1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information"

Transcription

1 1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

2 Proteggere i dati direttamente nel database Una proposta tecnologica Angelo Maria Bosis Sales Consulting Senior Manager 2 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

3 What is an Advanced Persistent Threat? Cybercrime directed at political, infrastructure, and business targets 3 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

4 What are APTs Ultimately After? Two Thirds of Sensitive and Regulated Information now Resides in Databases and Doubling Every Two Years Classified Govt. Info. Trade Secrets HR Data Citizen Data Credit Cards Customer Data Financial Data Competitive Bids Corporate Plans Source Code Bug Database Source: IDC, "Effective Data Leak Prevention Programs: Start by Protecting Data at the Source Your Databases", August Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

5 Database Sprawl Makes Attacking Easier! 5 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

6 Are Databases Adequately Protected? Network Security Forrester estimates that although 70% of enterprises have an information security plan, only 20% of enterprises have a database security plan. Authentication Security Security Database Security Endpoint Security Vulnerability Management Source: Forrester Research Inc., Creating An Enterprise Database Security Plan, July Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

7 Limited Database Controls 70% System users can read/tamper data stored in database files or storage 76% Cannot prevent DBAs from reading/modifying data 68% Cannot detect if database users are abusing privileges 63% Vulnerable to SQL injection attacks or not sure 48% Copy sensitive production data to non-production environments 31% Likely to get breached over the coming year Source: 2010 Independent Oracle User Group Data Security Report 7 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

8 Most Records Lost from Database Servers Type Category % Breaches % Records Database Server Servers & Applications 25% 92% Desktop Computer End-User Devices 21% 1% How were these records breached? 89% using SQL injection 86% using stolen credentials By exploiting legitimate access to databases! Source: 2010 Verizon Data Breach Investigations Report 8 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

9 Sources of Vulnerability Test & Dev Partners Applications Configuration Administrative Accounts Operations Access to production data in non-secure environment Access to production systems for trouble shooting SQL Injection attack from outside Application bypass Security configuration parameters Security patches System administrators, DBAs, Application Administrators Stolen credentials, Inadequate training, Malicious insiders Direct OS access Lost / stolen backups 9 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

10 Oracle Database Security Platform Transparent Data Encryption, Privileged User Controls, Multi-Factor Authorization, Data Classification, and Change Tracking Maximum Security for Oracle Databases: Oracle Advanced Security Oracle Database Vault Oracle Label Security Oracle Total Recall Database Activity Auditing and Reporting, SQL Traffic Monitoring and Blocking, Real-Time Alerting, Workflow Automation Security for Oracle and non-oracle Databases Outside the Database: Oracle Audit Vault Oracle Database Firewall Secure Configuration Scanning, Automated Patching, Configuration Change Control, Sensitive Data Discovery, Data Masking Security for Production and non- Production Database Environments: Oracle Database Lifecycle Oracle Enterprise Manager Oracle Data Masking 10 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

11 Oracle Advanced Security Transparent Data Encryption Disk Backups Application Exports Off-Site Facilities Protects from unauthorized OS level or network access Efficient encryption of all application data Built-in key lifecycle management No application changes required 11 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

12 Oracle Database Vault Privileged User and Operational Controls Procurement Application HR Finance select * from finance.customers Limit default powers of privileged users Enforce policy rules inside the database Violations audited, secured and sent to Oracle Audit Vault No application changes required DBA 12 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

13 Oracle Database Firewall First Line Of Defense Monitors database activity, and prevents attacks and SQL injections White-list, black-list, and exception-list based security policies based upon highly accurate SQL grammar based analysis In-line blocking and monitoring, or out-of-band monitoring modes 13 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

14 Oracle Audit Vault Trust But Verify Consolidate database audit trail into secure centralized repository Detect and alert on suspicious activities, including privileged users Out-of-the box compliance reports for SOX, PCI, and other regulations E.g., privileged user audit, entitlements, failed logins, regulated data changes Streamline audits: report generation, notification, attestation, archiving, etc. 14 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

