Tuesday Feb 11, 2014

Webcast with ISACA - Want Better Data Security?

Insecure database silos make protecting data challenging and costly. Increasingly, organizations find that database consolidation and private cloud initiatives reduce complexity, risk, and drive down the cost of protecting data and meeting regulatory compliance. 

In this webcast, you will learn how to:

  • Consolidate databases securely
  • Address database security at the infrastructure level
  • Adopt a defense in depth strategy 
Watch Now and learn the controls needed to safeguard your mission critical enterprise data.  

Tuesday Oct 29, 2013

Get the Latest Security Inside Out Newsletter, October Edition

The latest October edition of the Security Inside Out newsletter is now available and covers the following important security news:

Oracle Security Inside Out Newsletter

Securing Oracle Database 12c: A Technical Primer

The new multitenant architecture of Oracle Database 12c calls for adopting an updated approach to database security. In response, Oracle security experts have written a new book that is expected to become a key resource for database administrators. Find out how to get a complimentary copy. 

Read More

HIPAA Omnibus Rule Is in Effect: Are You Ready?

On September 23, 2013, the HIPAA Omnibus Rule went into full effect. To help Oracle’s healthcare customers ready their organizations for the new requirements, law firm Ballard Spahr LLP and the Oracle Security team hosted a webcast titled “Addressing the Final HIPAA Omnibus Rule and Securing Protected Health Information.” Find out three key changes affecting Oracle customers. 

Read More

The Internet of Things: A New Identity Management Paradigm

By 2020, it’s predicted there will be 50 billion devices wirelessly connected to the internet, from consumer products to highly complex industrial and manufacturing equipment and processes. Find out the key challenges of protecting identity and data for the new paradigm called the Internet of Things. 

Read More

Sunday Oct 06, 2013

New Database Threats Require New Innovations in Security

If you attended Open World this year, you learned about the advances in Database 12c. As we collect more data and store our data in remote locations and the cloud, 12c restores control with advances to secure your data at the source. At the Chief Security Officer Summit at Leaders Circle, Vipin Samar discussed the changes in the security landscape that are forcing companies to re-examine how data is secured. The recent APT1 report by Mandiant highlights exactly how pervasive the threats are across every industry. 

While the report covers the exploits of a specific government, the techniques being used are similar across the board. A recent report by the Ponemon Insitute noted that 43% of the most serious attacks are SQL injection attacks. The statistic implies that organizations are not as prepared to secure databases and that our most valuable data actually resides in our databases.

 It seems almost every report on the state of IT security mentions database security. As an example, the PWC Global State of Information Security report provides a survey by region of database encryption. In North America alone, 53% of companies don't encrypt databases. Despite the threats, organizations are not fully responding. 

The slides below provide a perspective on how a comprehensive approach to database security can set the foundation for preventing some of the most advanced threats. With Database Security 12c, there are several advances that organizations will want to focus on:

  • Database Redaction - learn more here
  • Privilege Analysis - learn more here.
  • Audit Vault Firewall - learn more here.
  • More about security in 12c here.
For a limited time, you can register for a free copy of a new book on Database Security 12c. 

Wednesday Oct 02, 2013

Security in Oracle Database 12c Gives Reason for Customers to Upgrade

The latest edition of Oracle Magazine, headlined with Plug into the Cloud, gives many reasons for customers to upgrade to the latest release of Oracle Database 12c

In the article Time to Upgrade, Michelle Malcher, President of the Independent Oracle Users Group (IOUG) and Oracle ACE Director, says "Oracle Database 12c is packed with several new and enhanced security features. A great new security feature is privilege analysis, which allows DBAs to get to the bottom of what permissions are really needed and used. How much time is that going to save in audit reports and managing the security for least privilege?"

To prepare for the latest edition of Oracle Database, Malcher had an opportunity sit down and beta test the latest features with others. During this time, we captured some of her comments, along with other beta testers, about another new feature: data redaction (see below video).

