Wednesday Mar 25, 2015

86% of Data Breaches Miss Detection, How Do You Beat The Odds?

Information security is simply not detecting the bad guys

This according to the Verizon Data Breach Investigations Report. In fact, antivirus, intrusion detection systems, and log review all pick up less than 1% of data breach incidents. Very few companies do proactive monitoring and those that do are simply troubleshooting problems they already know about. The result is that 86% of data breach incidents were ultimately detected by someone other than the victimized organization; an embarrassing statistic.

Only 35% of organizations audit to determine whether privileged users are tampering with systems. As well, for nearly 70% of organizations, it would take greater than one day to detect and correct unauthorized database access or change. With average data breach compromises taking less than a day, the majority of organizations could lose millions of dollars before even noticing.

Join Oracle and learn how to put in place effective activity monitoring including:

  • Privileged user auditing for misuse and error
  • Suspicious activity alerting
  • Security and compliance reporting 

Thursday Feb 19, 2015

Top Two Cloud Security Concerns: Data Breaches and Data Loss

Apply a Data-centric Security Strategy in the Cloud

Don't miss watching the webcast Applying a Data-centric Security Strategy in the Cloud

Most most organizations are worried about putting sensitive data into the cloud. In fact, industry reports indicate data breaches and data loss are their top two concerns. Rather than apply a one size fits all approach to data security, organizations would be better prepared if they Implemented security controls based on the type of data and its use. In this session, you will learn how to apply the appropriate levels of security controls based on data sensitivity, and then map them to your cloud environment.

Watch now.  

Wednesday Jan 28, 2015

Oracle Cloud Forum - Mapping Security Controls to the Value of Data

Learn how to prioritize your security control deployments by watching Oracle's Cloud Platform Online Forum session, "Applying a Data-Centric Security Strategy in the Cloud."

Most organizations are worried about putting sensitive data into the cloud. In fact, industry reports indicate data breaches and data loss are their top two concerns.

Case in point, my previous blog article discusses how more than a third (34%) of organizations believe that a data breach is "somewhat likely" to "inevitable" in 2015.

Rather than apply a one size fits all approach to data security, organizations would be better prepared if they implemented security controls based on the type of data and its use.

In this session, you will learn how to apply the appropriate levels of security controls based on data sensitivity, and then map them to your cloud environment. 

Register to watch the forum here.  

Wednesday Nov 12, 2014

Oracle Security Webcast Series for UK Customers

Over the next four Thursdays, beginning November 20th through December 11th, our UK team will be addressing security 

Preventive Controls to Avoid Next Data Breach, Nov 20, 2014. 11:00 AM - 11:45 AM (GMT)

Learn how preventive controls can increase your defense arsenal against the evolving threats to databases. Data breaches not only expose your customers' and employees' private data, but also diminish your reputation and impact the bottom line. Oracle Security specialists will demonstrate the latest database security capabilities which enable you to adopt a defense-in-depth strategy to mitigate risks and protect the data at source – the database.

Detective Controls for Compliance & Auditing, Nov 27, 2014, 11:00 AM - 11:45 AM (GMT)

Learn how you can enforce the “trust but verify” principle by consolidating audit and event sources from the Oracle and non-Oracle components of your infrastructure, offering integrated, real-time security analytics. Find out how Oracle detective controls can offer a first line of defense against SQL injection attacks, as well as a simplified compliance reporting platform, for audit data analysis, within a centralized, secure warehouse.

Identity Governance for Extended Enterprise, Dec 4, 2014, 11:00 AM - 11:45 AM (GMT)

As organizations deploy an ever-increasing number of cloud, mobile, and enterprise applications, identifying and managing user access can be a challenge, especially when departmental application deployments are outside the view of corporate IT. Join us for this live webcast to learn how Oracle’s Identity governance solution reduces risks and costs while providing fast access to new services through an intuitive user self-service solution.

Strategies for Mobile Application Security, Dec 11, 2014, 11:00 AM - 11:45 AM (GMT)

Enterprise mobility and the Internet of Things are both new IT endpoints that require melding device and user identities for security reasons.Join us for this live webcast to learn how identity management platform benefits are enabling customers to move deployments to the next level of sophistication, as the mobile security market consolidates.

Friday Aug 08, 2014

Focus on Database Security at Oracle OpenWorld, 2014

Data security threats and regulatory compliance are the new "death" and "taxes" that we can all be certain of. Security is a hot topic across all organizations, whether you have 100 or 100,000 employees. Organizations are scrambling to mitigate threats and comply with regulatory requirements. Oracle OpenWorld is the place for customers to hear about the latest advances in data security, meet with security experts, and learn the next steps to help secure the sensitive data they hold.