15 Oracle Data Masking Irreversibly De-Identify Data for Non-Production Use LAST_NAME SSN Production SALARY Test LAST_NAME SSN SALARY AGUILAR ,000 BENSON ,000 SMITH ,000 MILLER ,000 Make application data securely available in non-production environments Prevent application developers and testers from seeing production data Extensible template library and policies for data masking automation new format preserving masking Referential integrity automatically preserved so applications continue to work Integration with Real Application Testing and Test Data Management 15 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

16 Database Security Big Picture 16 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

17 Oracle Database Security Key Differentiators High Performance, Accurate Defense-in-Depth Security Platform Securing through the Life Cycle Transparently Support Existing Applications Heterogeneous Support 17 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

18 What s Your Next Move? 1 Know where is the sensitive data 2 Scan, assess, patch, audit your databases 3 Database Firewall as first line of defense 4 Control the privileged users 5 Encrypt and mask sensitive data 18 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

19 19 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

20 20 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Oracle Database Security

Oracle Database Security Oracle Database Security Paul Needham, Senior Director, Product Management, Database Security Target of Data Breaches 2010 Data Breach Investigations Report Type Category % Breaches

More information

Complete Database Security. Thomas Kyte http://asktom.oracle.com/

Complete Database Security. Thomas Kyte http://asktom.oracle.com/ Complete Database Security Thomas Kyte http://asktom.oracle.com/ Agenda Enterprise Data Security Challenges Database Security Strategy Oracle Database Security Solutions Defense-in-Depth Q&A 2 Copyright

More information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved. 1 Seguridad en profundidad Jaime Briggs MSc CS, CISSP, CCSK Sales Manager Strategic accounts Agenda Los Controles ISO 27001 Defensa en Profundidad Productos que dan respuesta Roadmap a seguridad Q&A 3

More information

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Copyright 2013, Oracle and/or its affiliates. All rights reserved. 1 Security Inside Out Latest Innovations in Oracle Database 12c Jukka Männistö Database Architect Oracle Nordic Coretech Presales The 1995-2014 Security Landscape Regulatory Landscape HIPAA, SOX (2002),

More information

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Copyright 2013, Oracle and/or its affiliates. All rights reserved. 1 Solutions for securing and auditing Oracle database Edgars Ruņģis Technology Consultant Why Are Databases Vulnerable? 80% of IT Security Programs Don t Address Database Security Forrester Research Enterprises

More information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved. 1 Cumplimiento de PMG SSI para sector Gobierno en Chile Jaime Briggs MSc CS, CISSP, CCSK Sales Manager Strategic accounts jaime.briggs@oracle.com Agenda Pilares Fundamentales de SSI Desafios de Seguridad

More information

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Copyright 2013, Oracle and/or its affiliates. All rights reserved. 1 Security Inside-Out with Oracle Database 12c Denise Mallin, CISSP Oracle Enterprise Architect - Security The following is intended to outline our general product direction. It is intended for information

More information

Protecting Sensitive Data Reducing Risk with Oracle Database Security

Protecting Sensitive Data Reducing Risk with Oracle Database Security Protecting Sensitive Data Reducing Risk with Oracle Database Security Antonio.Mata.Gomez@oracle.com Information Security Architect Agenda 1 2 Anatomy of an Attack Three Steps to Securing an Oracle Database

More information

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Copyright 2013, Oracle and/or its affiliates. All rights reserved. 1 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any

More information

Oracle Database Security. Paul Needham Senior Director, Product Management Database Security

Oracle Database Security. Paul Needham Senior Director, Product Management Database Security Oracle Database Security Paul Needham Senior Director, Product Management Database Security Safe Harbor Statement The following is intended to outline our general product direction. It is intended for

More information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved. 1 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any

More information

<Insert Picture Here> Oracle Database Security Overview

<Insert Picture Here> Oracle Database Security Overview Oracle Database Security Overview Tammy Bednar Sr. Principal Product Manager tammy.bednar@oracle.com Data Security Challenges What to secure? Sensitive Data: Confidential, PII, regulatory

More information

Security It s an ecosystem thing

Security It s an ecosystem thing Security It s an ecosystem thing Joseph Alhadeff Vice President Global Public Policy, Chief Privacy Strategist The Security challenge in the before time. Today s Threat Environment

More information

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information 1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information The following is intended to outline our general product direction. It is intended for information purposes only,

