Oracle Information Security Visioni
|
|
- Charles Wiggins
- 8 years ago
- Views:
Transcription
1 Oracle Information Security Visioni Pillar Partner Webcast Presenter: Ola Sergatchov, Senior Director Information Security Strategy t Oracle North America Technology Organization
2 Why are you here? My boss told me to Want to learn more about Oracle Security Offering and Go to Market with security services. Believe in Oracle security vision and understand how to generate business around DB Security 2
3 Agenda Business Case for Database Security Oracle DB Security Portfolio Overview First Line of Defense Oracle Database Firewall Oracle DBFW Case Studies Service Engagements with Oracle DB Security Who We Should Talk To Target Customers Additional Opportunities with Oracle DBFW 3
4 Business Case for Database Security 4
5 Selling Security is a Tough Business! Stay Compliant Maintain Profit Margins Retain Customers: Customer Care Quality of Service Expand Services: Organic Growth M&A Maintain Competitive Edge Who Accessed What and When Database Security Monitor and Block Data Access 5
6 Business Case for Database Security (1) Business Value of Security Controls? Compliance Cyber Security Un-quantified UnRisk Exposure p to Cyber Threats 6
7 Business Case for Database Security (2)
8 Business Case for Database Security (3) What has not changed <from year 2009> is that servers and apps account for 98.5% of total records compromised. Verizon 2010 Data Breach Investigations Report 8
9 Check! Have malware specifically packed and tested to thwart antivirus products? Check! Have an entry vector that will sail past the firewall and won t be detected or blocked by IDS/IPS? Check! How about the ability to tunnel through firewalls to smuggle data using proxy-aware, HTTP-compliant communication protocols? Check! Have encryption for that smuggled data to render data loss prevention (DLP) useless? Absolutely! Got keyboard loggers to home in on the IT staff, steal their credentials, and eventually masquerade as them?. Security needs to move closer to the assets being targeted
10 Oracle DB Security Portfolio Overview 10
11 11
12 Database Defense In Depth - Features Data Prevent access by non-database users for data at rest, in motion, and storage Increase database user identity assurance Strict access control to application data even from privileged il users Enforce multi-factor authorization Audit database activity, and create reports Monitor database traffic and prevent threats from reaching the database Ensure database production environment is secure and prevent drift Mask sensitive data in non-production environments
13 Database Security Big Picture Audit consolidation Applications Procurement Auditing Authorization HR Authentication Rebates ti ti Unauthorized DBA Activity Multi-factor Authorization DB Consolidation Security Network SQL Monitoring and Blocking Encrypted Encrypted Encrypted Data Database Backups Traffic Masking
14 Oracle Database Defense In Depth Portfolio Oracle Advanced Security Oracle Identity Management Oracle Database Vault Oracle Label Security Data Oracle Audit Vault Oracle Total Recall Oracle Database Firewall Oracle Configuration Management Oracle Data Masking
15 First Line of Defense Oracle Database Firewall 15
16 Balancing Security and Performance Trusted External APPLICATIONS NETWORK DATABASES Administrators Internal Privileged Trillions of packets travel through the network every day Billions of SQL requests travel to the database every day 16
17 Balancing Security and Performance Trusted External APPLICATIONS NETWORK DATABASES Administrators Internal Privileged A look at how the system balances safety and speed. 17
18 Existing Security Solutions Not Enough! Trusted External APPLICATIONS NETWORK DATABASES Administrators Internal Antivirus/Anti-Spyware Privileged Web/App Firewall Application Security IDS/IPS/Vulnerability Mgmt Network Security User Management Access Management 18
19 Oracle Database Firewall First Line of Defense Trusted External APPLICATIONS NETWORK DATABASES Administrators Internal Privileged A look at how Oracle Database Firewall balances safety and speed. 19
20 Oracle Database Firewall First Line of Defense Allow Monitor SQL Traffic Log Alert DATABASES Monitor Monitor Block Substitute Monitor Alerts Built-in Reports Custom Reports Policies Monitor database activity, classify and aggregate all incoming SQL. Unique SQLl language recognition and parsing engine to ensure accuracy Flexible SQL level enforcement options based on white lists and black lists Scalable architecture provides enterprise performance in all deployment modes Built-in and custom compliance reports for SOX, PCI, and other regulations 20
21 How Oracle Database Firewall does it? Understand Real-Time DB Activity Monitor, o to, Alert, R Report t Apply pp y Security Policy
22 Oracle Database Firewall Scalable and Safe Policy Enforcement SQL Traffic Allow SELECT * FROM accounts Log Becomes Alert SELECT * FROM dual where 1=0 Substitute DATABASES Block Innovative SQL grammar technology reduces millions of SQL statements into a small number of SQL characteristics or clusters Flexible enforcement at SQL level: block, substitute, alert and pass, log only SQL substitution foils attackers without disrupting applications Centralized policy management and reporting Superior performance and policy scalability Oracle Confidential
