Friday Oct 01, 2010

Security: Zeus brought down by Operation Trident Beach

I am finally caught up after a great week last week at Oracle Open World.  And it was just in time to read about this great bit of international crime fighting bringing an end to an international cyber-crime ring using the Zeus Trojan to steal allegedly $70M.  Details are still coming out but according to this article by The Register the crime ring was able to deploy Zeus and key-log individuals bank accounts and then use "money mules" to access the accounts and make withdrawls illegally.  One thing is for sure you have to admire the naming capabilities of the team which came up with "Operation Trident Beach" which shows marketing doesn't have a monopoly on naming talent.  Here is a quick paragraph taken from The Register article (full text here): 

Trident Beach began in May 2009, when FBI agents in Omaha, Nebraska learned of automated clearing house batch payments to 46 separate bank accounts throughout the US. Agents eventually brought in counterparts from the other involved countries. The payments are a hallmark of Zeus scams, in which hackers break into victim bank accounts and then clean them out using the bank's ACH transfer system.

The thieves targeted small- to medium-sized companies, municipalities, churches, and individuals.

 I was talking with Mark Karlstrand, the Product Manager for Oracle Adaptive Access Manager, and he mentioned that the product has two critical features that would have prevented this from happening.  According to Mark:  "The KeyPad virtual authentication device could have prevented the password theft via key-logger. The use of the passwords from Eastern Europe and other behavior anomalies could have been detected by OAAM real-time risk analytics."  As more details come out about the cyber-crime ring and Zeus we will bring you details. 

Thursday Sep 23, 2010

Day 4: IDM at Oracle Open World

Hope you enjoyed the Black Eyed Peas last night.  We have an action packed IDM session on Thursday to finish up the show.  Here is a quick run down of the sessions.  Etienne and I will be introducing Verizon as we talk about how Replication and Fractional Replication are critical features in a high performance Directory Server deployment.


· Follow us on Twitter @OracleIDM. Use hash tags #oow10idm

 Time  Title  Location
9:00 am – 10:00 am
Middleware s317487 End-t-End Secure Identity Propagation Moscone South Rm 310

 Middleware, Applications s316524 Oracle Idenity Management for
Oracle JD Edwards EntrpriseOne

Moscone South Rm 309
10:30 am – 11:30 am Middleware s316991 Database User Management wit Oracle Directry
Services and Actve Directry
Moscone South Rm 310

Middleware s316837 Deploy a Highly Performant Entitlements Solution
wit Oracle Entitlements Server
Moscone South Rm 309

Middleware s317270 Service-Oriented Security: Simplifing Identity
Management for Applications
Moscone West L3, Rm
3018
12:00 pm – 1:00 pm
Middleware s316829 Demystfing IdM: A Custmer’s Guide to a
Practical IdM Deployment Strategy
Moscone South, Rm 309
1:30 pm – 2:30 pm
Middleware S315086 Replication Best Approaches on Directory Server -
Fractional Replication
Moscone South Rm 309

Middleware S316829 Demystifing IdM: A Customer’s Guide t a
Practical IdM Deployment Stategy

3:00pm – 4:00pm
Middleware s314871 Oracle Identity Manager and Oracle BPEL Tools
for Digital Identity Management

3:00pm – 4:00pm
Middleware s314871 Oracle Identity Manager and Oracle BPEL Tools
for Digital Identity Management
Moscone Sout Rm 309
3:30 pm – 4:30 pm Middleware/Oracle Develop S317543 Service Orientd Security 101 Hotel Nikko Mendocino I / II






Tuesday Sep 21, 2010

Day 2: IDM at Oracle Open World

Oracle Open World is off to a great start with plenty of good content and demo's for the business owner or technical implementation team.  Yesterday I saw two great demos from the OAM team.  Mark Karlstrand, pictured to the right was giving a demo on OTP Anywhere to Bob Blakeley.  It was impressive as he used his cell phone to provide a stronger authentication method for a bank transfer -demo not real but you get the point.    

There are a couple of ways to follow what is going on during the show.  

You can follow us on Twitter by using the hash tags #oow10 #idm or follow us directly @OracleIDM.  

We also are uploading pictures and video's from the day at our Facebook page at Facebook/OracleIDM here.

