Security Defense-in-Depth Latest Innovations in Oracle Security

Similar documents
Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Protecting Sensitive Data Reducing Risk with Oracle Database Security

Oracle Database Security. Paul Needham Senior Director, Product Management Database Security

Complete Database Security. Thomas Kyte

Oracle Identity Management Securing The New Digital Experience

Oracle Database Security

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Securing Data in Oracle Database 12c

Security It s an ecosystem thing

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

<Insert Picture Here> Oracle Database Security Overview

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Oracle Mobile Security Suite. René Klomp 6 mei 2014

Trust but Verify: Best Practices for Monitoring Privileged Users

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Oracle Privileged Account Manager 11gR2. Karsten Müller-Corbach

Hayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks

Oracle Mobile Security Management

Database Security Questions HOUG Fehér Lajos. Copyright 2015, Oracle and/or its affiliates. All rights reserved.

Database Security & Compliance with Audit Vault and Database Firewall. Pierre Leon Database Security

Agenda. Sedat Zencirci Technology Sales Consultancy Manager. Oracle Technology Stack. Business Requirements and Oracle offerings

Forthcoming EU Data Protection Law

Kenneth Hee Director, Business Development Security & Identity Management. Oracle Identity Management 11g R2 Securing The New Digital Experience

Oracle Audit Vault and Database Firewall

Intelligent Security Design, Development and Acquisition

Identity Governance Evolution

Data Security: Strategy and Tactics for Success

<Insert Picture Here> PCI DSS-Payment Card Industry. Security Summit Master Principal Sales Consultant - Alfredo Valenza - Oracle Italia

Oracle Database Security Solutions

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

<Insert Picture Here> Oracle Database Vault

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

PCI Requirements Coverage Summary Table

<Insert Picture Here> Oracle Identity And Access Management

Oracle Audit Vault and Database Firewall. Morana Kobal Butković Principal Sales Consultant Oracle Hrvatska

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Managing Oracle E-Business Suite Security

An Oracle White Paper June Oracle Database 11g: Cost-Effective Solutions for Security and Compliance

PCI Requirements Coverage Summary Table

Cloud Security Who do you trust?

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking

Balancing Security Investment Against Today's Threat Environment

全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks

Making Database Security an IT Security Priority

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

CSN38:Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO

Oracle Database 11g: Security Release 2. Course Topics. Introduction to Database Security. Choosing Security Solutions

Oracle Database 11g: Security. What you will learn:

Securing ephi with Effective Database Activity Monitoring. HIMSS Webcast 4/26/2011. p. 1

Hands-on practices and available demonstrations help you Database 12c to secure your data center. Develop an under Manager Cloud Control and other too

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

McAfee Database Security. Dan Sarel, VP Database Security Products

SecureGRC TM - Cloud based SaaS

<Insert Picture Here> How to protect sensitive data, challenges & risks

Oracle Database 11g: Security Release 2

D50323GC20 Oracle Database 11g: Security Release 2

Safe Harbor Statement

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Oracle Database Security Services

2012 Data Breach Investigations Report

Governance, Risk & Compliance for Public Sector

Optimizing the Mobile Cloud Era Through Agility and Automation

Virtualization Impact on Compliance and Audit

Database Auditing: Best Practices. Rob Barnes, CISA Director of Security, Risk and Compliance Operations

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Q3FY11 Oracle OPN Specialized Security Pillar Executive Webcast

Oracle Database 11g: Security

Data-Centric Security vs. Database-Level Security

Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1

Database Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions

Securing Oracle E-Business Suite in the Cloud

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Why Standardize on Oracle Database 11g Next Generation Database Management. Thomas Kyte

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

Security Compliance and Data Governance: Dual problems, single solution CON8015

Why Add Data Masking to Your IBM DB2 Application Environment

Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules

Teradata and Protegrity High-Value Protection for High-Value Data

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Top Five Database Security and Compliance Resolutions for 2008

Cloud Data Security. Sol Cates

Cloud Security Who do you trust?

State of Oregon. State of Oregon 1

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

An Oracle White Paper April Security and Compliance with Oracle Database 12c

Cost Effective Data Management for Oracle Utilities Applications

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

PCI DSS Reporting WHITEPAPER

Privilege Gone Wild: The State of Privileged Account Management in 2015

Transcription:

Security Defense-in-Depth Latest Innovations in Oracle Security Scott Grykowski, CISSP Sales Consulting Senior Manager Oracle Corporation

Agenda Database Security The World Today Defense in Depth Solution Overview Customer Success Stories Identity Management Identity Management Trends Identity Suite Overview Securing the Extended Enterprise 2

