Wednesday Mar 27, 2013
Thursday Mar 21, 2013
By Troy Kitch on Mar 21, 2013
Q&A: Ontario Commissioner and Leading Privacy Expert Dr. Ann Cavoukian
Dr. Ann Cavoukian is both Ontario's information and privacy commissioner and one of the leading privacy experts in the world. In January, Dr. Cavoukian and Oracle released a new white paper covering the convergence of privacy and security.
Oracle Named a Leader in Gartner Magic Quadrant for Data Masking Technology
Gartner, Inc. has named Oracle as a leader in its “Magic Quadrant for Data Masking Technology,” published in December 2012.
Virgin Media Relies on Oracle Identity Management to Secure Wi-Fi Service in the London Underground
Leading up to the 2012 Olympics, Virgin Media was entrusted with a massive undertaking—to quickly and securely provide London's Underground stations with Wi-Fi service. The company turned to two Oracle Identity Management solutions—Oracle Virtual Directory and Oracle Entitlements Server—to successfully deliver.
Tuesday Mar 19, 2013
By Troy Kitch on Mar 19, 2013
Oracle OpenWorld call for speaking proposals is now open. Take the stage at one of the biggest IT conferences of the year and take part in shaping the IT discussion of today and tomorrow. Through the year, we keep hearing about how Oracle Database Security customers are looking to hear from their peers, discuss Oracle solutions, and engage with our technology experts, so if you have experience with and expertise on Oracle Database Security, do submit your speaking proposal for Oracle OpenWorld. The call for papers closes on April 12. Visit the Call for Proposals section to get general information, content policies, tips, guidelines and more.
Oracle OpenWorld 2013 will be held this year from September 22 - 26 in San Francisco, CA.
Friday Mar 15, 2013
By Troy Kitch on Mar 15, 2013
One of the many issues security professionals face is tracking down information for their particular security challenges. Oracle has a multitude of resources across our comprehensive database security defense-in-depth solutions. Quite frankly, it can be difficult to find the particular information you're looking for. So, here's an attempt to consolidate some of those key resources:
- Oracle Database Security Solutions
- Oracle Audit Vault and Database Firewall (database activity monitoring and firewall)
- Oracle Advanced Security (transparent data encryption)
- Oracle Database Vault (privileged user access controls)
- Oracle Label Security (label based access controls)
- Oracle Data Masking (masking data in non-production database environments)
- Oracle Technology Network
Customer Case Studies
Events and Training
Analyst, News, and Social
- Security Analyst Reports
- Oracle Database on Twitter @OracleDatabase
- Oracle Database on Facebook
- Oracle Database on LinkedIn
- Oracle Database on Google+
- Security Inside Out blog (hint: you're here!)
- Security Inside Out newsletter
- Data Sheets
- White Papers
- Documentation: Oracle Database 11g Security
- Documentation: Oracle Audit Vault and Database Firewall
Thursday Feb 28, 2013
By Troy Kitch on Feb 28, 2013
Thursday Feb 14, 2013
By Troy Kitch on Feb 14, 2013
According to Gartner, “Adopting data masking helps enterprises raise the level of security and privacy assurance against abuses. At the same time, data masking helps enterprises meet compliance requirements with the security and privacy standards recommended by regulating/auditing authorities.”
Gartner continued, “…we expect a relatively high speed of technology maturity for data masking. By 2016, the static data masking [SDM] market will reach the Plateau of Productivity in Gartner's Hype Cycle, with approximately 50% of the target audience adopting it.”
“With more structured and unstructured data in enterprise databases, companies need simple and consistent tools to comply with data privacy regulations and mask sensitive data during application development, testing or data analysis,” said Vipin Samar, Vice President of Database Security Product Development, Oracle. “Oracle is the world’s #1 database provider, integrating best-in-class hardware and software to deliver extreme performance and ensure robust database security for our customers.”
Oracle Data Masking Pack is a component of Oracle Enterprise Manager and part of the Oracle Database Security defense-in-depth solution. Get the Gartner Magic Quadrant for Data Masking Technology here.
(1) Gartner, Inc., “Magic Quadrant for Data Masking Technology,” by Joseph Feiman, Carsten Casper, December 20, 2012
Thursday Feb 07, 2013
By Troy Kitch on Feb 07, 2013
Oracle is exhibiting at RSA Conference 2013. The RSA Conference 2013 is a premier security conference that gives attendees a chance to learn about IT security's most important issues through first-hand interactions with peers, luminaries, and emerging and established companies.
Here’s a quick run-down of all things Oracle at this year’s RSA Conference.
Mark your Calendars:
PNG F43: Waiter, There's a Fly in My Code
Mary Ann Davidson, Chief Security Officer, Oracle and Joshua Brickman, Program Director, CA Technologies
Friday, March 1, 11:40 a.m. -12:00 p.m. in Room 131
Oracle Solution Showcase:
While at the conference, catch the latest Database Security and Identity Management product demonstrations at Oracle Booth # 1941.
Monday, Feb 25, 2013 6:00 a.m. – 8:00 p.m. (Welcome Reception)
Tuesday, Feb 26, 2013 11:00 a.m. – 6:00 p.m.