She goes on to say "Redaction is another security features that is easy to implement and probably will save a lot of time previously spent having to mask data in different environments or code solutions to hide private data and information. Setting up a comprehensive redaction policy for users, applications, and environments can further protect sensitive data.

Learn more about the new security features in the latest release of Oracle Database 12c.

Monday Sep 16, 2013

Limited Time Complimentary eBook, Securing Oracle Database 12c


Securing Oracle Database 12c: A Technical Primer

Pre-register For Your Copy Now

With the launch of Oracle Database 12c, securing your databases is more important than ever. For a limited time you can pre-register for a new complimentary eBook and learn about Oracle Database Security from the experts who brought you the #1 database in the world.

Are you an Oracle DBA who wants to protect your databases? The new ebook, Securing Oracle Database 12c: A Technical Primer, will be the book that database administrators will want to turn to for their database security questions.

For a limited time, Oracle Press will be offering this book free of charge, so pre-register for your copy now.

Tuesday Aug 27, 2013

Focus On Database Security at Oracle OpenWorld, 2013

Plan for Oracle OpenWorld with the most recent Focus On Database Security content!

Oracle OpenWorld is Sept 22-26, 2013 in San Francisco and this Focus On Database Security organizes all database security content including, sessions, hands-on-labs, and demos . This document is subject to change, so check back as we get closer to OpenWorld.

Here's a brief summary:

General Sessions

  • Oracle Database 12c—Engineered for Clouds and Big Data
  • Security Inside-Out with Oracle Database 12c

Conference Sessions

  • Oracle Database 12c Real Application Security for Oracle Application Express
  • Oracle Audit Vault and Database Firewall: First Line of Defense in Data Security
  • Introducing Oracle Key Vault: Enterprise Database Encryption Key Management
  • New Security Capabilities in Oracle Database 12c
  • Oracle Audit Vault and Database Firewall: Deployment Best Practices
  • Oracle Exadata Database Machine Security Best Practices
  • Oracle Database Security Solutions Customer Panel: Real-World Case Studies
  • DBA Best Practices for Protecting Data Privacy with Oracle’s Data Masking
  • Sensitive Data Redaction with Oracle Database 12c
  • Oracle Database Transparent Data Encryption Best Practices
  • Privileged Database User Security Best Practices

HOL (Hands-on Lab) Sessions

  • Database Activity Monitoring, Firewall, and Auditing
  • Hands-on Lab: New Security Capabilities in Oracle Database 12c
  • Database Activity Monitoring, Firewall, and Auditing

Demos

  • Oracle Advanced Security Encryption   
  • Oracle Advanced Security Redaction   
  • Oracle Audit Vault and Database Firewall
  • Oracle Database Vault and Oracle Label Security

See the complete Focus On Database Security here.

Tuesday Aug 06, 2013

Plug into Defense-in-Depth with Oracle Database 12c

Designed for the Cloud, the new multitenant architecture of Oracle Database 12c now enables customers to greatly simplify and accelerate database consolidation by enabling the management of hundreds of databases as one. To protect the unprecedented amounts of data customers will store within their databases, Oracle Database 12c also introduces more security capabilities than any previous Oracle Database release.

“Oracle Database 12c represents a complete shift in database technology. With the growing amount of stored data, these new multitenant databases will be targeted by both hackers and insiders, and scrutinized by auditors more than ever,” says Vipin Samar, vice president, database security product development, Oracle. “It’s imperative that customers take advantage of the new security capabilities in Oracle Database 12c to protect their data and database infrastructure.”

Key new capabilities to help customers mitigate risks and address compliance requirements include:

Data Redaction. Part of Oracle Advanced Security, Data Redaction complements transparent data encryption (TDE) by ensuring sensitive data is not exposed to users of current applications. While TDE protects information from database bypass attacks at the operating system level, Data Redaction conditionally redacts sensitive data in the outgoing result set by replacing original data with **** or any other fixed or random string of choice based upon the customer requirements. Data is redacted based on simple declarative policies that take into account rich database session context such as IP address, program name, and application user. The original data remains unaltered along with existing operational procedures.

