoring HA Mode Audit Vault Standby Audit Vault Primary Audit Data Soft appliance Audit Agents 49

28 Deployment Convenience " Soft-appliance packaging for firewall and server components " Simple installation and staged rollout All components are pre-configured; only basic network settings are required initially Start with auditing and extend to monitoring; or vice-versa HA mode " Convenient agent deployment and upgrade Easy agent deployment and upgrade with single downloadable jar file Includes all collection plug-ins & local network monitoring Comprehensive administrator tools to manage large deployments " Audit policy management and integrated audit trail cleanup 50

29 Single Administrator Console 51

30 Default Reports 52

31 Out-of-the Box Compliance Reporting 53

32 Report with Data from Multiple Source Types 54

33 Auditing Stored Procedure Calls Not everything is visible on the network 55

34 Comprehensive Audit Data 56

35 Blocking SQL Injection Attacks 57

36 Powerful Alerting Filter Conditions 58

37 PRODUCTION DATA USED ELSEWHERE 59

38 Secure Test System Deployment Data Masking Production LAST_NAME SSN SALARY AGUILAR ,000 BENSON ,000 Data Relationship Modeling Test Sensitive Data Identification Test System Setup Data Subsetting LAST_NAME SSN SALARY SMITH ,000 MILLER ,000 Data Masking Deploy secure test system by masking sensitive data Extensible template library and policies for automation Sophisticated masking: Condition-based, compound, deterministic Integrated masking and cloning NEW in EM 11g: Heterogeneous Data Masking NEW in EM 11g: Pre- and Post-mask commands and command line (EMCLI) support NEW in EM 12c: Data Masking integration with Real Application Testing NEW in EM 12c: Key-based reversible masking 68

39 Heterogeneous Data Masking Oracle Databases Data Relationship Modeling Non-Oracle Databases Sensitive Data Identification Test System Setup Data Subsetting Data Masking manage Production (Oracle) Production (non-oracle) monitor Enterprise Manager Cloujd Control with Data Masking manage manage Staging (Oracle) Test (Oracle) Staging (Oracle) Test (non-oracle) Database Gateway Database Gateway manage monitor Enterprise Manager Cloud Control with Data Masking Available for IBM DB2, Microsoft SQLServer, Sybase 71

40 ENTERPRISE-WIDE CONFIGURATION MANAGEMENT 72

41 Comply with IT Policies Know Where You Stand and Where You re Headed Rich Out of the box content: >1700 Compliance Rules > 30 Compliance Standards Security Recommendations Best Practices Self Updateable Always up to date Compliance Scores Historic trend to track progress Detailed Violation information: Reason for Violation Recommended Resolutions My Oracle Support Knowledge Articles Compliance Dashboard - Overview 74

42 Comply with IT Policies Know Where You Stand and Where You re Headed Rich Out of the box content: >1700 Compliance Rules > 30 Compliance Standards Security Recommendations Best Practices Self Updateable Always up to date Compliance Scores Historic trend to track progress Detailed Violation information: Reason for Violation Recommended Resolutions My Oracle Support Knowledge Articles Violation Details 76

43 Database Security Defence-In-Depth Database Encryption Prevent access by non-database users for data at rest, in motion, and stored data Database Authentication Increase database user identity assurance Database Access + Audit Audit database activity and create reports Monitor database traffic and prevent threats from reaching the database Data Segregation Strict access control to application data even from privileged users Enforce multi-factor authorisation Data Anonymisation Mask sensitive data in non-production environments Database Secure Configuration Ensure database production environment is secure and prevent drift 79

44 Database Security Defence-In-Depth Database Encryption Oracle Advanced Security Database Authentication Oracle Advanced Security Database Access + Audit Oracle Audit Vault + Database Firewall Data Segregation Oracle Database Vault Oracle Label Security Data Anonymisation Oracle Data Masking Database Secure Configuration Oracle Configuration Manager 80

45 The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle. 82

46 Q! &! A! 84 84

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved. 1 Introducing Oracle Audit Vault and Database Firewall Billions of Database Records Breached Globally 97% of Breaches Were Avoidable with Basic Controls 98% records stolen from databases 84% records breached

