Tuesday Apr 02, 2013

Oracle Database Security Solutions Help Secure Ellucian Banner Data

Oracle customers Cornell University, Philadelphia College of Osteopathic Medicine, and Columbia University are just some of the higher education institutions using Oracle Database Security solutions to protect their sensitive financial, faculty, and student data. To help these types of organizations more, Ellucian recently announced Ellucian’s Banner Data Defense that combines Oracle Advanced Security, with transparent data encryption software, and the recently-announced Oracle Audit Vault and Database Firewall product, to help ensure data privacy, protect against threats, and maintain regulatory compliance. The package is enhanced by Banner-specific database scripts, documentation and reports, installation and configuration scripts, and best-practice implementation advice from Ellucian’s services team.

Learn more.

Wednesday Mar 27, 2013

Securing Enterprise Data in Private Clouds

Since two thirds of sensitive data in most organizations resides in databases, consolidation onto private clouds represent an opportunity to improve information security and compliance. Consolidation enables organizations to replace insecure data silos, and reduce the cost and scope of data security initiatives. Oracle helps organizations control and monitor access, secure sensitive data, and address regulatory compliance in private database clouds using Oracle Database Security solutions

Let’s examine this more closely, according to NIST, clouds are shared pools of standardized computing resources. Traditional database silos can be consolidated into a database cloud, which eliminates data silo complexity. With clouds we gain the standard efficiency of cloud computing and consistent protection of data. We now know where the data is and we can manage it all within a database cloud. The ideal cloud building block is with Oracle Exadata Database Machine: a pre-integrated, highly-optimized database cloud platform. Organizations are building clouds with Oracle Exadata very efficiently and with much less infrastructure. 

But now we have to secure our database clouds: all our sensitive data is there. By securing our database cloud we have efficient and consistent protection for all our data. Ultimately, a database cloud will enable better security at lower cost and complexity for the organization because we’re centralizing security in one place, we’re standardizing, we get rid of all of the point solutions for more efficient management.

Finally, if we examine traditional security concerns as a cloud inhibitor, it’s clearly not enough to halt cloud deployments. According to industry data, 67% of large enterprises are using cloud computing infrastructure as a service platform model to support their production environments. These are crucial production environments that are moving to the cloud. So, organizations are moving to the cloud, you are likely doing it as well, but are you secure? 

Thursday Mar 21, 2013

Security Inside Out Newsletter Available - Subscribe Now!

The latest edition of Security Inside Out newsletter is now available. If you don't get this bi-monthly security newsletter in your inbox, then please subscribe. The latest news includes:

Q&A: Ontario Commissioner and Leading Privacy Expert Dr. Ann Cavoukian

Dr. Ann Cavoukian is both Ontario's information and privacy commissioner and one of the leading privacy experts in the world. In January, Dr. Cavoukian and Oracle released a new white paper covering the convergence of privacy and security. 

Read More

Oracle Named a Leader in Gartner Magic Quadrant for Data Masking Technology

Gartner, Inc. has named Oracle as a leader in its “Magic Quadrant for Data Masking Technology,” published in December 2012.

Read More

Virgin Media Relies on Oracle Identity Management to Secure Wi-Fi Service in the London Underground

Leading up to the 2012 Olympics, Virgin Media was entrusted with a massive undertaking—to quickly and securely provide London's Underground stations with Wi-Fi service. The company turned to two Oracle Identity Management solutions—Oracle Virtual Directory and Oracle Entitlements Server—to successfully deliver.

Read More

Tuesday Mar 19, 2013

Oracle OpenWorld Call for Papers

Oracle OpenWorld call for speaking proposals is now open. Take the stage at one of the biggest IT conferences of the year and take part in shaping the IT discussion of today and tomorrow. Through the year, we keep hearing about how Oracle Database Security customers are looking to hear from their peers, discuss Oracle solutions, and engage with our technology experts, so if you have experience with and expertise on Oracle Database Security, do submit your speaking proposal for Oracle OpenWorld. The call for papers closes on April 12. Visit the Call for Proposals section to get general information, content policies, tips, guidelines and more.

Oracle OpenWorld 2013 will be held this year from September 22 - 26 in San Francisco, CA.

Friday Mar 15, 2013

Finding Oracle Database Security Information

One of the many issues security professionals face is tracking down information for their particular security challenges. Oracle has a multitude of resources across our comprehensive database security defense-in-depth solutions. Quite frankly, it can be difficult to find the particular information you're looking for. So, here's an attempt to consolidate some of those key resources: 

Product Information 

 Customer Case Studies

Events and Training

Analyst, News, and Social

Collateral


Thursday Feb 28, 2013

Extending Data Governance Beyond the Database

Traditionally, enterprise data governance started within your database management system by establishing the appropriate access control and auditing policies to prevent unauthorized access and demonstrate those controls. Now a new generation of database security solutions allow organizations to extend database security policies beyond the database management system and across the enterprise.

