Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Transcription

1 1

2 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle. Oracle Database 12c was released July 01, Oracle 11g Release 2 Patchset 3 ( ) is planned for Calendar Year

3 Security Inside Out Latest Innovations in Oracle Database 12c Russ Lowenthal Oracle Protected Enteprise

4 Records breached 67 % from servers 76 % Breached using weak or stolen credentials Over 1.1B Served Discovered by an 69 % external party 97 % Preventable with basic controls 4

5 Data Breaches are the Tip of the Iceberg Digital Security is the New Battle Ground We are at the mercy of a new generation of spies who operate remotely [that] have already shown their ability to penetrate our power plants, steal our latest submarine technology, rob our banks, and invade the Pentagon s secret communications systems. Joel Brenner, former Inspector General of the National Security Agency and Chief of Counterintelligence for the Director of National Intelligence 5

6 Targets Increasing as Attacks Evolve DBAs, OS Admins, Developers, Multiple Copies of the Data, etc. Anatomy of an Attack You don t bother to just simply hack the organization and its infrastructure; you focus much more of your attention on hacking the employees. Uri Rivner CTO, RSA (Security Division of EMC) 6

7 Why Are Databases So Vulnerable? 80% of IT Security Programs Don t Address Database Security Forrester Research Network Security Enterprises are taking on risks that they may not even be aware Authentication & User Security SIEM of. Especially as more and more attacks against databases exploit legitimate access. Security Database Security Web Application Firewall Endpoint Security 7

8 Oracle Database Security Solutions Defense-in-Depth for Maximum Security PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring Privilege Analysis Redaction and Masking Database Firewall Sensitive Data Discovery Privileged User Controls Auditing and Reporting Configuration Management 8

9 Oracle Database Security Solutions Defense-in-Depth for Maximum Security PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring Privilege Analysis Redaction and Masking Database Firewall Sensitive Data Discovery Privileged User Controls Auditing and Reporting Configuration Management 9

10 Encryption is the Foundation Preventive Control for Oracle Databases Oracle Advanced Security Transparent data encryption Prevents access to data at rest Requires no application changes Built-in two-tier key management Near Zero overhead with hardware Integrations with Oracle technologies e.g. Exadata, Advanced Compression, ASM, Golden Gate, DataPump, etc. Applications Disk Backups Exports Off-Site Facilities 10

11 Redaction of Sensitive Data Displayed Preventive Control for Oracle Database 12c Oracle Advanced Security Real-time sensitive data redaction based on database session context Library of redaction policies and pointand-click policy definition Consistent enforcement, policies applied to data Transparent to applications, users, and operational activities Credit Card Numbers Redaction Policy xxxx-xxxx-xxxx Call Center Application Billing Department 11

12 12

13 Masking Data for Non-Production Use Preventive Control for Oracle Databases Oracle Data Masking Replace sensitive application data Referential integrity detected/preserved Extensible template library and formats Application templates available Support for masking data in non-oracle databases LAST_NAME SSN SALARY AGUILAR ,000 BENSON ,000 Production Test Dev Non-Production LAST_NAME SSN SALARY ANSKEKSL ,000 BKJHHEIEDK ,000 Production 13

14 14

15 15

16 16

17 17

18 Audit, Report, and Alert in Real-Time Detective Control for Oracle and non-oracle Databases Oracle Audit Vault and Database Firewall Centralized secure repository delivered as secure, scalable software appliance Audit Data & Event Logs Oracle Database Firewall! Alerts SOC Powerful alerting - thresholds, group-by Out-of-the box and custom reports Consolidated multi-source reporting Built-in fine grain segregation of duties OS & Storage Directories Databases Custom Built-in Reports Custom Reports Policies Auditor Security Analyst 18

19 Oracle Audit Vault and Database Firewall New Solution for Oracle and Non-Oracle Databases Users Applications Database Firewall Allow Log Alert Substitute Block Firewall Events SOC Alerts! Auditor Security Analyst Built-in Reports Custom Reports Policies Audit Vault Audit Data OS, Directory, File System & Custom Audit Logs 19

20 Oracle Database Security Solutions Defense-in-Depth for Maximum Security PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring Privilege Analysis Redaction and Masking Database Firewall Sensitive Data Discovery Privileged User Controls Auditing and Reporting Configuration Management 20

21 Discover Use of Privileges and Roles Administrative Control for Oracle Database 12c Oracle Database Vault Turn on privilege capture mode Report on actual privileges and roles used in the database Helps revoke unnecessary privileges Enforce least privilege and reduce risks Increase security without disruption Privilege Analysis Create Drop Modify DBA role APPADMIN role 21

22 Discover Sensitive Data and Databases Administrative Control for Oracle Database 12c Oracle Enterprise Manager 12c Scan Oracle for sensitive data Built-in, extensible data definitions Discover application data models Protect sensitive data appropriately: encrypt, redact, mask, audit 22

23 Configuration Management Administrative Control for Oracle Databases Oracle Database Lifecycle Management Discover and classify databases Scan for best practices, standards Detect unauthorized changes Automated remediation Patching and provisioning Scan & Monitor Discover Patch 23

24 Oracle Database Security Solutions Defense-in-Depth for Maximum Security PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring Privilege Analysis Redaction and Masking Database Firewall Sensitive Data Discovery Privileged User Controls Auditing and Reporting Configuration Management 24

25 Oracle Database Security Customers Worldwide Rely on Oracle Database Security 25

26 Oracle Database Security Solutions Summary Security and Compliance Enterprise Ready Simple and Flexible Speed and Scale 26

27 Oracle Database Security Resources Data Sheets Whitepapers Webcasts Case Studies Events News and more 27

28 Q&A 28

29 29

30 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle. Release timing for Oracle Database 12c is planned for Calendar Year

31 31