More information

Oracle Database Security

Oracle Database Security Oracle Database Security Paul Needham, Senior Director, Product Management, Database Security Target of Data Breaches 2010 Data Breach Investigations Report Type Category % Breaches

More information

Securing Data in Oracle Database 12c

Securing Data in Oracle Database 12c Securing Data in Oracle Database 12c Thomas Kyte http://asktom.oracle.com/ Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes

More information

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Copyright 2013, Oracle and/or its affiliates. All rights reserved. 1 Solutions for securing and auditing Oracle database Edgars Ruņģis Technology Consultant Why Are Databases Vulnerable? 80% of IT Security Programs Don t Address Database Security Forrester Research Enterprises

More information

Protecting Sensitive Data Reducing Risk with Oracle Database Security

Protecting Sensitive Data Reducing Risk with Oracle Database Security Protecting Sensitive Data Reducing Risk with Oracle Database Security Antonio.Mata.Gomez@oracle.com Information Security Architect Agenda 1 2 Anatomy of an Attack Three Steps to Securing an Oracle Database

More information

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Copyright 2013, Oracle and/or its affiliates. All rights reserved. 1 Security Inside-Out with Oracle Database 12c Denise Mallin, CISSP Oracle Enterprise Architect - Security The following is intended to outline our general product direction. It is intended for information

More information

Oracle Database Security. Paul Needham Senior Director, Product Management Database Security

Oracle Database Security. Paul Needham Senior Director, Product Management Database Security Oracle Database Security Paul Needham Senior Director, Product Management Database Security Safe Harbor Statement The following is intended to outline our general product direction. It is intended for

More information

Oracle Audit Vault and Database Firewall. Morana Kobal Butković Principal Sales Consultant Oracle Hrvatska

Oracle Audit Vault and Database Firewall. Morana Kobal Butković Principal Sales Consultant Oracle Hrvatska Oracle Audit Vault and Database Firewall Morana Kobal Butković Principal Sales Consultant Oracle Hrvatska The following is intended to outline our general product direction. It is intended for information

More information

Oracle Audit Vault and Database Firewall

Oracle Audit Vault and Database Firewall Oracle Audit Vault and Database Firewall Angelo Maria Bosis Sales Consulting Director Oracle Italia Billions of Database Records Breached Globally 97% of Breaches Were Avoidable with

More information

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information 1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information The following is intended to outline our general product direction. It is intended for information purposes only,

More information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved. 1 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any

More information

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information 1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information Proteggere i dati direttamente nel database Una proposta tecnologica Angelo Maria Bosis Sales Consulting Senior Manager

More information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved. 1 Seguridad en profundidad Jaime Briggs MSc CS, CISSP, CCSK Sales Manager Strategic accounts Agenda Los Controles ISO 27001 Defensa en Profundidad Productos que dan respuesta Roadmap a seguridad Q&A 3

More information

Oracle Database Security Overview

<Insert Picture Here> Oracle Database Security Overview Oracle Database Security Overview Tammy Bednar Sr. Principal Product Manager tammy.bednar@oracle.com Data Security Challenges What to secure? Sensitive Data: Confidential, PII, regulatory

More information

Complete Database Security. Thomas Kyte http://asktom.oracle.com/

Complete Database Security. Thomas Kyte http://asktom.oracle.com/ Complete Database Security Thomas Kyte http://asktom.oracle.com/ Agenda Enterprise Data Security Challenges Database Security Strategy Oracle Database Security Solutions Defense-in-Depth Q&A 2 Copyright

More information

Hayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks

Hayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks EXTENDING ACCESS WHILE ENHANCING CONTROL FOR YOUR ORGANIZATION S DATA LEVERAGE THE POWER OF F5 AND ORACLE TO DELIVER SECURE ACCESS TO APPLICATIONS AND DATABASES Hayri Tarhan, Sr. Manager, Public Sector

More information

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information 1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information The following is intended to outline our general product direction. It is intended for information purposes only,

More information

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Copyright 2013, Oracle and/or its affiliates. All rights reserved. 1 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any