23 Oracle Database Firewall Positive Security Model White List APPLICATIONS Allow Block DATABASES Allowed behavior can be defined for any user or application Whitelist can take into account built-in factors such as time of day, day of week Automatically generate whitelists for any application Transactions found not to match the policy instantly rejected 23
24 Oracle Database Firewall Negative Security Model Black List APPLICATIONS Allow Block DATABASES Stop specific unwanted SQL transactions, user or schema access Prevent privilege or role escalation and unauthorized access to sensitive data Blacklist can take into account built-in factors such as time of day, day of Selectively block any part of transaction in context to business and security goals 24
25 Oracle Database Firewall Architecture Alerts Reports High Availability Mode NETWORK Applications Local Monitor Database Firewall Management Server Policy Analyzer Policy enforcement separated from policy management and reporting Supports Oracle and non-oracle Databases, and application agnostic Intel-based OEL compatible install for vertical and horizontal scalability
26 Oracle Database Firewall Fast and Flexible Deployments Out-of-Band Log Allow Alert Application Servers NETWORK Log Allow Alert Substitute Block In-Line Database Servers Local Monitor In-Line (Monitor or Block): All database traffic goes through the Database Firewall Out-of-Band (Monitor Only): Database Firewall connected to a SPAN port or TAP Optional Host Based Remote or Local Monitors (Monitor Only) Sends database transactions to Oracle Database Firewall Monitors local / non-network network access to the database
27 Oracle Database Firewall Reporting Oracle Database Firewall Oracle Database Firewall Oracle Database Firewall Database Firewall log data consolidated into reporting database Over 130 built in reports that can be modified and customized Entitlements reporting for database attestation and audit Database activity and privileged user reports Supports demonstrating PCI, SOX, HIPAA/HITECH, etc. controls
28 Enterprise Security Challenges Ensure Provide Minimize Support Compliance Multi-level Infrastructure Distributed and Audit Security Impact Workforce Revealing the Unknown????? 28
29 What s Unique about the Solution? Ensure Compliance and Audit Provide Multi-level Security Minimize Infrastructure Impact Support Distributed Workforce Revealing the Unknown Single Source of Audit Information First Line of Defense for Database Fast to Deploy, Easy to Maintain Monitor Network and dlocal Access Database Usage Profiling Compliance Ready Solution Minimize False Positives Non-Intrusive Network Based Approach Flexible to Deploy and Scale Full Monitoring of DB Activity 29
30 Business Goals - Tomorrow Stay Compliant Maintain Profit Margins Retain Customers: Customer Care Quality of Service Expand Services: Organic Growth M&A Maintain Competitive Edge Visibility into Data Usage Data Abuse Prevention 30
31 Oracle DBFW Case Studies 31
32 Case Study 1: Major Investment Bank Privileged user database activity audit Customer Requirements Database activity audit for 600 databases (MS-SQL and Sybase) in three geographically separated data centers (US, NJ and Ireland). 24*7*365 high availability in each data center and also between major and disaster recovery sites. Automated distribution of uniquely formatted reports (PDF and Excel) to internal auditors via . Ad-hoc reporting for real-time incident analysis and forensics. Ability to process and analyze 1.7 billion unique SQL transactions per day. Ability to identify escalated user privileges and to trace stored procedures execution. Oracle Database Firewall Solution Oracle Database Firewall non-intrusively monitors all network database activity and also local DB traffic. High Availability deployment in three separated data centers. Single copy of all log data without duplications. Fully automated daily distribution of custom reports on selected types of activities and users. Privileged User and Stored Procedures Audit performed daily. Business Benefits Oracle Database Firewall fully replaced in-house developed database activity reporting that utilized native database audit functionality and Linux-based log parsing. Oracle Database Firewall allowed more than 600 databases to be fully monitored eliminating maintenance load on IT team to support the system. Improved database performance with 10% to15% reduction in CPU load on each DB host. The infrastructure team was able to focus on production and application issues (not related to Database Firewall), while internal audit team was able to take over the auditory reporting management. 32
33 Case Study 1: Major Investment Bank Privileged user database activity audit In a competitive cook-off between Guardium, Imperva, and Tizor, Oracle Database Firewall was selected as best of breed for accuracy, customizable reporting and high performance. 33
