1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Similar documents
1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Oracle Database Security

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Complete Database Security. Thomas Kyte

Database Security & Compliance with Audit Vault and Database Firewall. Pierre Leon Database Security

<Insert Picture Here> Oracle Database Vault

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

<Insert Picture Here> Oracle Database Security Overview

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Oracle Database Security. Paul Needham Senior Director, Product Management Database Security

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Hayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks

Protecting Sensitive Data Reducing Risk with Oracle Database Security

Securing Data in Oracle Database 12c

Guardium Change Auditing System (CAS)

Intelligent Security Design, Development and Acquisition

An Oracle White Paper June Oracle Database 11g: Cost-Effective Solutions for Security and Compliance

An Oracle White Paper June Security and Compliance with Oracle Database 12c

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

<Insert Picture Here> How to protect sensitive data, challenges & risks

Oracle Audit Vault and Database Firewall. Morana Kobal Butković Principal Sales Consultant Oracle Hrvatska

How To Secure A Database From A Leaky, Unsecured, And Unpatched Server

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Oracle Privileged Account Manager 11gR2. Karsten Müller-Corbach

Making Database Security an IT Security Priority

An Oracle White Paper April Security and Compliance with Oracle Database 12c

Obtaining Value from Your Database Activity Monitoring (DAM) Solution

Managing Oracle E-Business Suite Security

Oracle Database Security Solutions

Oracle Identity Management Securing The New Digital Experience

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Oracle Audit Vault and Database Firewall

MySQL Security: Best Practices

Security Compliance and Data Governance: Dual problems, single solution CON8015

Safeguard Sensitive Data in EBS: A Look at Oracle Database Vault, Transparent Data Encryption, and Data Masking. Lucy Feng

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

Real-Time Database Protection and. Overview IBM Corporation

Application Monitoring for SAP

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

Database Auditing: Best Practices. Rob Barnes, CISA Director of Security, Risk and Compliance Operations

Trust but Verify: Best Practices for Monitoring Privileged Users

Securely maintaining sensitive financial and

Securing OS Legacy Systems Alexander Rau

CONNECTING ACCESS GOVERNANCE AND PRIVILEGED ACCESS MANAGEMENT

An Oracle White Paper April Oracle Audit Vault and Database Firewall

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

CON9488 The Enterprise Cloud Simplified with Oracle VM

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

8 Steps to Holistic Database Security

Data Security: Strategy and Tactics for Success

An Oracle White Paper July Security in Private Database Clouds

BM482E Introduction to Computer Security

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Database Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions

Securing Remote Vendor Access with Privileged Account Security

Developing Value from Oracle s Audit Vault For Auditors and IT Security Professionals

Rebuilding Corporate Trust: GRC and IT Governance. Dražen Patarić Senior Sales Consultant

The Education Fellowship Finance Centralisation IT Security Strategy

Oracle Database 11g: Security. What you will learn:

CyberArk Privileged Threat Analytics. Solution Brief

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Oracle 1Z0-528 Exam Questions & Answers

Oracle Database Security Services

Governance, Risk & Compliance for Public Sector

Oracle E-Business Suite APPS, SYSADMIN, and oracle Securing Generic Privileged Accounts. Stephen Kost Chief Technology Officer Integrigy Corporation

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Security for PCI Compliance Addressing Security and Auditing Requirements for In-scope Web Applications, Databases and File Servers

Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium

Mitigating Risks and Monitoring Activity for Database Security

Passing PCI Compliance How to Address the Application Security Mandates

SAP BusinessObjects SOLUTIONS FOR ORACLE ENVIRONMENTS

Vulnerability Management

Securing Virtual Applications and Servers

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet

Gateway Security at Stateful Inspection/Application Proxy

Database Security and Auditing: Leading Practices. Rob Barnes Director, Enterprise Auditing Solutions Application Security, Inc.

Secure Cloud-Ready Data Centers Juniper Networks

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Cloud Data Security. Sol Cates

PCI Compliance for Cloud Applications

Attachment A. Identification of Risks/Cybersecurity Governance

Transcription:

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle. 2 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Insert Information Protection Policy Classification from Slide 8

Privileged User Access Control with Oracle Database 11g Jaime Briggs Account Manager Strategic Accounts MSc CS, CCISP, CCSK jaime.briggs@oracle.com 3 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Agenda Privileged User Risks Separation of Duties & Least Privilege Oracle Database Vault Demos Summary Q&A 4 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

How Do Data Breaches Occur? 48% involved privilege misuse (+26%) 40% resulted from hacking (-24%) 38% utilized malware (<>) 28% employed social tactics (+16%) 15% comprised physical attacks (+6%) 2010 Data Breach Investigations Report 5 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Where Does Breached Data Come From? 2010 Data Breach Investigations Report 6 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