More information

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Copyright 2013, Oracle and/or its affiliates. All rights reserved. 1 Security Inside Out Latest Innovations in Oracle Database 12c Jukka Männistö Database Architect Oracle Nordic Coretech Presales The 1995-2014 Security Landscape Regulatory Landscape HIPAA, SOX (2002),

More information

Oracle Identity Management Securing The New Digital Experience

Oracle Identity Management Securing The New Digital Experience Oracle Identity Management Securing The New Digital Experience Security: User Single Sign-On, Certifying User Access, and Masking Sensitive Data Henry Anzarouth Principal Sales Consultant, Security and

More information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved. 1 Oracle Database Security Advanced Security Option Thanos Terentes Printzios DB & Options Specialist A&C Technology Adoption Office Oracle Partner Business Development, ECEMEA 2 What is a customers INFORMATION

More information

Security It s an ecosystem thing

Security It s an ecosystem thing Security It s an ecosystem thing Joseph Alhadeff Vice President Global Public Policy, Chief Privacy Strategist The Security challenge in the before time. Today s Threat Environment

More information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved. 1 Cumplimiento de PMG SSI para sector Gobierno en Chile Jaime Briggs MSc CS, CISSP, CCSK Sales Manager Strategic accounts jaime.briggs@oracle.com Agenda Pilares Fundamentales de SSI Desafios de Seguridad

More information

Oracle 1Z0-528 Exam Questions & Answers

Oracle 1Z0-528 Exam Questions & Answers Oracle 1Z0-528 Exam Questions & Answers Number: 1Z0-528 Passing Score: 660 Time Limit: 120 min File Version: 21.1 http://www.gratisexam.com/ Oracle 1Z0-528 Exam Questions & Answers Exam Name: Oracle Database

More information

An Oracle White Paper June 2009. Oracle Database 11g: Cost-Effective Solutions for Security and Compliance

An Oracle White Paper June 2009. Oracle Database 11g: Cost-Effective Solutions for Security and Compliance An Oracle White Paper June 2009 Oracle Database 11g: Cost-Effective Solutions for Security and Compliance Protecting Sensitive Information Information ranging from trade secrets to financial data to privacy

More information

An Oracle White Paper June 2013. Security and Compliance with Oracle Database 12c

An Oracle White Paper June 2013. Security and Compliance with Oracle Database 12c An Oracle White Paper June 2013 Security and Compliance with Oracle Database 12c Introduction... 3 Oracle Database 12c Security... 4 Locating and Cataloging Your Sensitive Data... 4 Monitoring the Configuration

More information

Oracle Database Vault

<Insert Picture Here> Oracle Database Vault Oracle Database Vault Kamal Tbeileh Senior Principal Product Manager, Database Security The following is intended to outline our general product direction. It is intended for information

More information

Guardium Change Auditing System (CAS)

Guardium Change Auditing System (CAS) Guardium Change Auditing System (CAS) Highlights. Tracks all changes that can affect the security of database environments outside the scope of the database engine Complements Guardium's Database Activity

More information

An Oracle White Paper April 2014. Oracle Audit Vault and Database Firewall

An Oracle White Paper April 2014. Oracle Audit Vault and Database Firewall An Oracle White Paper April 2014 Oracle Audit Vault and Database Firewall Introduction... 2 Oracle Audit Vault and Database Firewall Overview... 3 Auditing and Monitoring Overview... 3 Audit Vault... 4

More information

An Oracle White Paper April 2014. Security and Compliance with Oracle Database 12c

An Oracle White Paper April 2014. Security and Compliance with Oracle Database 12c An Oracle White Paper April 2014 Security and Compliance with Oracle Database 12c Introduction... 2 Oracle Database 12c Security... 3 Protecting Against Database Bypass Threats... 3 Limiting Sensitive

More information

InfoSphere Guardium Ingmārs Briedis (ingmars.briedis@also.com) IBM SW solutions

InfoSphere Guardium Ingmārs Briedis (ingmars.briedis@also.com) IBM SW solutions InfoSphere Guardium Ingmārs Briedis (ingmars.briedis@also.com) IBM SW solutions Agenda Any questions unresolved? The Guardium Architecture Integration with Existing Infrastructure Summary Any questions