34 Case Study 2: Major Retail Bank Full database activity monitoring, reporting and blocking Customer Requirements Database activity monitoring in 5 data centers across the world *7*365 high availability in each data center and support for distributed environments. Automated distribution of DB activity monitoring reports (selected activities/users) to internal auditors via . Ad-hoc reporting for real-time incident analysis and forensics. Ability to block unauthorized SQL from reaching the database. In-line and out-of-band deployments combined in each data center. Oracle Database Firewall Solution Oracle Database Firewalls deployed in each data center with Management Servers (one per data center) High Availability deployment for in-line deployments. Fully automated daily distribution of custom reports on selected types of activities and users. Monitoring heterogeneous environment MS-SQL, Sybase, Oracle, DB2 (distributed and MainFrame) Business Benefits Oracle Database Firewall allowed the customer to demonstrate compliance with internal and external audit requirements and also to maintain it s high rating, due to blocking capabilities. Oracle Database Firewall customized reports are distributed daily via . Security review became an easy and low maintenance task. Database traffic is fully profiled and aggregated for BI Analytics and DB Performance tuning purposes. 34
35 Case Study 2: Major Retail Bank Full database activity monitoring, reporting and blocking
36 Case Study 2: Major Retail Bank Full database activity monitoring, reporting and blocking
37 Key Unique Features of Oracle DBFW 1 Intelligent analysis of SQL traffic using semantics and intent recognition. Patented Technology. Ability to aggregate SQL traffic into meaningful groups. Million statements result in groups. Policy set based on real-time traffic Network based deployment. Fixed processing time and low overhead in in-line mode. No overhead in out of band mode. Performance is independent of policy size Clever approach to blocking, DBFW can substitute statement on the fly instead of sending TCP Reset. Open Reporting Database. ODBC support, published schema, easy customization. ti No black box approach to reporting. Open Scalable Hardware Platform. Can install on any hardware, scales vertically 6 and dhorizontally. 7 Stored Procedure Audit, User Role Audit. Ability to see actual code executed in the stored procedure. 37
38 What does it mean to the business 1 Accuracy in reporting for compliance purposes and accuracy in security policy setting. Minimize false positives and false negatives. Full profiling of the DB traffic that can be utilized for BI purposes, performance 2 tuning, DB debug in production environments, understanding of data usage No impact on the infrastructure or DB performance. Does not introduce any additional maintenance headaches to the IT. User Friendly Security, disabling malicious SQL while enabling all legitimate users to continue their activities. Vendor independent d reporting, can be integrated t into any BI dashboard. d Drives business value. The customer fully controls the reports and including ad-hoc reports. Allows customer to use their own hardware, to reduce vendor dependency and 6 allow full ownership for the customer. 7 Provides full visibility into DB traffic and users. Most applications use thousands of Stored Procedures and there are thousands of users defined in the database. 38
39 Common Objections and Questions What is the difference between DB Monitoring with DBFW and Competitors? It is a Firewall, we already have one! Network Appliances cause huge overhead, how you handle that? Can you support local traffic monitoring? Are you appliance/software and how doe you scale/deploy? How do you handle large log files, do you aggregate? How do you search in the log files? 39
40 Common Objections and Questions How do you handle encryption? Why white list is better? Why don t you use built in policies for known threats? Full monitoring vs. Privileged user monitoing Cases where white list won t work? How do you integrate with SIEM? Do you support/certified with Oracle Apps, PeopleSoft, Siebel? How Audit Vault and DBFW integrate? t What are the key unique features of DBFW? 40
41 Services with Oracle DB Security 41
42 Business Case for Database Security Business Value of Security Controls? Compliance Cyber Security Un-quantified UnRisk Exposure p to Cyber Threats 42
43 Driving Business Value Business Value of Security Controls? Migrating from manual home-grown tools to automated and centralized monitoring and audit. BI analytics dashboard DB traffic analysis and profiling for business decision making. DB migration and consolidation projects. DB performance monitoring and production systems debug. 43
44 Compliance vs. Cyber Security PCI compliance projects enhancing/improving PCI compliance with security controls. Internal Audit focus how to better audit and improve monitoring and access control. Identity Management projects attachment. t Easy compliance with Oracle ASO data at rest encryption. Out of jail free. Network security initiatives with F5. Compliance Cyber Security 44
45 Risk Exposure to Cyber Threats Security Evaluation and Risk Management Initiatives. Security Breaches Response Strategy. Strategic Advising on Data Privacy Strategy. Cyber Risk Exposure and GRC Initiatives. Un-quantified Risk Exposure to Cyber Threats 45
46 Who We Should Talk To - Target Customers 46
47 5 Questions to Ask the Customer Can you guarantee privacy of your customer data? Have many security breaches did you mitigate last year? How do you know? Do your DBAs know the financial results before the CEO? Are you in compliance with all regulations? What are your plans to automate compliance?