Wednesday, Feb 27, 2013 11:00 a.m. – 6:00 p.m.
Thursday, Feb 28, 2013 11:00 a.m. – 3:00 p.m.
Book Signing with Mary Ann
Davidson at Oracle Solution Showcase:
Plan to meet Mary Ann Davidson, Chief Security Officer, Oracle and receive an autographed copy of either "Outsourcing Murder" or her new book "Denial of Service", part of the Miss-Information Technology Series.
Monday, Feb 25, 2013 6:30 a.m. – 7:30 p.m.
Tuesday, Feb 26, 2013 1:00 p.m.– 2:00 p.m.
5:00 p.m. – 6:00 p.m.
Wednesday, Feb 27, 2013 1:00 a.m. – 2:00 p.m.
Oracle Security Executives:
Oracle Security product management executives and experts will be in attendance at this year’s RSA Conference. Like to schedule a meeting? Simply send us a note with your information, areas of interest and 3 preferred time slots and we will confirm.
Get free access to the exhibit floor by registering here using the code: FXE13ORAC, compliments of Oracle. To take advantage of the complimentary code, you’d need to register by February 22.We look forward to seeing you at RSA Conference 2013.
Wednesday Feb 06, 2013
By Troy Kitch on Feb 06, 2013
Please join Oracle and (ISC)2 as we discuss the importance of detective, preventive, and administrative security controls for a comprehensive database security defense-in-depth strategy.
According to leading industry reports, 98% of breached data originates from database servers and nearly half are compromised in less than a minute! Almost all victims are not aware of a breach until a third party notifies them and nearly all breaches could have been avoided through the use of basic controls. Join (ISC)2 and Oracle on January 31, 2013 for Part 1 of our next Security Briefings series that will focus on database security and the detective, preventive, and administrative controls that can be put in place to mitigate the risk to your databases. There's no turning back the clock on stolen data, but you can put in place controls to ensure your organization won't be the next headline.
The collaboration and sharing of information made possible by social media has enabled a new class of social engineering attacks, greatly increasing the risks posed by insiders for most organizations. Consider that LinkedIn searches for "Database Administrator" and "System Administrator" return over one million potential targets. In fact, stolen credentials were involved in 84% of the attacks that have resulted in over one billion records stolen from database servers. Join (ISC)2 and Oracle on February 21, 2013 for Part 2 of our Security Briefings series as we focus on database security and the preventive controls that can be used to mitigate the risks posed by insiders and attackers exploiting legitimate access to data and database infrastructure by adopting a defense-in-depth strategy.
Wednesday Jan 23, 2013
By Troy Kitch on Jan 23, 2013
SquareTwo Financial, a leader in the $100 billion asset recovery and management industry, enables fast growth and regulatory compliance with Oracle Database Security defense-in-depth solutions. Hear J-T Gaietto, manager of information security, discuss how they use Oracle Database Firewall, Oracle Data Masking, and Oracle Advanced Security to enable fast growth and comply with regulatory mandates.
- Comply with a number of regulations: GLBA, HIPAA HITECH, SOX, and PCI DSS
- Prove separation of duties for Sarbanes-Oxley Act compliance
- Quickly scale IT security to address fast 37% company growth
- Minimal disruption to 5.9 million accounts while maintaining growth
- Secure heterogeneous database environment, with no application changes
- Address compliance with database firewall, transparent data encryption,
data masking for a comprehensive database security defense-in-depth strategy
- Database activity monitoring to protect against insider and external threats,
including SQL injection attacks
- Secure Oracle Exadata and Microsoft SQL Server database activity, with
no application changes
Listen to the podcast for more details.
Thursday Dec 20, 2012
By Troy Kitch on Dec 20, 2012
- Oracle rolls out new database security package
- Oracle merges products for new enterprise traffic monitoring platform
- Oracle Merges Oracle Audit Vault and Oracle Database Firewall in One New Product
- Oracle Unveils Oracle Audit Vault And Database Firewall - Quick Facts
- Oracle Melds Audit, Database Firewall Security
...and some quotable quotes:
"Oracle is simplifying its security offerings by combining a pair of existing tools into a single package. The offering, Oracle Audit Vault and Database Firewall, provides both network traffic sniffing for security threats and audit data analysis.” – IDG News Service
“Oracle is merging a couple of its existing security products together to make one big solution to tackle Oracle and non-Oracle database traffic.” – ZDNet Between the Lines blog
“The consolidated, centralized repository enables all audit and event logs to be analyzed in real-time against pre-defined policies; offers visibility into stored procedure execution, recursive SQL and operational activities; comes with dozens of built-in reports to meet compliance requirements; and provides a range of alerts, including multi-event alerts and alert thresholds.” – Database Trends and Applications
Wednesday Dec 12, 2012
By Troy Kitch on Dec 12, 2012
Today, Oracle announced the new Oracle Audit Vault and Database Firewall product, which unifies database activity monitoring and audit data analysis in one solution.