By monitoring traffic to all their enterprise databases, organizations can now detect unauthorized activity before it reaches the database, and can take appropriate measures to block that activity. In addition, these solutions can consolidate database logs and analyze them in real-time to generate alerts as well as provide a secure centralized repository for audit data for regulatory purposes.

Conceptually similar to network intrusion detection and prevention systems (IDS/IPS) or security information and event management (SIEM) that are part of every organization’s network, KuppingerCole believes adoption of this new technology will become just as widespread at the database layer and will help strengthen existing controls within database management systems.

Join the discussion, March 21, 7 a.m. PST/11 a.m. EST, and learn about the new Oracle Audit Vault and Database Firewall solution. You will also hear about the organizations that have already adopted this solution as part of a database security defense-in-depth strategy.

Thursday Feb 14, 2013

Gartner Positions Oracle in Leaders Quadrant for Data Masking

Gartner, Inc. has named Oracle as a Leader in its first “Magic Quadrant for Data Masking Technology(1). Gartner’s Magic Quadrant reports position vendors within a particular quadrant based on their completeness of vision and ability to execute.

According to Gartner, “Adopting data masking helps enterprises raise the level of security and privacy assurance against abuses. At the same time, data masking helps enterprises meet compliance requirements with the security and privacy standards recommended by regulating/auditing authorities.”

Gartner continued, “…we expect a relatively high speed of technology maturity for data masking. By 2016, the static data masking [SDM] market will reach the Plateau of Productivity in Gartner's Hype Cycle, with approximately 50% of the target audience adopting it.”

“With more structured and unstructured data in enterprise databases, companies need simple and consistent tools to comply with data privacy regulations and mask sensitive data during application development, testing or data analysis,” said Vipin Samar, Vice President of Database Security Product Development, Oracle. “Oracle is the world’s #1 database provider, integrating best-in-class hardware and software to deliver extreme performance and ensure robust database security for our customers.”

Oracle Data Masking Pack is a component of Oracle Enterprise Manager and part of the Oracle Database Security defense-in-depth solution. Get the Gartner Magic Quadrant for Data Masking Technology here.

(1) Gartner, Inc., “Magic Quadrant for Data Masking Technology,” by Joseph Feiman, Carsten Casper, December 20, 2012

Thursday Feb 07, 2013

Join Oracle at RSA Conference 2013

Oracle is exhibiting at RSA Conference 2013. The RSA Conference 2013 is a premier security conference that gives attendees a chance to learn about IT security's most important issues through first-hand interactions with peers, luminaries, and emerging and established companies.

Here’s a quick run-down of all things Oracle at this year’s RSA Conference.

Mark your Calendars:

Conference Session:
PNG F43: Waiter, There's a Fly in My Code

Mary Ann Davidson, Chief Security Officer, Oracle and Joshua Brickman, Program Director, CA Technologies
Friday, March 1, 11:40 a.m. -12:00 p.m. in Room 131

Oracle Solution Showcase:
While at the conference, catch the latest Database Security and Identity Management product demonstrations at Oracle Booth # 1941.

Exhibit Hours:
Monday, Feb 25, 2013 6:00 a.m. – 8:00 p.m. (Welcome Reception)
Tuesday, Feb 26, 2013 11:00 a.m. – 6:00 p.m.
Wednesday, Feb 27, 2013 11:00 a.m. – 6:00 p.m.
Thursday, Feb 28, 2013 11:00 a.m. – 3:00 p.m.

Book Signing with Mary Ann Davidson at Oracle Solution Showcase:
Plan to meet Mary Ann Davidson, Chief Security Officer, Oracle and receive an autographed copy of either "Outsourcing Murder" or her new book "Denial of Service", part of the Miss-Information Technology Series.

Book Signing Hours:
Monday, Feb 25, 2013 6:30 a.m. – 7:30 p.m.
Tuesday, Feb 26, 2013 1:00 p.m.– 2:00 p.m.
5:00 p.m. – 6:00 p.m.
Wednesday, Feb 27, 2013 1:00 a.m. – 2:00 p.m.

Meet Oracle Security Executives:
Oracle Security product management executives and experts will be in attendance at this year’s RSA Conference. Like to schedule a meeting? Simply send us a note with your information, areas of interest and 3 preferred time slots and we will confirm.

