Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Transcription

1 1

2 Introducing Oracle Audit Vault and Database Firewall

3 Billions of Database Records Breached Globally 97% of Breaches Were Avoidable with Basic Controls 98% records stolen from databases 84% records breached using stolen credentials 71% fell within minutes 92% discovered by third party 3

4 Data Breaches are the Tip of the Iceberg Digital Security is the New Battleground We are at the mercy of a new generation of spies who operate remotely [that] have already shown their ability to penetrate our power plants, steal our latest submarine technology, rob our banks, and invade the Pentagon s secret communications systems. Joel Brenner, former Inspector General of the National Security Agency and Chief of Counterintelligence for the Director of National Intelligence 4

5 Why are Databases so Vulnerable? 80% of IT Security Programs Don t Address Database Security Forrester Research Network Security Enterprises are taking on risks that they may not even be aware Authentication & User Security SIEM of. Especially as more and more attacks against databases exploit legitimate access. Security Database Security Web Application Firewall Endpoint Security 5

6 Oracle Database Security Solutions Defense-in-Depth for Maximum Security PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring Privilege Analysis Redaction and Masking Database Firewall Sensitive Data Discovery Privileged User Controls Auditing and Reporting Configuration Management 6

7 Oracle Database Security Solutions Detect and Block Threats, Alert, Audit and Report PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring Privilege Analysis Redaction and Masking Database Firewall Sensitive Data Discovery Privileged User Controls Auditing and Reporting Configuration Management 7

8 New Solution for Oracle and Non-Oracle Databases Users Applications Database Firewall Allow Log Alert Substitute Block Firewall Events Auditor Security Manager Reports Alerts Policies! Audit Vault Audit Data OS, Directory, File System & Custom Audit Logs 8

9 SQL Injection Protection with Positive Security Model SELECT * from stock where catalog-no='phe8131' White List Allow Applications SELECT * from stock where catalog-no= ' union select cardno,0,0 from Orders -- Block Databases Allowed behavior can be defined for any user or application Automated white list generation for any application Out-of-policy database transaction detected and blocked/alerted 9

10 Enforcing Database Activity with Negative Security Model DBA activity from Application? DBA activity from Approved Workstation SELECT * FROM v $session SELECT * FROM v $session Black List Block Allow + Log Stop specific unwanted SQL interactions, user or schema access Blacklisting can be done on factors such as time of day, day of week, network, application, user name, OS user name etc Provide flexibility to authorized users while still monitoring activity 10

11 Comprehensive Enterprise Audit and Log Consolidation Databases: Oracle, SQL Server, DB2 LUW, Sybase ASE New Audit Sources Operating Systems: Microsoft Windows, Solaris Directory Services: Active Directory File Systems: Oracle ACFS Audit Collection Plugins for Custom Audit Sources XML file maps custom audit elements to canonical audit elements Collect and map data from XML audit file and database tables 11

12 Audit and Event Repository Based on proven Oracle Database technology Includes compression, partitioning, scalability, high availability, etc. Open schema for flexible reporting Information lifecycle management for target specific data retention Centralized web console for easy administration Command line utility for automation and scripting 12

13 Audit and Event Data Security Software appliance based on hardened OS and preconfigured database Fine-grained administrative groups Sources can be grouped for access authorization Individual auditor reports limited to data from the grouped sources Separation of duties Powerful multi-event alerting with thresholds and group-by 13

14 Single Administrator Console 14

15 Default Reports 15

16 Out-of-the Box Compliance Reporting 16

17 Report with Data from Multiple Source Types 17

18 Auditing Stored Procedure Calls Not Visible on the Network 18

19 Extensive Audit Details 19

20 Blocking SQL Injection Attacks 20

21 Powerful Alerting Filter Conditions No se puede mostrar la imagen. Puede que su equipo no tenga suficiente memoria para abrir la imagen o que ésta esté dañada. Reinicie el equipo y, a continuación, abra el archivo de nuevo. Si sigue apareciendo la x roja, puede que tenga que borrar la imagen e insertarla de nuevo. 21

22 Flexible Deployment Architectures In-Line Blocking and Monitoring Remote Monitoring Applications and Users Inbound SQL Traffic Out-of-Band Monitoring HA Mode Audit Agents Audit Vault Standby Audit Vault Primary Audit Data Software Appliances 22

23 Performance and Scalability Audit Vault Supports monitoring and auditing multiple hundreds of heterogeneous database and non-database targets Supports wide range of hardware to meet load requirements Database Firewall Decision time is independent of the number of rules in the policy Multi-device / multi-process / multi-core scalability 8 core can handle between 30K 60K transactions/second 23

24 T-Mobile Protecting Customer Data in Oracle and non-oracle Databases Provider of wireless voice, messaging, and data services throughout the U.S. Fourth largest wireless company in the U.S. with more than 35 million subscribers Industry: Telecom Challenge Protect sensitive data PCI, CPNI, SPII in both Oracle and non- Oracle Databases Monitor database threats, including SQL injection attacks and data harvesting, without having to change application code Full visibility into database activity Understand what types of changes are being made to sensitive data Solution Addresses data security with Database Firewall, TDE, Data Masking as comprehensive database security defense-in-depth strategy Database activity monitoring prevents insider and external threats Deployed and setup within a few hours; already protected against a few compromised accounts that were harvesting data 24

25 SquareTwo Financial Addresses Regulatory Compliance, Enables Separation of Duties Leader in $100 billion asset recovery and management industry Partner Network used by Fortune 500 companies in banking, credit card, and health care Industry: Financial Services Challenge Comply with a number of regulations: GLBA, HIPAA, SOX, and PCI Prove separation of duties for Sarbanes-Oxley compliance Quickly scale IT Security to address fast 37% company growth Minimal disruption to 5.9 million accounts while maintaining growth Secure Exadata Database Machine with no application changes Solution Addresses compliance with Database Firewall, TDE, Data Masking as comprehensive database security defense-in-depth strategy Database activity monitoring to protect against insider and external threats, including SQL injection attacks Securing Exadata and SQL Server database activity 25

26 TransUnion Interactive Addresses Regulatory Compliance, Secures Sensitive Data Consumer subsidiary of TransUnion, a global leader in credit information Maintains credit histories on over 500 million consumers globally Industry: Financial Services Challenge Maintain PCI DSS, SOX, and GLBA compliance Increase database traffic visibility; detect and monitor activity Increase database security and monitor for application SQL injection attacks Detect and prevent application by-pass and data harvesting Solution Deployed Database Firewall in one month; monitor database traffic Achieved 10k transactions/sec while maintaining performance Using reports to monitor traffic and manage workloads and capacity Use Oracle Advanced Security to encrypt tablespaces 26

27 For More Information Oracle Audit Vault and Database Firewall 27

28 Q&A 28

29 29