This new product expands protection beyond Oracle and third party databases with support for auditing the operating system, directories and custom sources. Here are some of the key features of Oracle Audit Vault and Database Firewall:
Single Administrator Console
Out-of-the-Box Compliance Reporting
Report with Data from Multiple Source Types
Audit Stored Procedure Calls - Not Visible on the Network
Extensive Audit Details
Blocking SQL Injection Attacks
Powerful Alerting Filter Conditions
Thursday Dec 06, 2012
By Troy Kitch on Dec 06, 2012
Columbia University, the oldest institution of higher learning in New York, protects sensitive data in Oracle's PeopleSoft Financials using Oracle Advanced Security with transparent data encryption. Hear, Nick Caragiulo, manager of database administration, discuss how Columbia helps address internal and regulatory requirements for encryption of data at rest and in motion.
Wednesday Nov 28, 2012
By Troy Kitch on Nov 28, 2012
Join us, December 12 at 10am PT/1pm ET, to hear about a new Oracle product that monitors Oracle and non-Oracle database traffic, detects unauthorized activity including SQL injection attacks, and blocks internal and external threats from reaching the database. In addition, this new product collects and consolidates audit data from databases, operating systems, directories, and any custom template-defined source into a centralized, secure warehouse.
This new enterprise security monitoring and auditing platform allows organizations to quickly detect and respond to threats with powerful real-time policy analysis, alerting and reporting capabilities. Based on proven SQL grammar analysis that ensures accuracy, performance, and scalability, organizations can deploy with confidence in any mode.
You will also hear how organizations such as TransUnion Interactive and SquareTwo Financial rely on Oracle today to monitor and secure their Oracle and non-Oracle database environments.
Wednesday Nov 21, 2012
By Troy Kitch on Nov 21, 2012
The new survey from the Independent Oracle Users Group (IOUG) titled "Closing the Security Gap: 2012 IOUG Enterprise Data Security Survey," uncovers some interesting trends in IT security among IOUG members and offers recommendations for securing data stored in enterprise databases.
"Despite growing threats and enterprise data security risks, organizations that implement appropriate detective, preventive, and administrative safeguards are seeing significant results," finds the report's author, Joseph McKendrick, analyst, Unisphere Research.
Produced by Unisphere Research and underwritten by Oracle, the report is based on responses from 350 IOUG members representing a variety of job roles, organization sizes, and industry verticals.
Key findings include
- Corporate budgets increase, but trailing. Though corporate data security budgets are increasing this year, they still have room to grow to reach the previous year’s spending. Additionally, more than half of respondents say their organizations still do not have, or are unaware of, data security plans to help address contingencies as they arise.
- Danger of unauthorized access. Less than a third of respondents encrypt data that is either stored or in motion, and at the same time, more than three-fifths say they send actual copies of enterprise production data to other sites inside and outside the enterprise.
- Privileged user misuse. Only about a third of respondents say they are able to prevent privileged users from abusing data, and most do not have, or are not aware of, ways to prevent access to sensitive data using spreadsheets or other ad hoc tools.
- Lack of consistent auditing. A majority of respondents actively collect native database audits, but there has not been an appreciable increase in the implementation of automated tools for comprehensive auditing and reporting across databases in the enterprise.
The report's author finds that securing data requires not just the ability to monitor and detect suspicious activity, but also to prevent the activity in the first place. To achieve this comprehensive approach, the report recommends the following.
- Apply an enterprise-wide security strategy. Database security requires multiple layers of defense that include a combination of preventive, detective, and administrative data security controls.
- Get business buy-in and support. Data security only works if it is backed through executive support. The business needs to help determine what protection levels should be attached to data stored in enterprise databases.
- Provide training and education. Often, business users are not familiar with the risks associated with data security. Beyond IT solutions, what is needed is a well-engaged and knowledgeable organization to help make security a reality.
Wednesday Nov 07, 2012
By Troy Kitch on Nov 07, 2012
According to the recent Verizon Data Breach Investigations Report, 98% of breached data originates from database servers and nearly half are compromised in less than a minute! Almost all victims are not even aware of a breach until a third party notifies them and nearly all breaches could have been avoided through the use of basic controls.
Join us for this November 28th webcast to learn more about the evolving threats to databases that have resulted in over 1 billion stolen records. Also, hear how organizations can mitigate risks by adopting a defense-in-depth strategy that focuses on basic controls to secure data at the source - the database.
There's no turning back the clock on stolen data, but you can put in place controls to ensure your organization won't be the next headline.
Note, this webcast will be recorded for on-demand access after November 28th.
Who are we?
Follow us on
- Vote for Oracle Audit Vault and Database Firewall in Database Trends and Applications Reader's Choice Awards
- Protecting the Electric Grid in a Dangerous World
- Forrester Report: Total Economic Impact of Oracle Data Masking
- Countering Adversaries Webcast Series
- Oracle Open World 2014 Call for Proposals (Papers)
- Part 4: Controlling Data Access and Restricting Privileged Data in Oracle Database
- February Edition of Security Inside Out Newsletter, Now Available
- Bitcoin Exchange Files Bankruptcy in Wake of Cyber Attack
- Part 3: Controlling Data Access and Restricting Privileged Data in Oracle Database
- Part 2: Controlling Data Access and Restricting Privileged Data in Oracle Database