More information

Oracle Database 11g: Security Release 2. Course Topics. Introduction to Database Security. Choosing Security Solutions

Oracle Database 11g: Security Release 2. Course Topics. Introduction to Database Security. Choosing Security Solutions Oracle Database 11g: Security Release 2 In this course, students learn how they can use Oracle Database features to meet the security, privacy and compliance requirements of their organization. The current

More information

Oracle Database 11g: Security. What you will learn:

Oracle Database 11g: Security. What you will learn: Oracle Database 11g: Security What you will learn: In Oracle Database 11g: Security course students learn how they can use Oracle database features to meet the security, privacy and compliance requirements

More information

Data Security: Strategy and Tactics for Success

Data Security: Strategy and Tactics for Success Data Security: Strategy and Tactics for Success DatabaseVisions,Inc. Fairfax, Va Oracle Gold Partner Solution Provider Oracle Security Specialized www.databasevisions.com Overview Cloud Computing presents

More information

Oracle Database 11g: Security Release 2

Oracle Database 11g: Security Release 2 Oracle University Contact Us: 1.800.529.0165 Oracle Database 11g: Security Release 2 Duration: 5 Days What you will learn In this course, you'll learn how to use Oracle Database features to meet the security,

More information

D50323GC20 Oracle Database 11g: Security Release 2

D50323GC20 Oracle Database 11g: Security Release 2 D50323GC20 Oracle Database 11g: Security Release 2 What you will learn In this course, you'll learn how to use Oracle Database features to meet the security, privacy and compliance requirements of their

More information

Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules

Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules WHITE PAPER Thales e-security www.thalesesec.com/oracle TABLE OF CONTENT Introduction...3 Oracle Database 11g

More information

MySQL Security: Best Practices

MySQL Security: Best Practices MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes

More information

Database Security Questions HOUG 2016. Fehér Lajos. Copyright 2015, Oracle and/or its affiliates. All rights reserved.

Database Security Questions HOUG 2016. Fehér Lajos. Copyright 2015, Oracle and/or its affiliates. All rights reserved. Database Security Questions HOUG 2016 Fehér Lajos 1 How Data Gets Compromised? Source: Verizon Data Breach Investigations Report Copyright 2015, Oracle and/or 2its affiliates. All rights reserved. Where

More information

Managing Oracle E-Business Suite Security

Managing Oracle E-Business Suite Security Managing Oracle E-Business Suite Security Erik Graversen, Senior Principal Software Developer Elke Phelps, Senior Principal Product Manager Oracle E-Business Suite Applications Technology Oracle Open World,

More information

Oracle Database Security Solutions

Oracle Database Security Solutions Oracle Database Security Solutions Eric Cheung Senior Manager, Technology Sales Consulting Eric.cheung@oracle.com May 2008 Key Drivers for Data Security Privacy and Compliance Sarbanes-Oxley

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

Installing and Configuring Guardium, ODF, and OAV

Installing and Configuring Guardium, ODF, and OAV Installing and Configuring Guardium, ODF, and OAV In this appendix, we will cover the following topics: ff ff ff IBM Infosphere Guardium Database Security Oracle Database Firewall Oracle Audit Vault IBM

More information

VMware vsphere Data Protection

VMware vsphere Data Protection VMware vsphere Data Protection Replication Target TECHNICAL WHITEPAPER 1 Table of Contents Executive Summary... 3 VDP Identities... 3 vsphere Data Protection Replication Target Identity (VDP-RT)... 3 Replication

More information

Next Generation Solutions for Indian Railways. Sundar Ram VP, Technology Sales Consulting

Next Generation Solutions for Indian Railways. Sundar Ram VP, Technology Sales Consulting Next Generation Solutions for Indian Railways Sundar Ram VP, Technology Sales Consulting Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information

More information

Safeguard Sensitive Data in EBS: A Look at Oracle Database Vault, Transparent Data Encryption, and Data Masking. Lucy Feng