With Oracle OpenWorld, 2014 about 2 months away, we've compiled the database security sessions, hands on labs, and more, that are critical for database administrators, security experts and executives to attend. As an example of just some of the talks this year:

Oracle Database 12c: Defense-in-Depth Security [CON8194]

Attend this session to quickly get up to speed on the powerful preventive and detective controls available in Oracle Database 12c. It provides an overview of security capabilities in Oracle Database 12c and is ideally suited for those who are new to security or want to get quickly get up to speed on protecting the data stored in their mission-critical databases. The presentation drills down particularly into the new Oracle Database 12c unified and conditional auditing facility. Learn how to create audit policies with conditional clauses, enabling highly selective and effective auditing. See a demonstration of a conditional audit policy based on a connection from a database link and a connection using proxy authentication.

Introducing Oracle Key Vault: Centralized Keys, Wallets, and Java Keystores [CON8189]

Attend this technical session to learn how the new Oracle Key Vault helps organizations accelerate encryption initiatives by addressing proliferating wallets, managing them centrally. See demonstrations of how to set up, configure, and administer Oracle Key Vault for centralized key management for OSs, databases, and middleware. Get best practices for using Oracle Key Vault, a security-hardened software appliance, with existing key storage files such as Oracle wallets and Java Keystores. Learn about optimizations for Oracle Database 11g and Oracle Database 12c, where Oracle Key Vault directly connects to Oracle Advanced Security transparent data encryption (TDE).

Oracle Database Security Strategy and Best Practices: Customer Case Study Panel [CON8192]

Oracle Database security solutions are transparent and easy to deploy and offer comprehensive data protection in a rapidly evolving threat landscape. In this session, you will hear from Oracle customers that have successfully deployed transparent data encryption, data masking, database firewalls, and database auditing and monitoring to protect their data and address regulatory compliance requirements. You will hear why they did it, how they did it, and the lessons learned. This is a highly interactive session—you will have an opportunity to pose questions to the panel and get real-world tips and best practices from your peers.

Plus much more... 

Register for OracleOpenWorld

Register now and get the focus on database security document here to begin planning. Please note agenda is subject to change and will be filled out with session dates/times and room locations as we get closer to OpenWorld, Sept 28-Oct 2, 2014 in San Francisco. And a tip: read Securing Oracle Database 12c ebook to get prepared; we look forward to see you there! 

Monday Aug 04, 2014

Securing Data in the New Digital Economy Webcast

2014 has already witnessed some of the largest data breaches on record. As the black market for stolen data becomes increasingly organized, the supply chain for information is providing an efficient means to monetize a vast array of stolen information. A the same time, our legal economy is becoming more hyper-connected providing more digital services, and making companies are more vulnerable to attacks. In this session we will explore the security requirements for information in the new digital economy and with the vast amount of case information from breach investigations, distill a security strategy to reduce risk.

Register to hear the recorded webcast. 

Tuesday May 27, 2014

Oracle Key Vault Sneak Peek at NYOUG

The New York Oracle Users Group will get a sneak peek of Oracle Key Vault on Tuesday, June 3, by Todd Bottger, Senior Principal Product Manager, Oracle.Oracle Key Vault

If you recall, Oracle Key Vault made its first appearance at last year's Oracle OpenWorld in San Francisco within the session "Introducing Oracle Key Vault: Enterprise Database Encryption Key Management."

You can catch Todd's talk from 9:30 to 10:30 am.

Session Abstract

With many global regulations calling for data encryption, centralized and secure key management has become a need for most organizations. This session introduces Oracle Key Vault for centrally managing encryption keys, wallets, and passwords for databases and other enterprise servers. Oracle Key Vault enables large-scale deployments of Oracle Advanced Security’s Transparent Data Encryption feature and secure sharing of keys between Oracle Real Application Clusters (Oracle RAC), Oracle Active Data Guard, and Oracle GoldenGate deployments. With support for industry standards such as OASIS KMIP and PKCS #11, Oracle Key Vault can centrally manage keys and passwords for other endpoints in your organization and provide greater reliability, availability, and security. 

Friday Mar 21, 2014

Countering Adversaries Webcast Series

We're kicking off a three part webcast series with (ISC)2 entitled "Countering Adversaries." These webcasts are for IT managers and directors, database and systems administrators, and all security professionals. Register and learn how to protect your organization.