Privilege Analysis. Part of Oracle Database Vault, Privilege Analysis can harden database access by identifying users’ or applications’ unused privileges and roles based upon the actual roles and privileges used at runtime on production servers. Typically over time, applications and users amass powerful privileges and roles that may no longer be necessary. Finding the set of used roles and privileges is important because it helps identify the minimal set required and allows unused privileges to be revoked, reducing the attack surface.

Database Vault also enables customers to realize the full potential of Oracle Database 12c multitenant-based consolidation by preventing common database administrators from accessing application data stored in a pluggable database. With three distinct separation-of-duty controls, Database Vault is critical to regulatory compliance in multitenant environments.

Conditional Auditing. Oracle Database 12c introduces a new auditing framework that creates audit records based on the context of the database session. For example, an audit policy can be defined to audit all SQL statements unless they are coming from the application server’s IP address and with the given program name. Out-of-policy connections can be fully audited while no audit data will be generated for others, enabling highly selective and effective auditing.

New roles have been introduced for managing audit data and audit policies inside the database. Audit data integrity is further protected by restricting management to the built-in audit data management package, preventing audit trail tampering using ad hoc SQL commands. Multiple audit statements can be grouped together for easier management. Three default audit policies are configured and shipped out of the box.

Additionally, Oracle Audit Vault and Database Firewall now supports Oracle Database 12c, and can be used to collect, consolidate, alert and report on audit data from Oracle and non-Oracle databases and operating systems. Oracle Audit Vault and Database Firewall can also monitor Oracle Database 12c SQL activity over the network, blocking any unauthorized activity such as SQL injection attacks, or insider abuse.

Sensitive Data Discovery and Management. Locating and cataloging sensitive data is more critical than ever. Oracle Enterprise Manager Data Discovery and Modeling (DDM) and Sensitive Data Discovery (SDD) facilitate the process of locating sensitive data within an application and applying security controls on that data. In addition, the new Oracle Database 12c Transparent Sensitive Data Protection (TSDP) can load sensitive information from Oracle Enterprise Manager Data Discovery and Modeling into the Oracle database and apply security controls such as Data Redaction. This greatly reduces the operational burden of managing sensitive data consistently in Oracle Database 12c environments.

Real Application Security. Oracle Database 12c introduces the next generation authorization framework to support the increased application security requirements in multitenant environments. Unlike the traditional Oracle VPD, Oracle Database 12c Real Application Security (RAS) provides a declarative model that allows developers to define the data security policy based on application users, roles and privileges within the Oracle Database. This new RAS-based paradigm is more secure, scalable, and cost effective.

In addition to these critical new capabilities, Oracle Database 12c greatly strengthens the overall database security posture with new Oracle Database Vault realm controls, Oracle Advanced Security TDE key management, Oracle Enterprise Manager Security Console, and more.

All the security capabilities available in Oracle Database 12c are compatible with the new multitenant architecture in Oracle Database 12c. As a result, customers can quickly and efficiently address the unique security requirements of each pluggable database. The security policies move with the pluggable database when it is unplugged from one and plugged into a new Oracle Database 12c multitenant server.

Learn more about Oracle Database Security

Monday Jul 08, 2013

Oracle Database 12c Launch Webcast Featuring Security

 

Security A Key Part of Introducing Oracle Database 12c Webcast

More information is coming out as we introduce the next edition of Oracle Database 12c, including more new security capabilities than any other release in Oracle history! During the webcast featuring Mark Hurd, Andy Mendelsohn, and Tom Kyte, you'll also hear from Vipin Samar, Vice President of Oracle Database Security as he highlights some of these new features including sensitive data redaction and privilege analysis.