48 Who to contact in the HC organization Role Pains Objections Audit/Compliance Officers COO, CIO, CEO Audit Fatigue, Lack of Visibility, Manual Processing, New Regulations Keep up with competition/new technologies, not to make news headlines, keep low TCO high ROI No budget, Lack of Influence, Hard to measure ROI/TCO Already have security apps, security budget spent, high maintenance costs, no resources. Chief Security Make data available but Not user-friendly, Already Officers/Information Security secure without impacting normal business operations have, Lack of cooperation from other departments Database Avoid finger pointing in case Need unlimited access, Administration/Managers of breach/data abuse, enable don t like to be monitored, Development/Project production/development we are the trusted ones, Managers operations, provide best application security is level of support/functionality built-in, in no need for more
49 End-to-End Application Data Security
50 Security Landscape at a Glance Trusted External APPLICATIONS NETWORK DATABASES Administrators Internal Privileged Trillions of packets travel through the network every day Billions of SQL requests travel to the database every day 50
51 Web Application Security Landscape Trusted External APPLICATIONS NETWORK DATABASES Administrators Internal Privileged Applications and Networks are fully secured with F5 How can we further secure the Databases? 51
52 End-to-End Security with F5 and Oracle Trusted External APPLICATIONS NETWORK DATABASES Administrators Internal Privileged Two Best of Breed Technologies to Deliver Integrated Application Data Security Solution 52
53 What s Unique about F5 ASM? Ensure Compliance and Audit Provide Multi-level Security Minimize Infrastructure Impact Support Distributed Workforce Revealing the Unknown Protect Sensitive Data Web Application Security User - Friendly Security Network and Application Assess Application Usage Profiling Compliance Ready Solution Network Based Approach Flexible to Deploy and Scale 53
54 What s Unique about Oracle DB Firewall? Ensure Compliance and Audit Provide Multi-level Security Minimize Infrastructure Impact Support Distributed Workforce Revealing the Unknown Comply with Data Access Regulations Network Based Approach Network and Local Access Compliance Ready Solution Database Security Fast to Deploy, Easy to Maintain Flexible to Deploy and Scale Database Usage Profiling 54
55 What s Unique about the Solution? Ensure Compliance and Audit Provide Multi-level Security Minimize Infrastructure Impact Support Distributed Workforce Revealing the Unknown Single Source of Audit Information Web Application and ddb Security User - Friendly Security Network, Application and dlocal Access Application and Database Usage Compliance Ready Solution Minimize False Positives Network Based Approach Flexible to Deploy and Scale Full Visibility Across the Enterprise 55
56 How Does it Work? ASM Event User Identity External APPLICATIONS NETWORK DATABASES Administrators Internal SIEM Correlated Syslog Event Integrated Log DBFW Management Server Web Application traffic is secured with ASM, Database traffic is secured with Database Firewall 56
57 How Does it Work? User logged in into a Web Application F5 identifies possible SQL injection event Security event containing User and Web app info is sent from ASM to DBFW Correlated event data is sent to SIEM Log DBFW correlates the ASM event with database traffic log. DBFW takes an appropriate action (Block, Alert, Pass) Enriched log data is available for reporting and forensic analysis. Integrated report is distributed via Integrated log entry is generated and stored in DBFW Web Application traffic is secured with ASM, Database traffic is secured with Database Firewall 57