More information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved. 1 Oracle Database Security Advanced Security Option Thanos Terentes Printzios DB & Options Specialist A&C Technology Adoption Office Oracle Partner Business Development, ECEMEA 2 What is a customers INFORMATION

More information

Securing Data in Oracle Database 12c

Securing Data in Oracle Database 12c Securing Data in Oracle Database 12c Thomas Kyte http://asktom.oracle.com/ Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes

More information

Oracle Audit Vault and Database Firewall

Oracle Audit Vault and Database Firewall Oracle Audit Vault and Database Firewall Angelo Maria Bosis Sales Consulting Director Oracle Italia Billions of Database Records Breached Globally 97% of Breaches Were Avoidable with

More information

Oracle Identity Management Securing The New Digital Experience

Oracle Identity Management Securing The New Digital Experience Oracle Identity Management Securing The New Digital Experience Security: User Single Sign-On, Certifying User Access, and Masking Sensitive Data Henry Anzarouth Principal Sales Consultant, Security and

More information

Database Security & Compliance with Audit Vault and Database Firewall. Pierre Leon Database Security

Database Security & Compliance with Audit Vault and Database Firewall. Pierre Leon Database Security Database Security & Compliance with Audit Vault and Database Firewall Pierre Leon Database Security 1 Topics Encryption Authentication Authorising highly privileged users Access control by data classification

More information

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information 1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information The following is intended to outline our general product direction. It is intended for information purposes only,

More information

Hayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks

Hayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks EXTENDING ACCESS WHILE ENHANCING CONTROL FOR YOUR ORGANIZATION S DATA LEVERAGE THE POWER OF F5 AND ORACLE TO DELIVER SECURE ACCESS TO APPLICATIONS AND DATABASES Hayri Tarhan, Sr. Manager, Public Sector

More information

Oracle Audit Vault and Database Firewall. Morana Kobal Butković Principal Sales Consultant Oracle Hrvatska

Oracle Audit Vault and Database Firewall. Morana Kobal Butković Principal Sales Consultant Oracle Hrvatska Oracle Audit Vault and Database Firewall Morana Kobal Butković Principal Sales Consultant Oracle Hrvatska The following is intended to outline our general product direction. It is intended for information

More information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved. 1 Introducing Oracle Audit Vault and Database Firewall Billions of Database Records Breached Globally 97% of Breaches Were Avoidable with Basic Controls 98% records stolen from databases 84% records breached

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

An Oracle White Paper June 2009. Oracle Database 11g: Cost-Effective Solutions for Security and Compliance

An Oracle White Paper June 2009. Oracle Database 11g: Cost-Effective Solutions for Security and Compliance An Oracle White Paper June 2009 Oracle Database 11g: Cost-Effective Solutions for Security and Compliance Protecting Sensitive Information Information ranging from trade secrets to financial data to privacy

More information

Making Database Security an IT Security Priority

Making Database Security an IT Security Priority Sponsored by Oracle Making Database Security an IT Security Priority A SANS Whitepaper November 2009 Written by Tanya Baccam Security Strategy Overview Why a Database Security Strategy? Making Databases

More information

Intelligent Security Design, Development and Acquisition

Intelligent Security Design, Development and Acquisition PAGE 1 Intelligent Security Design, Development and Acquisition Presented by Kashif Dhatwani Security Practice Director BIAS Corporation Agenda PAGE 2 Introduction Security Challenges Securing the New

More information

Data Security: Strategy and Tactics for Success

Data Security: Strategy and Tactics for Success Data Security: Strategy and Tactics for Success DatabaseVisions,Inc. Fairfax, Va Oracle Gold Partner Solution Provider Oracle Security Specialized www.databasevisions.com Overview Cloud Computing presents

More information

<Insert Picture Here> How to protect sensitive data, challenges & risks

<Insert Picture Here> How to protect sensitive data, challenges & risks How to protect sensitive data, challenges & risks Lars Klumpes CISSP Security Strategy Consultant EMEA Disclaimer The following is intended to outline our general product direction.