This is a must-see event, so register now for the July 10th webcast: Introducing Oracle Database 12c.

Plus, we'll have some security experts on hand to answer your questions via the chat console.

Wednesday Jun 05, 2013

Comprehensive Database Security Defense-in-Depth

Recent successful cyber attacks against some of the most security savvy organizations have put into question IT Security strategies across all industries. The reliance on network security and user credentials have left many institutions vulnerable to attacks by insiders, outsiders exploiting stolen credentials, and SQL injection attacks. Additionally, the pervasive use of production data in non-production environments means that attackers can focus their efforts on a development or test server. Analysts estimate that less than 20% of IT Security plans address database security. 

Oracle Database Security

When Oracle talks about having a comprehensive database strategy, it includes defense-in-depth security controls that protect multiple layers in and around the database environment.

  • Preventive controls are those that are intended to avoid an incident from occurring
  • Detective controls help identify an incident's activities and potentially an intruder
  • Administrative controls are the tools that help with the process and procedures associated with database security
To learn more about each of the Oracle Database Security controls, please visit oracle.com/database/security

Wednesday May 22, 2013

Join Us at the Gartner Security and Risk Management Summit, June 10

Oracle will be a Silver sponsor at this year's Gartner Security & Risk Management Summit in Maryland, and showcasing Oracle Database Security solutions. Stop by to meet and interact with Oracle Security experts throughout the event.

Strategic Roadmaps to Secure the Enterprise and Reduce Risk

As the premier gathering of enterprise IT security and risk management executives, the summit takes a comprehensive look at the entire spectrum of IT security, business continuity management and risk, including: network and infrastructure security, identity and access management, compliance, privacy, fraud, business continuity management, and resilience. This year’s summit offers five in-depth, role-based programs:

  • CISO Program
  • IT Security
  • Risk Management and Compliance
  • Business Continuity Management (BCM)
  • The Business of IT Security

Thursday May 09, 2013

New Study Reveals Security Spending Not Protecting the Right Assets

Despite widespread belief that database breaches represent the greatest security risk to their business, organizations continue to devote a far greater share of their security resources to network assets rather than database assets, according to a new report, An Inside Out Approach to Enterprise Security, issued by CSO and sponsored by Oracle.

Read more here in the latest Database Insider newsletter.

Thursday Mar 21, 2013

Security Inside Out Newsletter Available - Subscribe Now!

The latest edition of Security Inside Out newsletter is now available. If you don't get this bi-monthly security newsletter in your inbox, then please subscribe. The latest news includes:

Q&A: Ontario Commissioner and Leading Privacy Expert Dr. Ann Cavoukian

Dr. Ann Cavoukian is both Ontario's information and privacy commissioner and one of the leading privacy experts in the world. In January, Dr. Cavoukian and Oracle released a new white paper covering the convergence of privacy and security. 

Read More

Oracle Named a Leader in Gartner Magic Quadrant for Data Masking Technology

Gartner, Inc. has named Oracle as a leader in its “Magic Quadrant for Data Masking Technology,” published in December 2012.

Read More

Virgin Media Relies on Oracle Identity Management to Secure Wi-Fi Service in the London Underground

Leading up to the 2012 Olympics, Virgin Media was entrusted with a massive undertaking—to quickly and securely provide London's Underground stations with Wi-Fi service. The company turned to two Oracle Identity Management solutions—Oracle Virtual Directory and Oracle Entitlements Server—to successfully deliver.

Read More

Friday Mar 15, 2013

Finding Oracle Database Security Information

One of the many issues security professionals face is tracking down information for their particular security challenges. Oracle has a multitude of resources across our comprehensive database security defense-in-depth solutions. Quite frankly, it can be difficult to find the particular information you're looking for. So, here's an attempt to consolidate some of those key resources: 

Product Information 

 Customer Case Studies

Events and Training

Analyst, News, and Social

Collateral


Thursday Feb 14, 2013

Gartner Positions Oracle in Leaders Quadrant for Data Masking

Gartner, Inc. has named Oracle as a Leader in its first “Magic Quadrant for Data Masking Technology(1). Gartner’s Magic Quadrant reports position vendors within a particular quadrant based on their completeness of vision and ability to execute.