76% Have No Preventive Controls on Privileged Database Users or Unsure Can you prevent DBAs & other privileged database users from reading/tampering with sensitive information in financial, HR, or other business applications? 7 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Three-Fourths Don t Have Safeguards To Prevent Accidental Harm to Databases Any safeguards preventing a database administrator from accidentally dropping a table or unintentionally causing harm to critical application databases? 8 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Separation of Duties 9 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information Source: http://www.opensecurityarchitecture.org

Least Privilege 10 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information Source: http://www.opensecurityarchitecture.org

Database Security Defense in Depth Mitigate Database Bypass Prevent Application Bypass Consolidate Auditing and Compliance Reporting Monitor Database Traffic and Block Threats Protect All Database Environments Prevent access to data at OS, storage, network, media layers Transparent data encryp:on for data at rest, in transit, on media Separa:on of du:es for key management Privileged user access control to limit access to applica:on data Mul:- factor authoriza:on for enforcing enterprise security policies Secure applica:on consolida:on Na:ve Oracle and non- Oracle database audi:ng, centralized audit policies Consolidate, secure, analyze audit trail, alert on suspicious ac:vi:es Report for compliance & security, automate database audit workflow Monitor Oracle & non- Oracle database traffic over the network Block threats like SQL injec:on alacks before reaching databases Enforce normal database ac:vity, lightweight monitoring Sensi:ve data discovery for produc:on Secure database lifecycle management, configura:on scanning, patch automa:on Mask data for nonproduc:on development & test 11 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Database Security Defense in Depth Mitigate Database Bypass Prevent Application Bypass Consolidate Auditing and Compliance Reporting Monitor Database Traffic and Block Threats Protect All Database Environments Privileged user access control to limit access to application data Multi-factor authorization for enforcing enterprise security policies Secure application consolidation 12 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Oracle Database Vault Privilege User Access Control Application Procurement HR Security DBA Application DBA Finance DBA select * from finance.customers Automatic and customizable DBA separation of duties Enforce who, where, when, and how data is accessed using rules and factors Enforce least privilege for privileged database users Prevent compromised privileged users accounts from accessing application data Securely consolidate application data and prevent application bypass Prevent ad hoc changes to the database by administrators 13 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Oracle Database Vault Realms Application Procurement HR Security DBA Application DBA Finance DBA select * from finance.customers Realms are protections zones (firewalls) inside the database to protect application data Use realms to control the use of system privileges to specific accounts or roles Default realms to address database governance Out-of-the box realms to protect popular Oracle and non-oracle applications 14 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Oracle Database Vault Strong Operational Controls Inside the Database Application Procurement HR Finance Built-in Factors: User Factors - Name - Authentication type - Session User - Proxy Enterprise Identity Network Factors - Machine name - Client IP - Network Protocols Database Factors - Database IP - Database Instance - Database Hostname - Database SID Runtime Factors - Language - Date/Day of Week - Time Rules to control how users can execute almost any SQL statement inside the database Command rules can take into account built-in and custom factors (numerous built in) Command rules can be system-wide, schema specific, and object specific Out-of-the box command rules for Oracle and non-oracle applications 15 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Oracle Database Vault Alerts and Reports Separation of duties Multi-factor access Procurement HR Alerts/Reports Finance Generate audit events on realm violations and command rule exceptions Demonstrate compliance using built-in reports for Realms Command rules Entitlements such as who has the DBA role Integrated with Oracle Audit Vault and Oracle Enterprise Manager for near real time alerting and monitoring 16 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Demo 17 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Oracle Database Vault Protection for Oracle and non-oracle Application Data Pre-built policies include realms and command rules Prevent DBA from accessing application data Prevent DBA from tampering with application objects Complement application security Customizable Oracle E-Business Suite 11i / R12 Oracle JD Edwards EnterpriseOne Oracle PeopleSoft Oracle Siebel SAP Oracle Retail Applications (Retek) Oracle Financial Services (i-flex) Oracle Utilities Applications Oracle Enterprise Taxation Management Finacle from Infosys 18 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Oracle Database Vault Secure Application Consolidation and Outsourcing $$$ Risk Consolidation results in multiple privileged accounts in a single database Oracle Database Vault enforces trusted paths to applications data Isolates consolidated apps from each other and prevents privilege escalation Enables outsourcing backend operations without giving access to data Secures applications data in the cloud 19 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Oracle Database Security: Defense-in-Depth Transparent Data Encryption, Privileged User Controls, Multi-Factor Authorization, Data Classification, and Change Tracking Maximum Security for Oracle Databases: Oracle Advanced Security Oracle Database Vault Oracle Label Security Oracle Total Recall Database Activity Auditing and Reporting, SQL Traffic Monitoring and Blocking, Real-Time Alerting Security for Oracle and non-oracle Databases Outside the Database: Oracle Audit Vault Oracle Database Firewall Secure Configuration Scanning, Automated Patching, Configuration Change Control, Data Masking for Test and Development Security for Production and non- Production Database Environments: Oracle Database Lifecycle Management Oracle Data Masking 20 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

For More Information search.oracle.com database security or oracle.com/goto/database/database-vault oracle.com/goto/database/security-customers 21 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

22 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information Q&A

23 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

24 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information