Get free access to the exhibit floor by registering here using the code: FXE13ORAC, compliments of Oracle. To take advantage of the complimentary code, you’d need to register by February 22.

We look forward to seeing you at RSA Conference 2013.

Wednesday Feb 06, 2013

(ISC)2 Security Briefing Series - The Easy Target: Your Unsecured Databases

Please join Oracle and (ISC)2 as we discuss the importance of detective, preventive, and administrative security controls for a comprehensive database security defense-in-depth strategy.

Part 1: 60 Seconds to Infiltrate, Months to Discover

According to leading industry reports, 98% of breached data originates from database servers and nearly half are compromised in less than a minute! Almost all victims are not aware of a breach until a third party notifies them and nearly all breaches could have been avoided through the use of basic controls. Join (ISC)2 and Oracle on January 31, 2013 for Part 1 of our next Security Briefings series that will focus on database security and the detective, preventive, and administrative controls that can be put in place to mitigate the risk to your databases. There's no turning back the clock on stolen data, but you can put in place controls to ensure your organization won't be the next headline.

Register Now

Part 2: As Attacks Evolve, Can You Prevent Them?
Thursday, February 21, 2013, 10am PST/1pm EST
The collaboration and sharing of information made possible by social media has enabled a new class of social engineering attacks, greatly increasing the risks posed by insiders for most organizations. Consider that LinkedIn searches for "Database Administrator" and "System Administrator" return over one million potential targets. In fact, stolen credentials were involved in 84% of the attacks that have resulted in over one billion records stolen from database servers. Join (ISC)2 and Oracle on February 21, 2013 for Part 2 of our Security Briefings series as we focus on database security and the preventive controls that can be used to mitigate the risks posed by insiders and attackers exploiting legitimate access to data and database infrastructure by adopting a defense-in-depth strategy. 
Part 3: Data Breaches are the Tip of the Iceberg
Date/Time: April 4, 2013, 10am PST/1pm EST
Digital security is the new battleground and cyber criminals are focused on stealing corporate and government secrets for financial and strategic gain. With increasing internal and external attacks and stronger regulatory compliance enforcement, investing in data security is a top priority for organizations; yet, significant gaps still exist at the very core — the databases that house the crown jewels. Join (ISC)2 and Oracle on Apr 4, 2013 for the conclusion of our Security Briefings series as we summarize implementing an effective database security strategy by using administrative controls that can help organizations discover where sensitive data resides and who has privileged access to this data.

Wednesday Jan 23, 2013

SquareTwo Enables Development Efficiency, Compliance with Oracle

SquareTwo Financial, a leader in the $100 billion asset recovery and management industry, enables fast growth and regulatory compliance with Oracle Database Security defense-in-depth solutions. Hear J-T Gaietto, manager of information security, discuss how they use Oracle Database Firewall, Oracle Data Masking, and Oracle Advanced Security to enable fast growth and comply with regulatory mandates. 

SquareTwo Financial Enables Development Efficiency and Compliance with Oracle Database Security

Watch the video.

Challenges

  • Comply with a number of regulations: GLBA, HIPAA HITECH, SOX, and PCI DSS
  • Prove separation of duties for Sarbanes-Oxley Act compliance
  • Quickly scale IT security to address fast 37% company growth
  • Minimal disruption to 5.9 million accounts while maintaining growth
  • Secure heterogeneous database environment, with no application changes

Solution

  • Address compliance with database firewall, transparent data encryption,
    data masking for a comprehensive database security defense-in-depth strategy
  • Database activity monitoring to protect against insider and external threats,
    including SQL injection attacks
  • Secure Oracle Exadata and Microsoft SQL Server database activity, with
    no application changes 

 Listen to the podcast for more details.

Thursday Dec 20, 2012

Oracle Audit Vault and Database Firewall In the News

Here's some news coverage regarding our recent announcement of Oracle Audit Vault and Database Firewall.

 ...and some quotable quotes:

"Oracle is simplifying its security offerings by combining a pair of existing tools into a single package. The offering, Oracle Audit Vault and Database Firewall, provides both network traffic sniffing for security threats and audit data analysis.” – IDG News Service

“Oracle is merging a couple of its existing security products together to make one big solution to tackle Oracle and non-Oracle database traffic.” – ZDNet Between the Lines blog

“The consolidated, centralized repository enables all audit and event logs to be analyzed in real-time against pre-defined policies; offers visibility into stored procedure execution, recursive SQL and operational activities; comes with dozens of built-in reports to meet compliance requirements; and provides a range of alerts, including multi-event alerts and alert thresholds.” – Database Trends and Applications

Wednesday Dec 12, 2012

Announcing Oracle Audit Vault and Database Firewall

Today, Oracle announced the new Oracle Audit Vault and Database Firewall product, which unifies database activity monitoring and audit data analysis in one solution.