According to Gartner, “Adopting data masking helps enterprises raise the level of security and privacy assurance against abuses. At the same time, data masking helps enterprises meet compliance requirements with the security and privacy standards recommended by regulating/auditing authorities.”

Gartner continued, “…we expect a relatively high speed of technology maturity for data masking. By 2016, the static data masking [SDM] market will reach the Plateau of Productivity in Gartner's Hype Cycle, with approximately 50% of the target audience adopting it.”

“With more structured and unstructured data in enterprise databases, companies need simple and consistent tools to comply with data privacy regulations and mask sensitive data during application development, testing or data analysis,” said Vipin Samar, Vice President of Database Security Product Development, Oracle. “Oracle is the world’s #1 database provider, integrating best-in-class hardware and software to deliver extreme performance and ensure robust database security for our customers.”

Oracle Data Masking Pack is a component of Oracle Enterprise Manager and part of the Oracle Database Security defense-in-depth solution. Get the Gartner Magic Quadrant for Data Masking Technology here.

(1) Gartner, Inc., “Magic Quadrant for Data Masking Technology,” by Joseph Feiman, Carsten Casper, December 20, 2012

Wednesday Feb 06, 2013

(ISC)2 Security Briefing Series - The Easy Target: Your Unsecured Databases

Please join Oracle and (ISC)2 as we discuss the importance of detective, preventive, and administrative security controls for a comprehensive database security defense-in-depth strategy.

Part 1: 60 Seconds to Infiltrate, Months to Discover

According to leading industry reports, 98% of breached data originates from database servers and nearly half are compromised in less than a minute! Almost all victims are not aware of a breach until a third party notifies them and nearly all breaches could have been avoided through the use of basic controls. Join (ISC)2 and Oracle on January 31, 2013 for Part 1 of our next Security Briefings series that will focus on database security and the detective, preventive, and administrative controls that can be put in place to mitigate the risk to your databases. There's no turning back the clock on stolen data, but you can put in place controls to ensure your organization won't be the next headline.

Register Now

Part 2: As Attacks Evolve, Can You Prevent Them?
Thursday, February 21, 2013, 10am PST/1pm EST
The collaboration and sharing of information made possible by social media has enabled a new class of social engineering attacks, greatly increasing the risks posed by insiders for most organizations. Consider that LinkedIn searches for "Database Administrator" and "System Administrator" return over one million potential targets. In fact, stolen credentials were involved in 84% of the attacks that have resulted in over one billion records stolen from database servers. Join (ISC)2 and Oracle on February 21, 2013 for Part 2 of our Security Briefings series as we focus on database security and the preventive controls that can be used to mitigate the risks posed by insiders and attackers exploiting legitimate access to data and database infrastructure by adopting a defense-in-depth strategy. 
Part 3: Data Breaches are the Tip of the Iceberg
Date/Time: April 4, 2013, 10am PST/1pm EST
Digital security is the new battleground and cyber criminals are focused on stealing corporate and government secrets for financial and strategic gain. With increasing internal and external attacks and stronger regulatory compliance enforcement, investing in data security is a top priority for organizations; yet, significant gaps still exist at the very core — the databases that house the crown jewels. Join (ISC)2 and Oracle on Apr 4, 2013 for the conclusion of our Security Briefings series as we summarize implementing an effective database security strategy by using administrative controls that can help organizations discover where sensitive data resides and who has privileged access to this data.
About

Who are we?

Follow us on

  • TwitterFacebookLinkedIn

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
2
3
4
5
6
7
8
9
10
12
13
15
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today