Oracle Audit Vault and Database Firewall

Transcription

1

2 <Insert Picture Here> Oracle Audit Vault and Database Firewall Angelo Maria Bosis Sales Consulting Director Oracle Italia

3 Billions of Database Records Breached Globally 97% of Breaches Were Avoidable with Basic Controls 98% records stolen from databases 84% records breached using stolen credentials 71% fell within minutes 92% discovered by third party

4 Why are Databases so Vulnerable? 80% of IT Security Programs Don t Address Database Security Forrester Research Network Security Enterprises are taking on risks that they may not even be aware Authentication & User Security SIEM of. Especially as more and more attacks against databases exploit legitimate access. Security Database Security Web Application Firewall Endpoint Security

5 Oracle Database Security Solutions Defense-in-Depth for Maximum Security PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring Sensitive Data Discovery Masking Database Firewall Patch Management Privileged User Controls Auditing and Reporting Configuration Management

6 Oracle Database Security Solutions Defense-in-Depth for Maximum Security PREVENTIVE Advanced Encryption Security Data Masking Database Vault Label Security Privileged User Controls DETECTIVE Oracle Audit Vault and Database Firewall Activity Monitoring Database Firewall Auditing and Reporting ADMINISTRATIVE Oracle Enterprise Manager 12c Sensitive Data Discovery Oracle Patch Management Database Lifecycle Management Pack Configuration Management

7 Oracle Audit Vault and Database Firewall New Solution for Oracle and Non-Oracle Databases Users Applications Database Firewall Allow Log Alert Substitute Block Firewall Events Auditor Security Manager Reports Alerts Policies! Audit Vault Audit Data OS, Directory, File System & Custom Audit Logs

8 Oracle AVDF Accuracy Why is understanding SQL critical? SQL is a language with about 400 key words and a strict grammar structure (ISO SQL spec pages): SELECT id, username, password, acccount_no FROM tbl_users WHERE username = Bill AND account_no BETWEEN AND ; OPERATORS KEY SCHEMA DATA WORDS Unless the grammar and structure of the language is known, then errors are made when analysing SQL UPDATE tbl_users SET comments = The user has asked for another account_no, and wishes to be billed for services between 1/2/2009 and 2/2/2009, and wants to know where the invoice should be sent to. She will select the new service level agreement to run from 3/7/2009 next month WHERE id = A ;

9 False Alarms are too costly

10 The cost of inaccuracy 3,000 transactions per second 260 million transactions per day

11 The cost of inaccuracy 3,000 transactions per second 260 million transactions per day 0.001% false positive rate: 260 false positives per day 7,800 audit errors per month

12 The cost of inaccuracy % false negative rate: 26 successful attacks per day...it only takes one... 3,000 transactions per second 260 million transactions per day 0.001% false positive rate: 260 false positives per day 7,800 audit errors per month

13 Oracle AVDF Accuracy Oracle AVDF can understand every SQL interaction and correctly segregate it based on the intent of the transaction. Uses semantic analysis of the grammar and structure of a SQL transaction to determine all of the relevant information about a query. Can also associate attributes with a SQL transactions such as who, what, when, from where, by whom, with what and what happened.

14 Oracle Audit Vault and Database Firewall SQL Injection Protection with Positive Security Model SELECT * from stock where catalog-no='phe8131' White List Allow Applications SELECT * from stock where catalog-no= ' union select cardno,0,0 from Orders -- Allowed behavior can be defined for any user or application Automated white list generation for any application Out-of-policy database transaction detected and blocked/alerted Block Databases

15 Oracle Audit Vault and Database Firewall Enforcing Database Activity with Negative Security Model DBA activity from Application? DBA activity from Approved Workstation SELECT * FROM v$session SELECT * FROM v$session Black List Block Allow + Log Stop specific unwanted SQL interactions, user or schema access Blacklisting can be done on factors such as time of day, day of week, network, application, user name, OS user name etc Provide flexibility to authorized users while still monitoring activity

16 Oracle Audit Vault and Database Firewall Comprehensive Enterprise Audit and Log Consolidation Databases: Oracle, SQL Server, DB2 LUW, DB2 z/os*, Sybase ASE New Audit Sources Operating Systems: Microsoft Windows, Solaris Directory Services: Active Directory File Systems: Oracle ACFS Audit Collection Plugins for Custom Audit Sources XML file maps custom audit elements to canonical audit elements Collect and map data from XML audit file and database tables * Third party integration by BSC Consulting Spa & AlfaGroup

17 Oracle DB Auditing: Fine-Grained Auditing Audit Policy AUDIT_CONDITION : NAME!= USER AUDIT_COLUMN = SALARY Not audited SELECT name, job, deptno FROM emp Audit Records (FGA_LOG$) SELECT name, salary FROM emp <timestamp>, <SCN>, <userid>, etc. SELECT name, salary FROM emp

18 Oracle Database Security Solutions Defense-in-Depth for Maximum Security PREVENTIVE Encryption Masking DETECTIVE Activity Monitoring Database Firewall ADMINISTRATIVE Sensitive Data Discovery Oracle Enterprise Manager 12c Patch Management Privileged User Controls Auditing and Reporting Configuration Management

19 Sensitive Data Discovery Find and Catalog Sensitive Data Data Finder Patterns Table Name: EMP* Column Name *SSN* Data Format ### - ## - #### Enterprise Data Sources Define pattern match rules for tables, columns and data Connect to Databases Search for Data Finder patterns across databases 4. Data Privacy Catalog New database fields added and then protected PERSON_SSN, EMP_SSN, SOC_SEC_NUM 3. Data Finder Reports Data Finder Results Results rendered by confidence factor Relevant database fields imported into the Data Privacy Catalog

20 Oracle Audit Vault and Database Firewall Auditing and Reporting Tens of default audit reports Out-of-the Box Compliance Reporting. Report with Data from Multiple Source Types Auditing Stored Procedure Calls Not Visible on the Network Powerful Alerting Filter Conditions

21 Oracle Database Security Customers Customers Worldwide Rely on Oracle Customer Benefits Enterprise ready Security and compliance Simple and flexible Speed and scale Trasparent and accurate oracle.com/goto/database/security-customers

22 Oracle Database Security Solutions Web Sites Customer Successes Newsletters Social Media Blogs Security Inside Out Database Insider LindkedIn Group: Database Insider Twitter: Oracle Database

23

24 Thank you!

25