58 Oracle Database Firewall Dashboard
59 Oracle Database Firewall Traffic Log
60 It s Question Time!
Oracle Database Security
Oracle Database Security Paul Needham, Senior Director, Product Management, Database Security Target of Data Breaches 2010 Data Breach Investigations Report Type Category % Breaches
More informationComplete Database Security. Thomas Kyte http://asktom.oracle.com/
Complete Database Security Thomas Kyte http://asktom.oracle.com/ Agenda Enterprise Data Security Challenges Database Security Strategy Oracle Database Security Solutions Defense-in-Depth Q&A 2 Copyright
More information1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information
1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information Proteggere i dati direttamente nel database Una proposta tecnologica Angelo Maria Bosis Sales Consulting Senior Manager
More informationProtecting Sensitive Data Reducing Risk with Oracle Database Security
Protecting Sensitive Data Reducing Risk with Oracle Database Security Antonio.Mata.Gomez@oracle.com Information Security Architect Agenda 1 2 Anatomy of an Attack Three Steps to Securing an Oracle Database
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Solutions for securing and auditing Oracle database Edgars Ruņģis Technology Consultant Why Are Databases Vulnerable? 80% of IT Security Programs Don t Address Database Security Forrester Research Enterprises
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Security Inside-Out with Oracle Database 12c Denise Mallin, CISSP Oracle Enterprise Architect - Security The following is intended to outline our general product direction. It is intended for information
More informationSecurity It s an ecosystem thing
Security It s an ecosystem thing Joseph Alhadeff Vice President Global Public Policy, Chief Privacy Strategist The Security challenge in the before time. Today s Threat Environment
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Security Inside Out Latest Innovations in Oracle Database 12c Jukka Männistö Database Architect Oracle Nordic Coretech Presales The 1995-2014 Security Landscape Regulatory Landscape HIPAA, SOX (2002),
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationOracle Audit Vault and Database Firewall. Morana Kobal Butković Principal Sales Consultant Oracle Hrvatska
Oracle Audit Vault and Database Firewall Morana Kobal Butković Principal Sales Consultant Oracle Hrvatska The following is intended to outline our general product direction. It is intended for information
More informationSecuring Data in Oracle Database 12c
Securing Data in Oracle Database 12c Thomas Kyte http://asktom.oracle.com/ Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.
1 Introducing Oracle Audit Vault and Database Firewall Billions of Database Records Breached Globally 97% of Breaches Were Avoidable with Basic Controls 98% records stolen from databases 84% records breached
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.
1 Seguridad en profundidad Jaime Briggs MSc CS, CISSP, CCSK Sales Manager Strategic accounts Agenda Los Controles ISO 27001 Defensa en Profundidad Productos que dan respuesta Roadmap a seguridad Q&A 3
More informationHayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks
EXTENDING ACCESS WHILE ENHANCING CONTROL FOR YOUR ORGANIZATION S DATA LEVERAGE THE POWER OF F5 AND ORACLE TO DELIVER SECURE ACCESS TO APPLICATIONS AND DATABASES Hayri Tarhan, Sr. Manager, Public Sector
More informationOracle Database Security. Paul Needham Senior Director, Product Management Database Security
Oracle Database Security Paul Needham Senior Director, Product Management Database Security Safe Harbor Statement The following is intended to outline our general product direction. It is intended for
More informationSecuring ephi with Effective Database Activity Monitoring. HIMSS Webcast 4/26/2011. p. 1
Securing ephi with Effective Database Activity Monitoring HIMSS Webcast 4/26/2011 p. 1 Agenda Agenda Database Security Primer Industry Trends What Works Integrated DB Security Product Demonstration Questions
More informationReal-Time Database Protection and. Overview. 2010 IBM Corporation
Real-Time Database Protection and Monitoring: IBM InfoSphere Guardium Overview Agenda Business drivers for database security InfoSphere Guardium architecture Common applications The InfoSphere portfolio
More informationAn Oracle White Paper January 2012. Oracle Database Firewall
An Oracle White Paper January 2012 Oracle Database Firewall Introduction... 2 Oracle Database Firewall Overview... 3 Oracle Database Firewall... 3 White List for Positive Security Enforcement... 4 Black
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any
More informationStronger database security is needed to accommodate new requirements
Enterprise Database Security A Case Study Abstract This Article is a case study about an Enterprise Database Security project including the strategy that addresses key areas of focus for database security
More informationWhite Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere
Protecting Databases from Unauthorized Activities Using Imperva SecureSphere White Paper As the primary repository for the enterprise s most valuable information, the database is perhaps the most sensitive
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationData Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan
WHITE PAPER Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan Introduction to Data Privacy Today, organizations face a heightened threat landscape with data
More informationAn Oracle White Paper January 2011. Oracle Database Firewall
An Oracle White Paper January 2011 Oracle Database Firewall Introduction... 1 Oracle Database Firewall Overview... 2 Oracle Database Firewall... 2 White List for Positive Security Enforcement... 3 Black
More informationOracle Audit Vault and Database Firewall
Oracle Audit Vault and Database Firewall Angelo Maria Bosis Sales Consulting Director Oracle Italia Billions of Database Records Breached Globally 97% of Breaches Were Avoidable with
More information1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information
1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information The following is intended to outline our general product direction. It is intended for information purposes only,
More informationApplication and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium
Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium Organizations need an end-to-end web application and database security solution to protect data, customers, and their businesses.