More information

Managing Oracle E-Business Suite Security

Managing Oracle E-Business Suite Security Managing Oracle E-Business Suite Security Erik Graversen, Senior Principal Software Developer Elke Phelps, Senior Principal Product Manager Oracle E-Business Suite Applications Technology Oracle Open World,

More information

Agenda. Sedat Zencirci Technology Sales Consultancy Manager. Oracle Technology Stack. Business Requirements and Oracle offerings

Agenda. Sedat Zencirci Technology Sales Consultancy Manager. Oracle Technology Stack. Business Requirements and Oracle offerings Sedat Zencirci Technology Sales Consultancy Manager Agenda Oracle Technology Stack Oracle Database Oracle Fusion MiddleWare Oracle Applications Business Requirements and Oracle offerings High Availability

More information

<Insert Picture Here> Oracle Database Vault

<Insert Picture Here> Oracle Database Vault Oracle Database Vault Kamal Tbeileh Senior Principal Product Manager, Database Security The following is intended to outline our general product direction. It is intended for information

More information

Balancing Security Investment Against Today's Threat Environment

Balancing Security Investment Against Today's Threat Environment Balancing Security Investment Against Today's Threat Environment Niel Pandya Data Security, Senior Manager, Oracle ASEAN The following is intended to outline our general product direction.

More information

<Insert Picture Here> PCI DSS-Payment Card Industry. Security Summit 2010. Master Principal Sales Consultant - Alfredo Valenza - Oracle Italia

<Insert Picture Here> PCI DSS-Payment Card Industry. Security Summit 2010. Master Principal Sales Consultant - Alfredo Valenza - Oracle Italia PCI DSS-Payment Card Industry Data Security Standard Security Summit 2010 Master Principal Sales Consultant - Alfredo Valenza - Oracle Italia This document is for informational purposes.

More information

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan WHITE PAPER Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan Introduction to Data Privacy Today, organizations face a heightened threat landscape with data

More information

Top Five Database Security and Compliance Resolutions for 2008

Top Five Database Security and Compliance Resolutions for 2008 Top Five Database Security and Compliance Resolutions for 2008 Speakers Michael Krieger, VP, Market Experts Group Ziff Davis Enterprise Rich Mogull, Founder Securosis Roxana Bradescu, Senior Product Director,

More information

An Oracle White Paper June 2013. Security and Compliance with Oracle Database 12c

An Oracle White Paper June 2013. Security and Compliance with Oracle Database 12c An Oracle White Paper June 2013 Security and Compliance with Oracle Database 12c Introduction... 3 Oracle Database 12c Security... 4 Locating and Cataloging Your Sensitive Data... 4 Monitoring the Configuration

More information

An Oracle White Paper April 2014. Oracle Audit Vault and Database Firewall

An Oracle White Paper April 2014. Oracle Audit Vault and Database Firewall An Oracle White Paper April 2014 Oracle Audit Vault and Database Firewall Introduction... 2 Oracle Audit Vault and Database Firewall Overview... 3 Auditing and Monitoring Overview... 3 Audit Vault... 4

More information

Understanding holistic database security

Understanding holistic database security Information Management White Paper Understanding holistic database security 8 steps to successfully securing enterprise data sources 2 Understanding holistic database security News headlines about the

More information

Database Security Questions HOUG 2016. Fehér Lajos. Copyright 2015, Oracle and/or its affiliates. All rights reserved.

Database Security Questions HOUG 2016. Fehér Lajos. Copyright 2015, Oracle and/or its affiliates. All rights reserved. Database Security Questions HOUG 2016 Fehér Lajos 1 How Data Gets Compromised? Source: Verizon Data Breach Investigations Report Copyright 2015, Oracle and/or 2its affiliates. All rights reserved. Where

More information

MySQL Security: Best Practices

MySQL Security: Best Practices MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes

More information

Oracle Information Security Visioni

Oracle Information Security Visioni Oracle Information Security Visioni Pillar Partner Webcast Presenter: Ola Sergatchov, Senior Director Information Security Strategy t Oracle North America Technology Organization Why are you here? 1 2

More information

An Oracle White Paper April 2014. Security and Compliance with Oracle Database 12c

An Oracle White Paper April 2014. Security and Compliance with Oracle Database 12c An Oracle White Paper April 2014 Security and Compliance with Oracle Database 12c Introduction... 2 Oracle Database 12c Security... 3 Protecting Against Database Bypass Threats... 3 Limiting Sensitive

More information

Database Security and Auditing: Leading Practices. Rob Barnes Director, Enterprise Auditing Solutions Application Security, Inc.