Here are the sessions for Tuesday, Sept. 21 at Oracle Open World

 Time  Title  Location
 12:30 pm – 1:30 pm  Middleware s317146 Securing Web Services: Solutions, Best Practices, Moscone South Rm 309
2:00 pm – 3:00 pm
Middleware s317467 Simplify Identity Management and Support Future Growth with Directory Services
Moscone South Rm 309
3:30 pm – 4:30 pm
Middleware s317064 Oracle Identity Management Administration Best Practices
Moscone South Rm 309
3:30 pm – 4:30 pm
Middleware s317240 Oracle’s Identity Management Strategy (for Sun, Oracle and New Customers Alike)
Moscone South Rm 310
5:00 pm – 6:00 pm
Middleware s317484 Case Study: How Cisco Achieved Large-Scale, Highly Available Access Management
Moscone South Rm 310
5:00 pm – 6:00 pm
Middleware s317244 Enforcing Segregation-of-Duties Controls with Identity Management
Moscone South Rm 309



                    Growth with Directory Services
3:30 pm – 4:30 pm Middleware s317064 Oracle Identity Management Administration Best Moscone South Rm 309
                    Practices
Middleware s317240 Oracle’s Identity Management Strategy (for Sun, Moscone South Rm 310
  Oracle and New Customers Alike)
Middleware s317484 Case Study: How Cisco Achieved Large-Scale, Highly Moscone South, Rm 310
Available Access Management
Middleware s317244 Enforcing Segregation-of-Duties Controls with Identity Moscone South Rm 309
Management

Thursday Aug 26, 2010

Free Webinar Today: Simplify Access Management with F5 & Oracle

On Thursday, August 26.  We are hosting a webcast that will take you through the solution and talk about why we believe this will simplify Access Management.  Please join us as F5 and Oracle product experts explain this simple solution.

Title: Live Webcast: Streamline Access Management with F5 & Oracle

When:  Thursday, August 26, 2010, 10:00 a.m. PT or 1:00 p.m. ET

Where: Register for this live webcast here: Streamline Access Management with F5 & Oracle

Tuesday Aug 17, 2010

Free Webinar Aug. 18: Quick-Start Compliance with Identity Analytics

Identity compliance projects don't have to be hard!  The key to any successful project in IT is delivering value to the business quickly!  It is critical to then leverage those early wins into larger wins for the organization.  When I used to coach I likened this to walking up a staircase.  McKinsey used the analogy to describe the approach successful companies took to manage successful growth. (take a look here)  

Oracle Identity Analytics provides a set of tools that can help organizations take the first step up that staircase to Compliance quickly.  The approach allows organizations to show value quickly and then build upon those early wins to build better security into the organization.  This webcast tomorrow will give insight into how organizations can build in proper segregation of duties, 360 degree review's and proper attestation of roles.  One customer of the product used to print out a conference room of paper and had his compliance auditors and business managers review the roles and access rights to meet compliance.  Imagine if you had the tools to ensure you could make this process easier.  Register today and find out how.

Register Today Here:

Customer Stories: Tackling Compliance Challenges with Oracle Identity Analytics

Date: Wednesday, August 18, 2010
Time: 10:00 am PT / 1:00 pm ET

Featured Speakers:

Naynesh Patel,
Partner,
Simeio Solutions

Neil Gandhi,
Principal Product Manager,
Oracle Identity Analytics,
Oracle Corporation

Wednesday Aug 11, 2010

New Release: Oracle Directory Server Enterprise Edition Strategic

Strategic New Release of Oracle Directory Services Directory Server Enterprise Edition 11gR1

I would like to pass on some good news from the Oracle Directory Services Blog here:  The following is a reprint of their recent good news concerning Oracle Directory Server Enterprise Edition: (Download Instructions from Brad Diggs aka The Zone Manager here)


Oracle released a new version of Oracle Directory Server Enterprise Edition 7.0, ODSEE 11g Release 1 recently.  The strategic commitment to Sun's Directory Server Enterprise Edition is important for customers who wish to grow the foundation of their identity infrastructure faster and easier. The new release offers improvement in performance over previous releases allowing companies to accelerate their applications while reducing their total cost of ownership. With this new release, companies can also reduce cost by improving serviceability with faster import times and smooth, in-place upgrade that reuses your existing data store. This complete solution provides a directory server, proxy server (for high availability and distribution of data and load), web console and synchronization with Active Directory, all under one product (ODSEE) and licensed as part of Oracle Directory Services Plus.