More informationDatabase Security & Compliance with Audit Vault and Database Firewall. Pierre Leon Database Security
Database Security & Compliance with Audit Vault and Database Firewall Pierre Leon Database Security 1 Topics Encryption Authentication Authorising highly privileged users Access control by data classification
More informationAn Oracle White Paper April 2014. Oracle Audit Vault and Database Firewall
An Oracle White Paper April 2014 Oracle Audit Vault and Database Firewall Introduction... 2 Oracle Audit Vault and Database Firewall Overview... 3 Auditing and Monitoring Overview... 3 Audit Vault... 4
More informationPrivileged User Monitoring for SOX Compliance
White Paper Privileged User Monitoring for SOX Compliance Failed login, 6:45 a.m. Privilege escalation, 12:28 p.m. Financial data breach, 11:32 p.m. Financial data access, 5:48 p.m. 1 Privileged User Monitoring
More information<Insert Picture Here> Oracle Database Firewall: prvá línia obrany
1 Oracle Database Firewall: prvá línia obrany Iveta Šťavinová Technology Pre Sales Agenda What is Database Firewall Oracle Database Firewall Components and Deployment Modes Reporting
More informationEnterprise Database Security & Monitoring: Guardium Overview
Enterprise Database Security & Monitoring: Guardium Overview Phone: 781.487.9400 Email: info@guardium.com Guardium: Market-Proven Leadership Vision Enterprise platform for securing critical data across
More informationSecurity management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.
Security management solutions White paper IBM Tivoli and Consul: Facilitating security audit and March 2007 2 Contents 2 Overview 3 Identify today s challenges in security audit and compliance 3 Discover
More informationMaking Database Security an IT Security Priority
Sponsored by Oracle Making Database Security an IT Security Priority A SANS Whitepaper November 2009 Written by Tanya Baccam Security Strategy Overview Why a Database Security Strategy? Making Databases
More informationThe New PCI Requirement: Application Firewall vs. Code Review
The New PCI Requirement: Application Firewall vs. Code Review The Imperva SecureSphere Web Application Firewall meets the new PCI requirement for an application layer firewall. With the highest security
More informationFormulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements
A Forrester Consulting Thought Leadership Paper Commissioned By Oracle Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationHow To Protect Data From Attack On A Computer System
Information Management White Paper Understanding holistic database security 8 steps to successfully securing enterprise data sources 2 Understanding holistic database security News headlines about the
More information<Insert Picture Here> Oracle Database Security Overview
Oracle Database Security Overview Tammy Bednar Sr. Principal Product Manager tammy.bednar@oracle.com Data Security Challenges What to secure? Sensitive Data: Confidential, PII, regulatory
More informationSecuring and protecting the organization s most sensitive data
Securing and protecting the organization s most sensitive data A comprehensive solution using IBM InfoSphere Guardium Data Activity Monitoring and InfoSphere Guardium Data Encryption to provide layered
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More information8 Steps to Holistic Database Security
Information Management White Paper 8 Steps to Holistic Database Security By Ron Ben Natan, Ph.D., IBM Distinguished Engineer, CTO for Integrated Data Management 2 8 Steps to Holistic Database Security
More information<Insert Picture Here> Oracle Database Vault
Oracle Database Vault Kamal Tbeileh Senior Principal Product Manager, Database Security The following is intended to outline our general product direction. It is intended for information
More informationClavister InSight TM. Protecting Values
Clavister InSight TM Clavister SSP Security Services Platform firewall VPN termination intrusion prevention anti-virus anti-spam content filtering traffic shaping authentication Protecting Values & Enterprise-wide
More informationComprehensive Compliance Auditing and Controls for BI/DW Environments
TELERAN BI/DW COMPLIANCE AUDITING a white paper Comprehensive Compliance Auditing and Controls for BI/DW Environments Combining Application and Data Usage Auditing with Granular Compliance Policy Access
More informationAn Oracle White Paper June 2009. Oracle Database 11g: Cost-Effective Solutions for Security and Compliance
An Oracle White Paper June 2009 Oracle Database 11g: Cost-Effective Solutions for Security and Compliance Protecting Sensitive Information Information ranging from trade secrets to financial data to privacy
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationInformation Technology Policy
Information Technology Policy Security Information and Event Management Policy ITP Number Effective Date ITP-SEC021 October 10, 2006 Category Supersedes Recommended Policy Contact Scheduled Review RA-ITCentral@pa.gov
More informationHow To Create Situational Awareness
SIEM: The Integralis Difference January, 2013 Avoid the SIEM Pitfalls Get it right the first time Common SIEM challenges Maintaining staffing levels 24/7 Blended skills set, continuous building of rules
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.