Database Security and Auditing: Leading Practices. Rob Barnes Director, Enterprise Auditing Solutions Application Security, Inc. Database Security and Auditing: Leading Practices Rob Barnes Director, Enterprise Auditing Solutions Application Security, Inc. Getting to Know Database Threats and Vulnerabilities Key Objectives Understand

More information

Guardium Change Auditing System (CAS)

Guardium Change Auditing System (CAS) Guardium Change Auditing System (CAS) Highlights. Tracks all changes that can affect the security of database environments outside the scope of the database engine Complements Guardium's Database Activity

More information

Why Add Data Masking to Your IBM DB2 Application Environment

Why Add Data Masking to Your IBM DB2 Application Environment Why Add Data Masking to Your IBM DB2 Application Environment dataguise inc. 2010. All rights reserved. Dataguise, Inc. 2201 Walnut Ave., #260 Fremont, CA 94538 (510) 824-1036 www.dataguise.com dataguise

More information

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Protect the data that drives our customers business. Data Security. Imperva s mission is simple: The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent

More information

Forthcoming EU Data Protection Law

Forthcoming EU Data Protection Law Forthcoming EU Data Protection Law How Oracle can Help Patrick McLaughlin Security Architect & Oracle Fellow EMEA Technology Solutions 22 October 2015, Riga Copyright 2014 Oracle and/or its affiliates.

More information

Application Monitoring for SAP

Application Monitoring for SAP Application Monitoring for SAP Detect Fraud in Real-Time by Monitoring Application User Activities Highlights: Protects SAP data environments from fraud, external or internal attack, privilege abuse and

More information

Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements

Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements A Forrester Consulting Thought Leadership Paper Commissioned By Oracle Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements

More information

Additional Security Considerations and Controls for Virtual Private Networks

Additional Security Considerations and Controls for Virtual Private Networks CYBER SECURITY OPERATIONS CENTRE APRIL 2013 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL REFERENCES

More information

2012 Data Breach Investigations Report

2012 Data Breach Investigations Report 2012 Data Breach Investigations Report A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting & Information

More information

05.0 Application Development

05.0 Application Development Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development

More information

Governance, Risk & Compliance for Public Sector

Governance, Risk & Compliance for Public Sector Governance, Risk & Compliance for Public Sector Steve Hagner EMEA GRC Solution Sales From egovernment to Oracle igovernment Increase Efficiency and Transparency Oracle igovernment

More information

An Oracle White Paper January 2011. Oracle Database Firewall

An Oracle White Paper January 2011. Oracle Database Firewall An Oracle White Paper January 2011 Oracle Database Firewall Introduction... 1 Oracle Database Firewall Overview... 2 Oracle Database Firewall... 2 White List for Positive Security Enforcement... 3 Black

More information

Database Auditing: Best Practices. Rob Barnes, CISA Director of Security, Risk and Compliance Operations rbarnes@appsecinc.com

Database Auditing: Best Practices. Rob Barnes, CISA Director of Security, Risk and Compliance Operations rbarnes@appsecinc.com Database Auditing: Best Practices Rob Barnes, CISA Director of Security, Risk and Compliance Operations rbarnes@appsecinc.com Verizon 2009 Data Breach Investigations Report: 285 million records were compromised

More information

Unified Security Management

Unified Security Management Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy

More information

Enterprise Security Solutions

Enterprise Security Solutions Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class

More information

Security Compliance and Data Governance: Dual problems, single solution CON8015

Security Compliance and Data Governance: Dual problems, single solution CON8015 Security Compliance and Data Governance: Dual problems, single solution CON8015 David Wolf Director of Product Management Oracle Development, Enterprise Manager Steve Ries Senior Systems Architect Technology

More information

Securing OS Legacy Systems Alexander Rau

Securing OS Legacy Systems Alexander Rau Securing OS Legacy Systems Alexander Rau National Information Security Strategist Sample Agenda 1 Today s IT Challenges 2 Popular OS End of Support & Challenges for IT 3 How to protect Legacy OS systems

More information

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere Protecting Databases from Unauthorized Activities Using Imperva SecureSphere White Paper As the primary repository for the enterprise s most valuable information, the database is perhaps the most sensitive