Countering Adversaries Part 1: Espionage and Stolen Credentials

March 27, 2014, 10:00 am PT/1:00 pm ET. Register Here.

By profiling criminal activity, the Verizon Data Breach Investigations Report has been able to identify three distinct threat actors including espionage, organized crime, and activists. Organizations can take proactive steps to mitigate potential risks by understanding each threat actor’s methods and targets. In this three part series, (ISC)2 and Oracle will examine these three threat actors, the industries they target, and how to protect sensitive customer and organizational data. We begin with countering espionage threats and their preference for using stolen credentials.

Countering Adversaries Part 2: Organized Crime and Brute Force

April 24, 2014 10:00 am PT/1:00 pm ET Register Here.

Hailing from Eastern Europe and North America, organized criminals have a penchant for using brute-force hacking and multiple strands of malware to target financial and retail organizations for monetary gain, according to the Verizon DBIR. It is common for these cybercriminals to directly access databases and extract payment cards, credentials, and bank account information. Join (ISC)2 and Oracle as we discuss tactics employed by these cybercriminals and how organizations should implement a defense in depth database security strategy to help mitigate the threat.

Countering Adversaries Part 3: Hacktivists and SQL Injection Attacks

May 22, 2014, 10:00 am PT/1:00 pm ET Register here.

Activists break into organizational web applications and databases to find personal and organizational data in order to expose this private information. The Verizon Data Breach investigations report says “Hacktivists generally act out of ideological motivations, but sometimes just for the fun and epic lutz.” In this third webcast of a three part series, (ISC)2 and Oracle will examine their number one tool of choice: SQL injection attacks.  SQL injection attacks are both simple to perform and difficult to detect. We’ll discuss detecting and blocking SQL injection attacks in order to protect your most sensitive customer and organizational data from “epic lutz”. 

Wednesday Mar 19, 2014

Oracle Open World 2014 Call for Proposals (Papers)

Oracle Database Security Experts Wanted!

The 2014 Call for Proposals for Oracle OpenWorld is open. It’s worth the time to share your expertise with thousands of Oracle users.

If you’re an Oracle Database security expert, conference attendees want to hear it straight from you. So don’t wait-proposals must be submitted by April 15.

Share if you are planning to attend and/or present.  We look forward to meeting you.

Wednesday Jan 22, 2014

Oracle at RSA Conference 2014, Meet the Authors and Experts

Amidst the increasing frequency and growing onslaught of security attacks, data breaches and mobile threats, it's critical to have access to the latest in security insights, solutions, products and a network of peers facing the same issues you do. Attend RSA Conference, February 24 - 28 and prepare for five intensive days of knowledge gathering and information sharing.

Join Oracle (Booth #1509) as we demonstrate how our complete, best-of-breed security solutions enable you to secure critical applications and sensitive data, lower operational costs, and comply with regulatory requirements. Learn more about:

  • Oracle's Security Inside Out approach
  • Comprehensive defense in depth database security
  • The platform approach to identity management for cloud, mobile and social

To secure your complimentary RSA Conference 2014 Exhibit Hall Pass, click here and enter Oracle Code EC4ORACL by Friday, February 21.

Meet the Authors
Plan to meet the authors of the new book Securing Oracle Database 12c: A Technical Primer, as they give out autographed copies of their new book, while supplies last.

Book-signing hours:
Monday, February 24, 2014
6:30 p.m. – 7:30 p.m.

Tuesday, February 25, 2014
1:00 p.m. – 2:00 p.m.

Wednesday, February 26, 2014
5:00 p.m. – 6:00 p.m. (During Pub Crawl)

Event Exhibition: Meet the Experts
Visit with our security experts, see live product demonstrations, and more:

Monday, February 24, 2014
6:00 p.m. – 8:00 p.m. (Welcome Reception – Delegates & Expo Plus Only)

Tuesday, February 25, 2014
11:00 a.m. – 6:00 p.m.

Wednesday, February 26, 2014
11:00 a.m. – 6:00 p.m. (South Expo – Pub Crawl from 5:00 – 6:00 pm)
10:00 a.m. – 5:00 p.m. (North Expo)

Thursday, February 27, 2014
11:00 a.m. – 3:00 p.m.

OASIS Security Standards Showcase
Oracle will be demonstrating products that support OASIS KMIP and PKCS11 standards at the OASIS XACML Interop in booth #1909. The showcase hours are the same as the exhibit hours.

Tuesday Aug 27, 2013

Focus On Database Security at Oracle OpenWorld, 2013

Plan for Oracle OpenWorld with the most recent Focus On Database Security content!