ODSEE 11gR1 is a rebranded release of Sun Directory Server Enterprise Edition 7.0 and is equivalent to a patch release. It does not include new functionality but provides additional stability and security with the inclusion of many fixes that where previously released as patches and hot fixes.

This release also aligns the list of supported platforms with most other Oracle Fusion Middleware products. For details of the changes to supported platforms, see Platform Support, System Virtualization Support, and Operating System Requirements.

As part of the integration with other Oracle Fusion Middleware components:

This updated release improves the overall quality and robustness of deployments. Among other features and capabilities , by upgrading from DSEE 5.2 or 6.x you might benefit from:

    • Up to 300% performance improvement

    • In place upgrade from DSEE 6 and 7 (no need to export/import existing data)

    • Reduced disk space and memory footprint

    • Optional data compression

    • Instant restore capabilities

    • Advanced tuning capabilities

    • Improved control over traffic going through Directory Proxy Server

    • New distribution algorithm with Directory Proxy Server

    • Updated list of supported Operating Systems, IP v6 supported on all platforms

    • Directory Service Control Center supported on broader list of application servers

    • For more information please visit:

Tuesday Jul 13, 2010

Register Today for Free Webinar: A Giant Leap In Identity Management

The Identity Management market is evolving and it is an exciting place to be involved in shaping that evolution.  For some that evolution is an opportunity for others it is a headache.  At Oracle we see this as a great opportunity. 

When I started in the Identity Management field it is wasn't even called identity management it was about solving high availability problems for customer and partner extranets before personalization and portal solutions existed.  LDAP was a great solution for these problems and Netscape and then Sun Directory Server were the industry best solutions.  They still are today.  However, in this space alone there has been considerable evolution.   Virtual directories, directory proxies, Active Directory Synchronization are all essential components of best of breed directory server product's.  Oracle Directory Services Plus is a good example.  

The fuel behind this tremendous evolution is the business environment in which these solutions exist. There is no magic in figuring out these key business trends.  Organizations face increased threats from global security risks internally and externally. 

You had to bury your head in the sand to not notice the fact that these threats have landed some of the greatest IT organizations and governments in prime-time analysis on CNN or on the front page of the major news portals.   The global economic slowdown has caused business to seek better value from the products they have already purchased.  Increased government scrutiny and regulation has fueled compliance projects and organizations to ensure business and IT audits can be signed off by the CTO and CFO of major organizations.  And, the CTO and CFO don't want surprises so they have funded projects and purchased solutions to ensure they stay in compliance ---No Surprises!

At Oracle, meeting these challenging problems with innovation is the name of the game.  At the same time, we strive to provide the most complete solutions based on standards for our customers.  This is why we are excited about our event next week.  At this webinar we are taking a "Giant Leap Forward In Identity Management".  Amit Jasuja, Vice President of Identity Management and Security at Oracle, will be sharing the latest news from Oracle on why we believe we are uniquely positioned to solve these business problems for the best organizations on the planet.  Register Today for this exciting event.

Webinar Registration
Wednesday, July 21, 2010
10:00am PDT, 1:00 EDT, 7:00pm CET
Register here

Thursday Jun 10, 2010

Register Today For Free Webinar: Identity Analytics ROI

Is your Identity Compliance project a GIANT Headache?  If so, then we have the little blue pill for your  compliance headache.  The reason why many organizations experience pain in the compliance programs they run is because of the lack of automated tools, impact to productivity and lack of ongoing actionable information.  I have seen this first hand.   Organizations usually rely upon project managers and excel spreadsheets collect information from business units and project teams.  This then leads to massive efforts to fill in information and send them back to the central team for documentation and reporting to the auditors.  Ultimately, this information is old before it is collated into the binders and the report is issued.  However, the real result is usually a GIANT HEADACHE for everyone involved.

As Identity theft outpaces any other theft and security challenges for organizations, the problem needs a more efficient solution with better processes and better tools.  Business leaders will believe in investment when they can see better utilization of key resources, better on-going information, proven segregation of duties, and ultimately better security. 