More information

Obtaining Value from Your Database Activity Monitoring (DAM) Solution

Obtaining Value from Your Database Activity Monitoring (DAM) Solution Obtaining Value from Your Database Activity Monitoring (DAM) Solution September 23, 2015 Mike Miller Chief Security Officer Integrigy Corporation Stephen Kost Chief Technology Officer Integrigy Corporation

More information

Oracle Privileged Account Manager 11gR2. Karsten Müller-Corbach karsten.mueller-corbach@oracle.com

Oracle Privileged Account Manager 11gR2. Karsten Müller-Corbach karsten.mueller-corbach@oracle.com R2 Oracle Privileged Account Manager 11gR2 Karsten Müller-Corbach karsten.mueller-corbach@oracle.com The following is intended to outline our general product direction. It is intended for information purposes

More information

Oracle Database Security Solutions

Oracle Database Security Solutions Oracle Database Security Solutions Eric Cheung Senior Manager, Technology Sales Consulting Eric.cheung@oracle.com May 2008 Key Drivers for Data Security Privacy and Compliance Sarbanes-Oxley

More information

8 Steps to Holistic Database Security

8 Steps to Holistic Database Security Information Management White Paper 8 Steps to Holistic Database Security By Ron Ben Natan, Ph.D., IBM Distinguished Engineer, CTO for Integrated Data Management 2 8 Steps to Holistic Database Security

More information

An Oracle White Paper January 2012. Oracle Database Firewall

An Oracle White Paper January 2012. Oracle Database Firewall An Oracle White Paper January 2012 Oracle Database Firewall Introduction... 2 Oracle Database Firewall Overview... 3 Oracle Database Firewall... 3 White List for Positive Security Enforcement... 4 Black

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004 A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:

More information

Security Trends and Client Approaches

Security Trends and Client Approaches Security Trends and Client Approaches May 2010 Bob Bocchino, CISA ERM Security and Compliance Business Advisor IBU Technology Sales Support Industries Business Unit, Technology Sales Support 1 Mark Dixon

More information

With Great Power comes Great Responsibility: Managing Privileged Users

With Great Power comes Great Responsibility: Managing Privileged Users With Great Power comes Great Responsibility: Managing Privileged Users Darren Harmer Senior Systems Engineer Agenda What is a Privileged User Privileged User Why is it important? Security Intelligence

More information

Securing SharePoint 101. Rob Rachwald Imperva

Securing SharePoint 101. Rob Rachwald Imperva Securing SharePoint 101 Rob Rachwald Imperva Major SharePoint Deployment Types Internal Portal Uses include SharePoint as a file repository Only accessible by internal users Company Intranet External Portal

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

McAfee Database Security. Dan Sarel, VP Database Security Products

McAfee Database Security. Dan Sarel, VP Database Security Products McAfee Database Security Dan Sarel, VP Database Security Products Agenda Databases why are they so frail and why most customers Do very little about it? Databases more about the security problem Introducing

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

<Insert Picture Here> Application Change Management and Data Masking

<Insert Picture Here> Application Change Management and Data Masking Application Change Management and Data Masking Jagan R. Athreya (jagan.athreya@oracle.com) Director of Database Manageability Oracle Corporation 1 The following is intended to outline

More information

The Cloud App Visibility Blindspot

The Cloud App Visibility Blindspot The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before

More information

Securing and protecting the organization s most sensitive data

Securing and protecting the organization s most sensitive data Securing and protecting the organization s most sensitive data A comprehensive solution using IBM InfoSphere Guardium Data Activity Monitoring and InfoSphere Guardium Data Encryption to provide layered

More information

Audit and Protect Unstructured Data

Audit and Protect Unstructured Data File Security DATASHEET Audit and Protect Unstructured Data Unmatched Auditing and Protection for File Data Conventional approaches for auditing file activity and managing permissions simply don t work

More information

Comprehensive Approach to Database Security

Comprehensive Approach to Database Security Comprehensive Approach to Database Security asota@hotmail.com NYOUG 2008 1 What will I discuss today Identify Threats, Vulnerabilities and Risk to Databases Analyze the drivers for Database Security Identify

More information

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Seven Things To Consider When Evaluating Privileged Account Security Solutions Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?