1 Cumplimiento de PMG SSI para sector Gobierno en Chile Jaime Briggs MSc CS, CISSP, CCSK Sales Manager Strategic accounts jaime.briggs@oracle.com Agenda Pilares Fundamentales de SSI Desafios de Seguridad
More informationIBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems
IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems Proactively address regulatory compliance requirements and protect sensitive data in real time Highlights Monitor and audit data activity
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationALERT LOGIC FOR HIPAA COMPLIANCE
SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare
More informationDatabase Auditing: Best Practices. Rob Barnes, CISA Director of Security, Risk and Compliance Operations rbarnes@appsecinc.com
Database Auditing: Best Practices Rob Barnes, CISA Director of Security, Risk and Compliance Operations rbarnes@appsecinc.com Verizon 2009 Data Breach Investigations Report: 285 million records were compromised
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationObtaining Value from Your Database Activity Monitoring (DAM) Solution
Obtaining Value from Your Database Activity Monitoring (DAM) Solution September 23, 2015 Mike Miller Chief Security Officer Integrigy Corporation Stephen Kost Chief Technology Officer Integrigy Corporation
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationData Security: Strategy and Tactics for Success
Data Security: Strategy and Tactics for Success DatabaseVisions,Inc. Fairfax, Va Oracle Gold Partner Solution Provider Oracle Security Specialized www.databasevisions.com Overview Cloud Computing presents
More informationActive Visibility for Multi-Tiered Security. Juergen Kirchmann Director Enterprise Sales EMEA
Active Visibility for Multi-Tiered Security Juergen Kirchmann Director Enterprise Sales EMEA Billions are Spent on Security Annually $18.4B SPENT BY ENTERPRISES WORLD-WIDE ON SECURITY IN 2014 ENTERPRISE
More informationHow To Secure A Database From A Leaky, Unsecured, And Unpatched Server
InfoSphere Guardium Ingmārs Briedis (ingmars.briedis@also.com) IBM SW solutions Agenda Any questions unresolved? The Guardium Architecture Integration with Existing Infrastructure Summary Any questions
More informationDatabase Security & Auditing
Database Security & Auditing Jeff Paddock Manager, Enterprise Solutions September 17, 2009 1 Verizon 2009 Data Breach Investigations Report: 285 million records were compromised in 2008 2 Agenda The Threat
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More information1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information
1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information The following is intended to outline our general product direction. It is intended for information purposes only,
More informationMcAfee Network Security Platform
McAfee Network Security Platform Next Generation Network Security Youssef AGHARMINE, Network Security, McAfee Network is THE Security Battleground Who is behind the data breaches? 81% some form of hacking
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationAdvanced Threats: The New World Order
Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC
More informationNitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers
NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers The World's Fastest and Most Scalable SIEM Finally an enterprise-class security information and event management system
More informationAPPLICATION COMPLIANCE AUDIT & ENFORCEMENT
TELERAN SOLUTION BRIEF Building Better Intelligence APPLICATION COMPLIANCE AUDIT & ENFORCEMENT For Exadata and Oracle 11g Data Warehouse Environments BUILDING BETTER INTELLIGENCE WITH BI/DW COMPLIANCE
More informationPrivileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery
Overview Password Manager Pro offers a complete solution to control, manage, monitor and audit the entire life-cycle of privileged access. In a single package it offers three solutions - privileged account
More informationNext Generation Solutions for Indian Railways. Sundar Ram VP, Technology Sales Consulting
Next Generation Solutions for Indian Railways Sundar Ram VP, Technology Sales Consulting Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationWAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales
WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales The Cost of Cybercrime Sony $171m PlayStation 3 data breach (April 2011) $3 trillion
More informationSecurely maintaining sensitive financial and
How the Guardium Platform Helped Dell IT Simplify Enterprise security By Phil Neray Addison Lawrence David McMaster Venugopal Nonavinakere Safeguarding data is critical for many organizations, but auditing