Safeguard Sensitive Data in EBS: A Look at Oracle Database Vault, Transparent Data Encryption, and Data Masking. Lucy Feng Delivering Oracle Success Safeguard Sensitive Data in EBS: A Look at Oracle Database Vault, Transparent Data Encryption, and Data Masking Lucy Feng RMOUG Training Days February 2012 About DBAK Oracle Solution

More information

PCI DSS-Payment Card Industry. Security Summit 2010. Master Principal Sales Consultant - Alfredo Valenza - Oracle Italia

<Insert Picture Here> PCI DSS-Payment Card Industry. Security Summit 2010. Master Principal Sales Consultant - Alfredo Valenza - Oracle Italia PCI DSS-Payment Card Industry Data Security Standard Security Summit 2010 Master Principal Sales Consultant - Alfredo Valenza - Oracle Italia This document is for informational purposes.

More information

Security Compliance and Data Governance: Dual problems, single solution CON8015

Security Compliance and Data Governance: Dual problems, single solution CON8015 Security Compliance and Data Governance: Dual problems, single solution CON8015 David Wolf Director of Product Management Oracle Development, Enterprise Manager Steve Ries Senior Systems Architect Technology

More information

Oracle Database 11g: Security

Oracle Database 11g: Security Oracle University Contact Us: +27 (0)11 319-4111 Oracle Database 11g: Security Duration: 5 Days What you will learn In Oracle Database 11g: Security course students learn how to use Oracle database features

More information

IBM Software InfoSphere Guardium. Planning a data security and auditing deployment for Hadoop

IBM Software InfoSphere Guardium. Planning a data security and auditing deployment for Hadoop Planning a data security and auditing deployment for Hadoop 2 1 2 3 4 5 6 Introduction Architecture Plan Implement Operationalize Conclusion Key requirements for detecting data breaches and addressing

More information

Oracle Privileged Account Manager 11gR2. Karsten Müller-Corbach karsten.mueller-corbach@oracle.com

Oracle Privileged Account Manager 11gR2. Karsten Müller-Corbach karsten.mueller-corbach@oracle.com R2 Oracle Privileged Account Manager 11gR2 Karsten Müller-Corbach karsten.mueller-corbach@oracle.com The following is intended to outline our general product direction. It is intended for information purposes

More information

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007 Oracle Identity Management for SAP in Heterogeneous IT Environments An Oracle White Paper January 2007 Oracle Identity Management for SAP in Heterogeneous IT Environments Executive Overview... 3 Introduction...

More information

Why Standardize on Oracle Database 11g Next Generation Database Management. Thomas Kyte http://asktom.oracle.com

Why Standardize on Oracle Database 11g Next Generation Database Management. Thomas Kyte http://asktom.oracle.com Why Standardize on Oracle Database 11g Next Generation Database Management Thomas Kyte http://asktom.oracle.com Top Challenges Performance Management Change Management Ongoing Administration Storage Backup

More information

Application Monitoring for SAP

Application Monitoring for SAP Application Monitoring for SAP Detect Fraud in Real-Time by Monitoring Application User Activities Highlights: Protects SAP data environments from fraud, external or internal attack, privilege abuse and

More information

Oracle White Paper October 2010. Oracle Advanced Security with Oracle Database 11g Release 2

Oracle White Paper October 2010. Oracle Advanced Security with Oracle Database 11g Release 2 Oracle White Paper October 2010 Oracle Advanced Security with Oracle Database 11g Release 2 Introduction... 1 Oracle Advanced Security... 2 Transparent Data Encryption... 3 Support for hardware-based encryption

More information

Securely maintaining sensitive financial and

Securely maintaining sensitive financial and How the Guardium Platform Helped Dell IT Simplify Enterprise security By Phil Neray Addison Lawrence David McMaster Venugopal Nonavinakere Safeguarding data is critical for many organizations, but auditing

More information

Management Packs for Database

Management Packs for Database Management Packs for Database Diagnostics Pack for Database Oracle Diagnostics Pack for Database offers a complete, cost-effective, and easy to use solution for managing the performance of Oracle Database

More information

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved.