This new product expands protection beyond Oracle and third party databases with support for auditing the operating system, directories and custom sources. Here are some of the key features of Oracle Audit Vault and Database Firewall:

Single Administrator Console

Default Reports


Out-of-the-Box Compliance Reporting

Report with Data from Multiple Source Types

Audit Stored Procedure Calls - Not Visible on the Network

Extensive Audit Details

Blocking SQL Injection Attacks

Powerful Alerting Filter Conditions

To learn more about the new features in Oracle Audit Vault and Database Firewall, watch the on-demand webcast.

Thursday Dec 06, 2012

Columbia University Secures PeopleSoft Financials with Oracle's Transparent Data Encryption

Columbia University, the oldest institution of higher learning in New York, protects sensitive data in Oracle's PeopleSoft Financials using Oracle Advanced Security with transparent data encryption. Hear, Nick Caragiulo, manager of database administration, discuss how Columbia helps address internal and regulatory requirements for encryption of data at rest and in motion.

Wednesday Nov 28, 2012

Introducing Next-Generation Enterprise Auditing and Database Firewall Webcast, 12/12/12

Join us, December 12 at 10am PT/1pm ET, to hear about a new Oracle product that monitors Oracle and non-Oracle database traffic, detects unauthorized activity including SQL injection attacks, and blocks internal and external threats from reaching the database. In addition, this new product collects and consolidates audit data from databases, operating systems, directories, and any custom template-defined source into a centralized, secure warehouse.

This new enterprise security monitoring and auditing platform allows organizations to quickly detect and respond to threats with powerful real-time policy analysis, alerting and reporting capabilities. Based on proven SQL grammar analysis that ensures accuracy, performance, and scalability, organizations can deploy with confidence in any mode.

You will also hear how organizations such as TransUnion Interactive and SquareTwo Financial rely on Oracle today to monitor and secure their Oracle and non-Oracle database environments.

Register for the webcast here.

Wednesday Nov 21, 2012

Closing the Gap: 2012 IOUG Enterprise Data Security Survey

The new survey from the Independent Oracle Users Group (IOUG) titled "Closing the Security Gap: 2012 IOUG Enterprise Data Security Survey," uncovers some interesting trends in IT security among IOUG members and offers recommendations for securing data stored in enterprise databases.
Closing the Gap: 2012 IOUG Enterprise Data Security Survey Report
"Despite growing threats and enterprise data security risks, organizations that implement appropriate detective, preventive, and administrative safeguards are seeing significant results," finds the report's author, Joseph McKendrick, analyst, Unisphere Research.

Produced by Unisphere Research and underwritten by Oracle, the report is based on responses from 350 IOUG members representing a variety of job roles, organization sizes, and industry verticals.

Key findings include

  • Corporate budgets increase, but trailing. Though corporate data security budgets are increasing this year, they still have room to grow to reach the previous year’s spending. Additionally, more than half of respondents say their organizations still do not have, or are unaware of, data security plans to help address contingencies as they arise.
  • Danger of unauthorized access. Less than a third of respondents encrypt data that is either stored or in motion, and at the same time, more than three-fifths say they send actual copies of enterprise production data to other sites inside and outside the enterprise.
  • Privileged user misuse. Only about a third of respondents say they are able to prevent privileged users from abusing data, and most do not have, or are not aware of, ways to prevent access to sensitive data using spreadsheets or other ad hoc tools.
  • Lack of consistent auditing. A majority of respondents actively collect native database audits, but there has not been an appreciable increase in the implementation of automated tools for comprehensive auditing and reporting across databases in the enterprise.

IOUG Recommendations
The report's author finds that securing data requires not just the ability to monitor and detect suspicious activity, but also to prevent the activity in the first place. To achieve this comprehensive approach, the report recommends the following.

  • Apply an enterprise-wide security strategy. Database security requires multiple layers of defense that include a combination of preventive, detective, and administrative data security controls.
  • Get business buy-in and support. Data security only works if it is backed through executive support. The business needs to help determine what protection levels should be attached to data stored in enterprise databases.
  • Provide training and education. Often, business users are not familiar with the risks associated with data security. Beyond IT solutions, what is needed is a well-engaged and knowledgeable organization to help make security a reality.
About

Who are we?

Follow us on

  • TwitterFacebookLinkedIn

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
2
3
4
5
6
7
8
9
10
12
13
15
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today