Oracle OpenWorld is Sept 22-26, 2013 in San Francisco and this Focus On Database Security organizes all database security content including, sessions, hands-on-labs, and demos . This document is subject to change, so check back as we get closer to OpenWorld.

Here's a brief summary:

General Sessions

  • Oracle Database 12c—Engineered for Clouds and Big Data
  • Security Inside-Out with Oracle Database 12c

Conference Sessions

  • Oracle Database 12c Real Application Security for Oracle Application Express
  • Oracle Audit Vault and Database Firewall: First Line of Defense in Data Security
  • Introducing Oracle Key Vault: Enterprise Database Encryption Key Management
  • New Security Capabilities in Oracle Database 12c
  • Oracle Audit Vault and Database Firewall: Deployment Best Practices
  • Oracle Exadata Database Machine Security Best Practices
  • Oracle Database Security Solutions Customer Panel: Real-World Case Studies
  • DBA Best Practices for Protecting Data Privacy with Oracle’s Data Masking
  • Sensitive Data Redaction with Oracle Database 12c
  • Oracle Database Transparent Data Encryption Best Practices
  • Privileged Database User Security Best Practices

HOL (Hands-on Lab) Sessions

  • Database Activity Monitoring, Firewall, and Auditing
  • Hands-on Lab: New Security Capabilities in Oracle Database 12c
  • Database Activity Monitoring, Firewall, and Auditing


  • Oracle Advanced Security Encryption   
  • Oracle Advanced Security Redaction   
  • Oracle Audit Vault and Database Firewall
  • Oracle Database Vault and Oracle Label Security

See the complete Focus On Database Security here.

Monday Jul 08, 2013

Oracle Database 12c Launch Webcast Featuring Security


Security A Key Part of Introducing Oracle Database 12c Webcast

More information is coming out as we introduce the next edition of Oracle Database 12c, including more new security capabilities than any other release in Oracle history! During the webcast featuring Mark Hurd, Andy Mendelsohn, and Tom Kyte, you'll also hear from Vipin Samar, Vice President of Oracle Database Security as he highlights some of these new features including sensitive data redaction and privilege analysis.

This is a must-see event, so register now for the July 10th webcast: Introducing Oracle Database 12c.

Plus, we'll have some security experts on hand to answer your questions via the chat console.

Wednesday May 22, 2013

Join Us at the Gartner Security and Risk Management Summit, June 10

Oracle will be a Silver sponsor at this year's Gartner Security & Risk Management Summit in Maryland, and showcasing Oracle Database Security solutions. Stop by to meet and interact with Oracle Security experts throughout the event.

Strategic Roadmaps to Secure the Enterprise and Reduce Risk

As the premier gathering of enterprise IT security and risk management executives, the summit takes a comprehensive look at the entire spectrum of IT security, business continuity management and risk, including: network and infrastructure security, identity and access management, compliance, privacy, fraud, business continuity management, and resilience. This year’s summit offers five in-depth, role-based programs:

  • CISO Program
  • IT Security
  • Risk Management and Compliance
  • Business Continuity Management (BCM)
  • The Business of IT Security

Wednesday May 15, 2013

Oracle Database Security at Microsoft TechEd 2013

Join Oracle at Microsoft TechEd North America 2013 in New Orleans, June 3-6. Oracle will demonstrate its latest database software for Windows, including Oracle Database, MySQL, database activity monitoring and auditing, and more.

Monitor Database Activity, Block Threats, and Efficiently Audit

Hear from Oracle Security experts and discover how Oracle Audit Vault and Database Firewall monitors Oracle and Microsoft database traffic to detect and block threats, as well as improve compliance reporting by consolidating audit data from Oracle and SQL Server databases, Windows operating systems, Microsoft directories, and more.

Stop by Booth # 1917 and see the latest Oracle Innovations!

Wednesday May 08, 2013

Oracle OpenWorld Early-Bird Pricing in Effect Through July 19!

Come join us at Oracle OpenWorld in San Francisco and save $500 off the on-site price by registering by July 19. Early-Bird registrants have the best selection of rooms at Oracle official conference hotels, earliest access to the schedule tool to secure a place in the sessions that matter most to them, and the opportunity to plan ahead to take a few days off before or after the conference to enjoy seeing Oracle Team USA at the America's Cup Races, wine country, and the spectacular fall weather in San Francisco.

 Of course you'll also get an opportunity to meet with Oracle Database Security experts and learn about all of the latest innovations. 


Who are we?

Follow us on

  • TwitterFacebookLinkedIn


« March 2015