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. 1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Protect and Serve: How to protect confidential data in and out of your EBS and Fusion Apps databases Jagan R. Athreya Director, Product

More information

Security Solutions. MyDBA s. Security Solutions. For Databases. October 2012. Copyright 2012 MyDBA CC. Version 3

Security Solutions. MyDBA s. Security Solutions. For Databases. October 2012. Copyright 2012 MyDBA CC. Version 3 MyDBA s Security Solutions For Databases October 2012 Version 3 The Protection of Personal Information (POPI) Bill The Bill requires that: Anyone who processes personal information will need to take appropriate

More information

Oracle Database 11g: Security

Oracle Database 11g: Security Oracle University Entre em contato: 0800 891 6502 Oracle Database 11g: Security Duração: 5 Dias Objetivos do Curso In Oracle Database 11g: Security course students learn how they can use Oracle database

More information

70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network

70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network 70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network Course Number: 70 299 Length: 1 Day(s) Course Overview This course is part of the MCSA training.. Prerequisites

More information

Real-Time Database Protection and. Overview. 2010 IBM Corporation

Real-Time Database Protection and. Overview. 2010 IBM Corporation Real-Time Database Protection and Monitoring: IBM InfoSphere Guardium Overview Agenda Business drivers for database security InfoSphere Guardium architecture Common applications The InfoSphere portfolio

More information

APPLICATION MANAGEMENT SUITE FOR SIEBEL APPLICATIONS

APPLICATION MANAGEMENT SUITE FOR SIEBEL APPLICATIONS APPLICATION MANAGEMENT SUITE FOR SIEBEL APPLICATIONS USER EXPERIENCE MANAGEMENT SERVICE LEVEL OBJECTIVE REAL USER MONITORING SYNTHETIC USER MONITORING SERVICE TEST KEY PERFORMANCE INDICATOR PERFORMANCE

More information

Oracle Database Security Services

Oracle Database Security Services Oracle Database Security Services BUSINESS CHALLENGES Public announcements of major IT security breaches have become an almost daily occurrence. The causes of publicized breaches are diverse and include

More information

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency logo The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency Understanding the Multiple Levels of Security Built Into the Panoptix Solution Published: October 2011

More information

Administrator s Guide Release 12.1.2

Administrator s Guide Release 12.1.2 [1]Oracle Audit Vault and Database Firewall Administrator s Guide Release 12.1.2 E27776-22 November 2015 Oracle Audit Vault and Database Firewall Administrator's Guide, Release 12.1.2 E27776-22 Copyright

More information

Oracle Database Cloud Services OGh DBA & Middleware Day

Oracle Database Cloud Services OGh DBA & Middleware Day Oracle Database Cloud Services OGh DBA & Middleware Day Jan van Tiggelen Principal Sales Consultant Oracle Core Technology June 4th, 2015 Safe Harbor Statement The following is intended to outline our

More information

Oracle Database 12c. Peter Schmidt Systemberater Oracle Deutschland BV & CO KG

Oracle Database 12c. Peter Schmidt Systemberater Oracle Deutschland BV & CO KG Oracle Database 12c Peter Schmidt Systemberater Oracle Deutschland BV & CO KG Uptake of Oracle Database 12c compared with 11g 18,00% 16,00% 14,00% 12,00% 10,00% 8,00% 12.1 11.1 6,00% 4,00% 2,00% 0,00%

More information

2013 AWS Worldwide Public Sector Summit Washington, D.C.

2013 AWS Worldwide Public Sector Summit Washington, D.C. Washington, D.C. Next Generation Privileged Identity Management Control and Audit Privileged Access Across Hybrid Cloud Environments Ken Ammon, Chief Strategy Officer Who We Are Security software company

More information

05.0 Application Development

05.0 Application Development Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development

More information

Database Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions

Database Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions Database Auditing & Security Brian Flasck - IBM Louise Joosse - BPSolutions Agenda Introduction Drivers for Better DB Security InfoSphere Guardium Solution Summary Netherlands Case Study The need for additional

More information

MySQL Strategy. Morten Andersen, MySQL Enterprise Sales. Copyright 2014 Oracle and/or its affiliates. All rights reserved.