The World Today 3

Loss of Data Continuing to Grow Worldwide Two-thirds of sensitive and regulated information resides in databases And doubling every two years! 98% of records stolen from databases Over 2 billion records compromised is just the tip of the iceberg 2012 Verizon Data Breach Investigations Report Source: IDC, 2011 and Verizon Data Breach Investigations Report, 2012

Why are Databases so Vulnerable? 97% of data breaches were avoidable with basic controls But less than 20% of IT Security programs address databases Attacks against databases exploit legitimate access Attack surface is people not servers Source: Forrester, 2012 and Verizon Data Breach Investigations Report, 2012

Core Principles Defense in Depth Least Privilege Policies, Procedures, and Awareness Physical Security Perimeter Security Internal Networks Host Security Application Level Security Database Level Security Data Protection Production, Development Identity and Access Management Any user, whether apps end user or database admin, has access only as needed to perform tasks based on job function or role Need to know/compartmentalization Including DBA/OS Admins!! Governance Governance, Risk, Compliance Security Management and Monitoring Incident Response, vulnerability and threat management, configuration and change management 6

Oracle Database Security Solutions Defense-in-Depth for Maximum Security PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring Privilege Analysis Redaction and Masking Database Firewall Sensitive Data Discovery Privileged User Controls Auditing and Reporting Configuration Management 7

Solution Overview 8

Oracle Database Security Solutions Defense-in-Depth for Maximum Security PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring Privilege Analysis Redaction and Masking Database Firewall Sensitive Data Discovery Privileged User Controls Auditing and Reporting Configuration Management 9

Encryption is the Foundation Preventive Control for Oracle Databases Oracle Advanced Security Transparent data encryption in the database (Network encryption now included with DB) Prevents access to data at rest Requires no application changes Built-in two-tier key management Near Zero overhead with hardware Integrations with Oracle technologies e.g. Exadata, Advanced Compression, ASM, Golden Gate, DataPump, etc. Applications Disk Backups Exports Off-Site Facilities 10

Redaction of Sensitive Data Displayed Preventive Control for Oracle Database 12c Oracle Advanced Security Real-time sensitive data redaction based on database session context Library of redaction policies and pointand-click policy definition Consistent enforcement, policies applied to data Transparent to applications, users, and operational activities Credit Card Numbers 4451-2172-9841-4368 5106-8395-2095-5938 7830-0032-0294-1827 Redaction Policy xxxx-xxxx-xxxx-4368 4451-2172-9841-4368 Call Center Application Billing Department 11

Masking Data for Non-Production Use Preventive Control for Oracle Databases Oracle Data Masking Replace sensitive application data Extensible template library and formats Application templates available Referential integrity detected/preserved At source masking and sub-setting* Support for masking data in non-oracle databases LAST_NAME SSN SALARY AGUILAR 203-33-3234 40,000 BENSON 323-22-2943 60,000 Production Non-Production Test Dev LAST_NAME SSN SALARY ANSKEKSL 323 23-1111 60,000 *Requires use of Oracle Test Data Management Production BKJHHEIEDK 252-34-1345 40,000 12

Privileged User Controls Preventive Control for Oracle Databases Database Vault Limit DBA access to application data Multi-factor SQL command rules Realms create protective zones Enforce enterprise data governance, least privilege, segregation of duties Out of the box application policies Applications Procurement HR Finance Security DBA select * from finance.customers DBA Application DBA 13

Label Based Access Control Preventive Control for Oracle Databases Oracle Label Security Virtual information partitioning for cloud, SaaS, hosting environments Classify users and data using labels Labels based on business drivers Automatically enforced row level access control, transparent to applications Labels can be factors in other policies Confidential Sensitive Transactions Confidential Report Data Public Reports Sensitive 14

Oracle Database Security Solutions Defense-in-Depth for Maximum Security PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring Privilege Analysis Redaction and Masking Database Firewall Sensitive Data Discovery Privileged User Controls Auditing and Reporting Configuration Management 15

Oracle Audit Vault and Database Firewall Detective/Preventative - Solution for Oracle and Non-Oracle Databases Users Applications Database Firewall Allow Log Alert Substitute Block Firewall Events SOC Alerts! Auditor Security Analyst Built-in Reports Custom Reports Policies Audit Vault Audit Data OS, Directory, File System & Custom Audit Logs 16

Oracle Database Security Solutions Defense-in-Depth for Maximum Security PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring Privilege Analysis Redaction and Masking Database Firewall Sensitive Data Discovery Privileged User Controls Auditing and Reporting Configuration Management 17

Discover Use of Privileges and Roles Administrative Control for Oracle Database 12c Oracle Database Vault Turn on privilege capture mode Report on actual privileges and roles used in the database Helps revoke unnecessary privileges Enforce least privilege and reduce risks Increase security without disruption Privilege Analysis Create Drop Modify DBA role APPADMIN role 18