Niel Gandhi, has the "Advil" for your compliance headache with Oracle Identity Analytics.  Register here for the FREE webinar on the ROI of using Identity Analytics.  He is has years of experience solving these problems for organizations around the world.  Additionally, he has extensive experience as Principal Product Manager, Identity Analytics.  Here are a couple of the topics that he will cover in the event:

  • Automate critical identity-based controls such as attestation and segregation of duties
  • Analyze, mine, and correlate user roles for compliant and efficient user access
  • Build comprehensive reports for audit, compliance, and business purposes
  • Utilize business-friendly compliance dashboards and metrics
  • Give a 360-degree view of user’s access and achieve rapid compliance

However, the ultimate goal of his presentation is to make sure you have concrete ways to help you solve your Compliance Headache without breaking the bank.  Hope to see you there!

Live Webcast: Maximize Compliance ROI With Oracle Identity Analytics
Register Here

Date: Thursday, June 24, 2010
Time: 10:00 am PT / 1:00 pm ET


Tuesday May 25, 2010

Register Today For Webinar! Directory Services Improve Time-to-Market and Reduce Cost

"What is old is new again!"  The recent Burton Identity Management Market Profile 2010 which gives a good overview of the current state of the identity management market place also points to the resurgence of activity in directory services as a critical foundation of the identity management foundation.  This is driven by internal and external forces.  Some of these I will cover in our webinar this Thursday, May 27 at 10:00am PT (GMT -8:00).  Register here

Live Webcast: Improve Time-to-Market and Reduce Cost with Oracle Directory Services
Event Date: Thursday, May 27, 2010
Event Time: 10:00 AM Pacific Standard Time / 1:00 Eastern Standard Time

It is my view that a number of the internal forces driving the resurgence in directory services is driven at it's core by companies trying to maximize their IT investment (Doing more with less).  One of the ways companies have worked hard to do more with less is to create a central directory.  There are companies that have achieved success building central LDAP services allowing them control, increased security and reduced cost.   Additionally, this is also driven by organizations as they consolidate assets, move to virtual infrastructures, or reduce footprint to save power and become more "Green" in their business operations.   However, despite the success of some enterprises to create these foundations, the reality is that creating one central directory is very difficult.  This is not because of technical capabilities of directories but more because of business realities.  This is why virtual directories are critical to modern day identity architectures. The power of the virtual directory is also being proven by companies that are pursuing projects that involve federation. 

This is why having a comprehensive set of directory tool's is essential to organizations that want their identity management strategy built upon a sound foundation.  Oracle is uniquely positioned to do this as we are the only company to offer a complete set of directory tools.  We are the only company to offer all of the following in one license:

  • Directory Server 
  • Virtual Directory
  • Directory Integration (Active Directory Synch)
  • Management console
As companies want to reduce the cost of integrating different technologies, managing multiple vendors and hidden costs like training can come to one vendor.

Thursday Apr 29, 2010

Register Today for this Webinar! Improve Time-to-Market and Reduce Cost with Oracle Directory Services

In some studies, enterprises are spending up to 60% of their IT budgets on operational costs thus impacting the available budget to spend on innovation. The challenge we all face in the identity and IT departments is how to get the most out of our existing licenses and reduce cost where possible in delivering IT projects. One of the costly areas of projects is getting at identity data when it lives in legacy applications. This is especially true when you look at Federation projects, mergers and acquisitions or in data center consolidation projects.

If you are running a Federation project and have to access identity data in legacy or disparate data sources and feel like you are herding cats then this webcast is for you! Virtual directories provide a critical tool for Federation projects as they allow you to expose identity attributes without changing code in legacy applications. Additionally, you have control over how the data is accessed allowing you to manage sensitive service level agreements which can cause difficult political battles in organizations when discussing access.

If you have worked on a data center consolidation project either driven by a merger, acquisition or as part of a cost control exercise you need to have a full bag of tools.  The tools you bring to the project provide the critical agility needed to meet time-lines but also to minimize impact on business operations.  Virtual Directories allow you the ability to connect to data sources without having to alter the application code.  This reduces resource requirements, increases speed but most importantly maximizes business continuity.   

Register here for this webinar and we will look at ways virtual directories can help you become an identity hero in your organization.