MySQL Strategy. Morten Andersen, MySQL Enterprise Sales. Copyright 2014 Oracle and/or its affiliates. All rights reserved. MySQL Strategy Morten Andersen, MySQL Enterprise Sales Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not

More information

An Oracle White Paper January 2012. Oracle Database Firewall

An Oracle White Paper January 2012. Oracle Database Firewall An Oracle White Paper January 2012 Oracle Database Firewall Introduction... 2 Oracle Database Firewall Overview... 3 Oracle Database Firewall... 3 White List for Positive Security Enforcement... 4 Black

More information

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security

More information

An Oracle White Paper May 2013. Oracle Audit Vault and Database Firewall 12.1 Sizing Best Practices

An Oracle White Paper May 2013. Oracle Audit Vault and Database Firewall 12.1 Sizing Best Practices An Oracle White Paper May 2013 Oracle Audit Vault and Database Firewall 12.1 Sizing Best Practices Introduction... 1 Component Overview... 2 Sizing Hardware Requirements... 3 Audit Vault Server Sizing...

More information

Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data

Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data Will Fiveash presenter, Darren Moffat author Staff Engineer Solaris Kerberos Development Safe Harbor Statement The following

More information

Stronger database security is needed to accommodate new requirements

Stronger database security is needed to accommodate new requirements Enterprise Database Security A Case Study Abstract This Article is a case study about an Enterprise Database Security project including the strategy that addresses key areas of focus for database security

More information

Websense Support Webinar: Questions and Answers

Websense Support Webinar: Questions and Answers Websense Support Webinar: Questions and Answers Configuring Websense Web Security v7 with Your Directory Service Can updating to Native Mode from Active Directory (AD) Mixed Mode affect transparent user

More information

With Great Power comes Great Responsibility: Managing Privileged Users

With Great Power comes Great Responsibility: Managing Privileged Users With Great Power comes Great Responsibility: Managing Privileged Users Darren Harmer Senior Systems Engineer Agenda What is a Privileged User Privileged User Why is it important? Security Intelligence

More information

Governance, Risk & Compliance for Public Sector

Governance, Risk & Compliance for Public Sector Governance, Risk & Compliance for Public Sector Steve Hagner EMEA GRC Solution Sales From egovernment to Oracle igovernment Increase Efficiency and Transparency Oracle igovernment

More information

Playing in the Same Sandbox: MySQL and Oracle

<Insert Picture Here> Playing in the Same Sandbox: MySQL and Oracle Playing in the Same Sandbox: MySQL and Oracle Lynn Ferrante, Senior Sales Technical Consultant, Oracle Safe Harbor Statement The following is intended to outline our general product

More information

Managing Your Microsoft Windows Server Fleet with AWS Directory Service. May 2015

Managing Your Microsoft Windows Server Fleet with AWS Directory Service. May 2015 Managing Your Microsoft Windows Server Fleet with AWS Directory Service May 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational

More information

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training McAfee Web Gateway Administration Intel Security Education Services Administration Course Training The McAfee Web Gateway Administration course from Education Services provides an in-depth introduction

More information

Quest InTrust. Version 8.0. What's New. Active Directory Exchange Windows

Quest InTrust. Version 8.0. What's New. Active Directory Exchange Windows Quest InTrust Version 8.0 What's New Active Directory Exchange Windows Abstract This document describes the new features and capabilities of Quest InTrust 8.0. Copyright 2004 Quest Software, Inc. and Quest

More information

Oracle Database 11g Security Essentials

Oracle Database 11g Security Essentials Oracle 1z0-528 Oracle Database 11g Security Essentials Version: 4.2 QUESTION NO: 1 Oracle 1z0-528 Exam Which of the following tasks is the first task to perform when implementing Oracle Database Vault?