Discover Sensitive Data and Databases Administrative Control for Oracle Database 12c Oracle Enterprise Manager 12c Scan Oracle for sensitive data Built-in, extensible data definitions Discover application data models Protect sensitive data appropriately: encrypt, redact, mask, audit 19

Customer Success Stories 20

Oracle Database Security Customers www.oracle.com/goto/database/security-customers SquareTwo Enables Fast Growth with Oracle Database Solutions SquareTwo enables fast growth and regulatory compliance with Oracle Database security defense-in-depth solutions including Oracle Database Firewall, Oracle Data Masking, and Oracle Advanced Security National Marrow Donor Program Database Defense-in-Depth NMDP Secures life-saving patient and donor data with Oracle Advanced Security, Oracle Database Vault, and Oracle Data Masking T-Mobile Protects 35 Million Subscribers Using Oracle T-Mobile explains how they use Oracle Database Firewall, Oracle Advanced Security, and Oracle Data Masking to secure sensitive data across the organization in both Oracle and non-oracle databases TransUnion Interactive Uses Database Firewall for Compliance Hear how TransUnion Interactive protects customer data and meets regulatory compliance with database activity monitoring using Oracle Database Firewall ETS Complies with PCI DSS Using Oracle Advanced Security Educational Testing Service secures personally identifiable information (PII) and complies with regulatory requirements with Oracle Advanced Security 21

Agenda Database Security The World Today Defense in Depth Solution Overview Customer Success Identity Management Identity Management Trends Identity Suites Overview Securing the Extended Enterprise 22

NEW TRENDS TRANSFORMING THE IDENTITY BUSINESS Mobile Access Social Identity Cloud Security Identity Provider Internet of Things 23 Oracle Confidential

ENTERPRISE ACCESS GOVERNANCE IDENTITY MANAGEMENT DIRECTORY 24 MOBILE CLOUD

New Technologies and Services Require Integrated Technologies Governance Password Reset Privileged Accounts Access Request Roles Based Provisioning Role Mining Attestation Separation of Duties Access Web Single Sign-on Federation Mobile, Social & Cloud External Authorization SOA Security Integrated ESSO Token Services Fraud Detection Privileged Account Manager Directory LDAP Storage Virtual Directory Meta Directory Platform Security Services 25

GOVERNANCE CUSTOMERS & PROSPECTS Automate and Identify Who Has Access to What COMMON REPOSITORY CONTRACTORS & PARTNERS Cloud Applications/ Services APPS APPS APPS EMPLOYEES EMPLOYEES ACCESS ENTITLEMENT CATALOG ENTERPRISE APPLICATIONs OPERATING SYSTEMS DIRECTORY SERVICES DATABASES PRIVILEGED SYSTEMS ADMINS COMPLETE GOVERNANCE 26

Oracle Access Management 11gR2 Reference Architecture Complete Simplified Innovative Scalable 28

Oracle Directory Services Highly Scalable Easy to Deploy Unify identity across directories, databases and web services in real-time Fully integrated with Oracle databases, middleware and applications Complete Meta-data and Integration Platform Directory Services Plus Unified Directory Internet Directory Virtual Directory Directory Services Enterprise Edition 30

Oracle Mobile Security Strategy Securely Separate And Manage Corporate Apps And Data On Devices Secure Container For App Security And Control Secure Controls And Management For Enterprise Apps Extend IDM Services To Avoid Redundancy And Overlaps Separate, protect and wipe corporate applications and data Strict policies to restrict users from viewing/moving data out of container Consistent support across multiple mobile platforms Secure communication with enterprise application servers Corporate app store Common users, roles, policies, access request, cert etc. SSO for native and browser apps Risk/policy based step up and strong authentication 34

Market Overview: Oracle is the Leader Identity Management is a Business Enabler Market Every Cloud, Mobile or Social Application requires Identity Management Reducing the costs and risks of identifying who has access to what is a top priority for organizations Platform approach to identity management reduced costs by 48% and errors by 35% Oracle is the market leading provider of a complete Identity Management Platform User Provisioning Identity Governance Performance Oracle has 30,000 Identity Management Customers in 45 countries 35

Oracle Recommends: Use a Proven and Cost Effective Approach DEFENSE IN DEPTH: Approach multiple overlapping controls to secure strategic assets LEAST PRIVILEGE: Practices to ensure access is based on need to know SECURE WHAT IS STRATEGIC: Move controls closer to the systems and applications they are intended to protect 36

Join the Community Twitter twitter.com/oracleidm Facebook facebook.com/oracleidm Oracle Blogs Blogs.oracle.com/OracleIDM Oracle IdM Website oracle.com/identity 37

38

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information