More information

The Cloud App Visibility Blind Spot

The Cloud App Visibility Blind Spot WHITE PAPER The Cloud App Visibility Blind Spot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Line-of-business leaders everywhere are bypassing IT departments

More information

10 Building Blocks for Securing File Data

10 Building Blocks for Securing File Data hite Paper 10 Building Blocks for Securing File Data Introduction Securing file data has never been more important or more challenging for organizations. Files dominate the data center, with analyst firm

More information

Take Control of Identities & Data Loss. Vipul Kumra

Take Control of Identities & Data Loss. Vipul Kumra Take Control of Identities & Data Loss Vipul Kumra Security Risks - Results Whom you should fear the most when it comes to securing your environment? 4. 3. 2. 1. Hackers / script kiddies Insiders Ex-employees

More information

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery Overview Password Manager Pro offers a complete solution to control, manage, monitor and audit the entire life-cycle of privileged access. In a single package it offers three solutions - privileged account

More information

1 2011 Oracle Corporation

1 2011 Oracle Corporation 1 2011 Oracle Corporation Hackers and Hacking. Demonstration 2. SQL Injection Hacks Stuart Sharp, Information Security Sales Consultant, Oracle 2 2011 Oracle Corporation Insert Information Protection Policy

More information

Data-Centric Security vs. Database-Level Security

Data-Centric Security vs. Database-Level Security TECHNICAL BRIEF Data-Centric Security vs. Database-Level Security Contrasting Voltage SecureData to solutions such as Oracle Advanced Security Transparent Data Encryption Introduction This document provides

More information

Oracle Database 11g: Security Release 2. Course Topics. Introduction to Database Security. Choosing Security Solutions

Oracle Database 11g: Security Release 2. Course Topics. Introduction to Database Security. Choosing Security Solutions Oracle Database 11g: Security Release 2 In this course, students learn how they can use Oracle Database features to meet the security, privacy and compliance requirements of their organization. The current

More information

Safe Harbor Statement

Safe Harbor Statement Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment

More information

White Paper. Managing Risk to Sensitive Data with SecureSphere

White Paper. Managing Risk to Sensitive Data with SecureSphere Managing Risk to Sensitive Data with SecureSphere White Paper Sensitive information is typically scattered across heterogeneous systems throughout various physical locations around the globe. The rate

More information

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information

PCI Compliance in Oracle E-Business Suite

PCI Compliance in Oracle E-Business Suite PCI Compliance in Oracle E-Business Suite October 22, 2014 Mike Miller Chief Security Officer Integrigy Corporation Megan Kelly Senior Director of ERP Integrations CardConnect Moderated by Phil Reimann,

More information

Mitigating Information Security Risks of Cloud Computin

Mitigating Information Security Risks of Cloud Computin Peter Rajnak Business Devlopment Director for Security Solutions Oracle OFM APAC Mitigating Information Security Risks of Cloud Computin Everyone Is Talking About Cloud Cloud Is at

More information

Security Solution Architecture for VDI

Security Solution Architecture for VDI Solution Architecture for VDI A reference implementation of VMware BENEFITS Validated solution architecture provides unprecedented end-to-end security dashboard for virtual desktop infrastructure (VDI)

More information

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into 1 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any

More information

IT Security & Compliance. On Time. On Budget. On Demand.

IT Security & Compliance. On Time. On Budget. On Demand. IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount

More information

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security

More information

Database security issues PETRA BILIĆ ALEXANDER SPARBER

Database security issues PETRA BILIĆ ALEXANDER SPARBER Database security issues PETRA BILIĆ ALEXANDER SPARBER Introduction Database security is one aspect of computer security It uses different information security controls to protect databases Information

More information

Installing and Configuring Guardium, ODF, and OAV

Installing and Configuring Guardium, ODF, and OAV Installing and Configuring Guardium, ODF, and OAV In this appendix, we will cover the following topics: ff ff ff IBM Infosphere Guardium Database Security Oracle Database Firewall Oracle Audit Vault IBM

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker

PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker www.quotium.com 1/14 Summary Abstract 3 PCI DSS Statistics 4 PCI DSS Application Security 5 How Seeker Helps You Achieve PCI DSS

More information