More information

ORACLE ENTERPRISE MANAGER 10 g CONFIGURATION MANAGEMENT PACK FOR ORACLE DATABASE

ORACLE ENTERPRISE MANAGER 10 g CONFIGURATION MANAGEMENT PACK FOR ORACLE DATABASE ORACLE ENTERPRISE MANAGER 10 g CONFIGURATION MANAGEMENT PACK FOR ORACLE DATABASE CONFIGURATION MANAGEMENT PACK FEATURES Automated discovery of dependency relationships between services, systems and Oracle

More information

All Things Oracle Database Encryption

All Things Oracle Database Encryption All Things Oracle Database Encryption January 21, 2016 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy Corporation Agenda Database Encryption

More information

FISMA / NIST 800-53 REVISION 3 COMPLIANCE

FISMA / NIST 800-53 REVISION 3 COMPLIANCE Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security

More information

1 2011 Oracle Corporation

1 2011 Oracle Corporation 1 2011 Oracle Corporation Hackers and Hacking. Demonstration 2. SQL Injection Hacks Stuart Sharp, Information Security Sales Consultant, Oracle 2 2011 Oracle Corporation Insert Information Protection Policy

More information

www.xceedium.com 2: Do not use vendor-supplied defaults for system passwords and other security parameters

www.xceedium.com 2: Do not use vendor-supplied defaults for system passwords and other security parameters 2: Do not use vendor-supplied defaults for system passwords and other security parameters 2.1: Always change vendor-supplied defaults and remove or disable unnecessary default accounts before installing

More information

ITAR Compliant Data Exchange

ITAR Compliant Data Exchange ITAR Compliant Data Exchange Managing ITAR Data Across Collaborative Project Teams WebSpace Customers Aerospace & Defense Manufacturing High Tech & Contract Manufacturing Automotive Manufacturing Medical/

More information

RSA Authentication Manager 8.1 Setup and Configuration Guide. Revision 2

RSA Authentication Manager 8.1 Setup and Configuration Guide. Revision 2 RSA Authentication Manager 8.1 Setup and Configuration Guide Revision 2 Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm

More information

Security Trends and Client Approaches

Security Trends and Client Approaches Security Trends and Client Approaches May 2010 Bob Bocchino, CISA ERM Security and Compliance Business Advisor IBU Technology Sales Support Industries Business Unit, Technology Sales Support 1 Mark Dixon

More information

ORACLE DATABASE 10G ENTERPRISE EDITION

ORACLE DATABASE 10G ENTERPRISE EDITION ORACLE DATABASE 10G ENTERPRISE EDITION OVERVIEW Oracle Database 10g Enterprise Edition is ideal for enterprises that ENTERPRISE EDITION For enterprises of any size For databases up to 8 Exabytes in size.

More information

JD Edwards Component Global Price List September 17, 2015

JD Edwards Component Global Price List September 17, 2015 JD Edwards Global Price List September 17, 2015 only. Subject to change without notice. 1 of 11 EnterpriseOne Customer Relationship Management Advanced Pricing 2,295 504.90 Application User 5 230 50.60

More information

Best Practices Report

Best Practices Report Overview As an IT leader within your organization, you face new challenges every day from managing user requirements and operational needs to the burden of IT Compliance. Developing a strong IT general

More information

Managing Storage in Private Clouds with Oracle Cloud File System OOW 2011 presentation

<Insert Picture Here> Managing Storage in Private Clouds with Oracle Cloud File System OOW 2011 presentation Managing Storage in Private Clouds with Oracle Cloud File System OOW 2011 presentation What We ll Cover Today Managing data growth Private Cloud definitions Oracle Cloud Storage architecture

More information

Oracle Database 12c Plug In. Switch On. Get SMART.

Oracle Database 12c Plug In. Switch On. Get SMART. Oracle Database 12c Plug In. Switch On. Get SMART. Duncan Harvey Head of Core Technology, Oracle EMEA March 2015 Safe Harbor Statement The following is intended to outline our general product direction.

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

The Weakest Link : Securing large, complex, global Oracle ebusiness Suite solutions

The Weakest Link : Securing large, complex, global Oracle ebusiness Suite solutions The Weakest Link : Securing large, complex, global Oracle ebusiness Suite solutions Radomir Vranesevic Director and IT Architect Oracle Certified Master, CISSP Fusion Professionals 1 Agenda Introduction

More information