More informationMcAfee Database Security. Dan Sarel, VP Database Security Products
McAfee Database Security Dan Sarel, VP Database Security Products Agenda Databases why are they so frail and why most customers Do very little about it? Databases more about the security problem Introducing
More informationThe Comprehensive Guide to PCI Security Standards Compliance
The Comprehensive Guide to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment
More informationHow To Secure Your Store Data With Fortinet
Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements Introduction In the wake of many well-documented data breaches, standards such as the
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationNitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring
NitroView Unified Security and Compliance Unmatched Speed and Scale Application Data Monitoring Database Monitoring Log Management Content Aware SIEM TM IPS Today s security challenges demand a new approach
More informationDatabase Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions
Database Auditing & Security Brian Flasck - IBM Louise Joosse - BPSolutions Agenda Introduction Drivers for Better DB Security InfoSphere Guardium Solution Summary Netherlands Case Study The need for additional
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationEnterprise Security Solutions
Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationAbout SecuPi. Your business runs on applications We secure them. Tel Aviv, 2014. Founded
About Founded Tel Aviv, 2014 Category Enterprise Application Security & Information Theft Prevention Offices NY, London, Tel Aviv, Sao Paolo, Chile Solutions > Application User Behavior Analysis > Information
More informationDeveloping Value from Oracle s Audit Vault For Auditors and IT Security Professionals
Developing Value from Oracle s Audit Vault For Auditors and IT Security Professionals November 13, 2014 Michael Miller Chief Security Officer Integrigy Corporation Stephen Kost Chief Technology Officer
More informationDescription of Actual State Sensor Types for the Software Asset Management (SWAM) Capability. 7 Jul 2014
Description of Actual State Sensor Types for the Software Asset Management (SWAM) Capability 7 Jul 2014 1 Purpose This document is intended to provide insight on the types of tools and technologies that
More informationTRIPWIRE NERC SOLUTION SUITE
CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering
More informationInjazat s Managed Services Portfolio
Injazat s Managed Services Portfolio Overview Premium Managed Services to Transform Your IT Environment Injazat s Premier Tier IV Data Center is built to offer the highest level of security and reliability.
More informationAn Oracle White Paper May 2013. Oracle Audit Vault and Database Firewall 12.1 Sizing Best Practices
An Oracle White Paper May 2013 Oracle Audit Vault and Database Firewall 12.1 Sizing Best Practices Introduction... 1 Component Overview... 2 Sizing Hardware Requirements... 3 Audit Vault Server Sizing...
More informationGuardium Change Auditing System (CAS)
Guardium Change Auditing System (CAS) Highlights. Tracks all changes that can affect the security of database environments outside the scope of the database engine Complements Guardium's Database Activity
More informationAn Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011
An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011 Brian McLean, CISSP Sr Technology Consultant, RSA Changing Threats and More Demanding Regulations External
More informationSafeNet DataSecure vs. Native Oracle Encryption
SafeNet vs. Native Encryption Executive Summary Given the vital records databases hold, these systems often represent one of the most critical areas of exposure for an enterprise. Consequently, as enterprises
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.
1 Oracle Database Security Advanced Security Option Thanos Terentes Printzios DB & Options Specialist A&C Technology Adoption Office Oracle Partner Business Development, ECEMEA 2 What is a customers INFORMATION
More informationLogRhythm and NERC CIP Compliance
LogRhythm and NERC CIP Compliance The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is reliable, adequate
More informationSplunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF
Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Businesses around the world have adopted the information security standard ISO 27002 as part of their overall risk
More information<Insert Picture Here> Oracle Identity And Access Management
Oracle Identity And Access Management Gautam Gopal, MSIST, CISSP Senior Security Sales Consultant Oracle Public Sector The following is intended to outline our general product direction.
More information