Tuesday Apr 27, 2010

Iron Man, Identity Security and the Cloud

If you are a security expert and you have not been to the new Oracle Iron Man 2 website you have to take a look at the cool demo site listed under "Stark Expo".  The intro has a great security questionnaire on Security in the cloud in an cutting edge interface.  If you read yesterday's blog, and went to the Iron-Clad Cloud: Secure Cloud Computing article in the new Security Newsletter, you were able to get an insight into way's Oracle can help secure the cloud.  You will also do well on the questionnaire at "Stark Expo".

 Go Check it out!

In Iron Man 2, Oracle is a proud sponsor of Stark Expo, a world-class tradeshow that depends on a cloud computing architecture to ensure that all systems are free from overload. And that’s where you come in: by becoming a Master Cloud Operative, you’ll help keep Stark Expo up and running. Complete your training, test your troubleshooting skills, and get certified in the Oracle Pavilion.

Monday Apr 26, 2010

Iron-Clad Cloud: Secure Cloud Computing

As organizations continue to leverage the cloud for essential business applications and services the provisioning and security of identity data becomes an essential compliance requirement.  Oracle's new Security Newsletter  has an article that provides information on critical approaches to security in the cloud.

One solution to the security problem with cloud services can be overcome using Service Oriented Security.  The Oracle approach to using Service Oriented Security allows developers to pull from a centralized, authoritative source of identity services.  This allows developers to build security into every application from the inside-out.   This is critical to ensuring this is done in a standardized manner and most importantly it allows developers to develop without being security experts.

The "Iron-Clad Cloud:  Secure Cloud Computing" article in this quarter's Security Newsletter is a great place to start when looking for information on how to use these tools to improve the security for your organizations cloud services.  You will also find articles on database security and other bloggers who are sharing data about the security industry and Oracle's thought-leadership.

Friday Apr 23, 2010

New Oracle Security Newsletter

Oracle Identity and Database Security Teams have created a new Security Newsletter. The Newsletter launches this week and will be distributed to customer's who have signed up for the Newsletter via Oracle.com.

In each edition, you'll find news, blog posts, events, webcasts, and much more covering Oracle's Security Solutions. Whether your focus is on identity management or database security, each issue will be filled with the information you need to secure your database, middleware, and applications, and meet IT compliance requirements.

In this inaugural version of the newsletter you will find content on:

You can see the entire newsletter here

Register for future versions of the newsletter by following the directions here.  You can also see samples of all the different newsletter content that is available to stay current and aware of the latest leading news from Oracle.

Wednesday Mar 03, 2010

Register Today! Webinar on Smart Strategies for Securing Extranet Access

Are you pursuing changes to your Directory Services or Access Management infrastructure this year?  If so, there are two resources that you want to be aware of to help understand the opportunity and impact on your organization.  Eric Leach, will be presenting a webinar next week as part of the SANS Institute's Webinar series on Security.  You can register for the webinar here.

Title:  Smart Strategies for Securing Extranet Access
When:  Tuesday, March 09 at 1:00 PM EST (1800 UTC/GMT)
Presenter: Eric Leach & Dave Shackleford
Register here

 

 Additionally, there was a new training course that was launched for resources interested in building a solid foundation for managing Directory Services.  The course also offers an insight into the essential building blocks of access management.  Additionally, it covers the use of virtual directories which is a crucial component of an enterprise identity architecture.  The virtual directory can help consolidate legacy directories when companies want to reduce cost.  Additionally, when time is critical for federation projects or mergers and acquisitions a virtual directory can help connect necessary identity attributes without changing code. 

This foundational course on Directory Services can be found here.  The course covers the following topics:

  • Discuss the importance, features, benefits, and functional aspects of identity management and Oracle Identity Management products
  • Describe concepts associated with directories and the Lightweight Directory Access Protocol (LDAP)
  • Compare Oracle Internet Directory 11.1.1.1.0 and Oracle Virtual Directory 11.1.1.1.0: two Oracle Identity Management products

The course can be accessed here.

About

Sharing 12 years of technology experience as developer, product and program manager, and marketing director. Identity Management, Security, and Product Management issues occupy my mind during the working day. Water Polo keeps me healthy.

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today