Monday Jul 09, 2012

Lockdown Your Database Security

A new article in Oracle Magazine outlines a comprehensive defense-in-depth approach for appropriate and effective database protection. There are multiple ways attackers can disrupt the confidentiality, integrity and availability of data and therefore, putting in place layers of defense is the best measure to protect your sensitive customer and corporate data.

“In most organizations, two-thirds of sensitive and regulated data resides in databases,” points out Vipin Samar, vice president of database security technologies at Oracle. “Unless the databases are protected using a multilayered security architecture, that data is at risk to be read or changed by administrators of the operating system, databases, or network, or hackers who use stolen passwords to pose as administrators. Further, hackers can exploit legitimate access to the database by using SQL injection attacks from the Web. Organizations need to mitigate all types of risks and craft a security architecture that protects their assets from attacks coming from different sources.”

Monday May 14, 2012

Best Practices for Database Privileged User Access Controls

Insider threats and stolen credentials continue to account for the greatest incidents of data breaches and loss. On May 30th, we'll be discussing database access control best practices for all database users, including highly privileged users using Oracle Database Vault. You'll learn how to enforce who can access what data, and when and how that data is accessed in order to prevent application bypass and enable secure database consolidation. You will also hear how Oracle customers use Oracle Database Vault and Oracle Database 11g to protect sensitive data and comply with regulatory mandates.

 To learn more, register for this, and our other Best Practices for Database Security and Compliance webcasts.

Monday May 07, 2012

Independent Research Report on Oracle Database Firewall Published by KuppingerCole

In a new independent research report, KuppingerCole Product Research Note: Oracle Database Firewall, Martin Kuppinger provides an analysis of the Oracle Database Firewall customer benefits and features, strongly recommending organizations evaluate. “Oracle Database Firewall is one of the solutions which should definitely be evaluated and is amongst the recommended products in the database security market segment. Based on its grammar-based analytical approach and a well thought out and efficiently manageable policy approach, organizations can relatively quickly implement the product while minimizing the risk of disruption to database applications.”

Kuppinger goes on to explain that Oracle Database Firewall is superior to other vendor solutions in terms of accuracy and performance, "Unlike most other products in that area, Oracle Database Firewall accurately analyzes database activity traffic over the network with very little latency and thus is able to intercept and prevent unauthorized database activities."

Read the entire report.

Tuesday Mar 06, 2012

Protecting Life-Saving Patient and Donor Data

With more than 9 million donors as part of its Be the Match registry, the National Marrow Donor Program (NMDP) collects and manages a large amount of sensitive medical information. This data has helped enable more than 43,000 marrow and umbilical cord blood transplants for patients suffering from diseases such as lymphoma and leukemia. As the director of IT infrastructure for NMDP, Kyle Nelson understands the importance of both patient and donor information and the systems that protect this data. “Arguably our most-critical technologies are the Oracle databases and comprehensive database defense-in-depth security solutions that store and protect the sensitive information of critical marrow and cord blood patients and donors,” says Nelson. 

NMDP Discusses Oracle Database Security Solutions

National Marrow Donor Program: Oracle Database Security Defense in Depth
Hear how the National Marrow Donor Program protects life-saving patient and donor data with Oracle Database Security defense-in-depth solutions including Oracle Advanced Security, Oracle Database Vault and Oracle Data Masking.

Every year, thousands of patients with life-threatening diseases such as leukemia, lymphoma, and sickle cell disease need a marrow or cord blood transplant, but don’t have a match in their family. Learn how you can help.

Tuesday Feb 14, 2012

Formulate a Database Security Strategy

Although most organizations are taking stronger measures to protect their data, significant gaps still exist at the very core — their databases. Many don’t have a comprehensive database security strategy to defend against sophisticated attacks, track sensitive data, or even meet emerging regulatory requirements. In addition, organizations tend to focus on detective controls rather than preventive measures when it comes to database security.

By contrast, leading industry analyst, Forrester finds that by implementing a comprehensive and integrated database security solution with a strong emphasis on preventive measures enables organizations to improve security controls and introduce a higher degree of automation across the enterprise. Learn more.

Tuesday Feb 07, 2012

Concerned That Security Investments Still Leave You Vulnerable?

This Thursday at 9am, the ISACA Webcast Series presents a joint Forrester and Oracle presentation on how to formulate a database security strategy.

With the growing internal and external attacks on corporate and government applications and stronger regulatory compliance enforcement, investing in data security is a top priority for organizations. Yet significant gaps still exist at the very core — the databases that house the corporate crown jewels. A recent study by Forrester Consulting* found that most organizations don’t have a comprehensive enterprise database security strategy resulting in ad-hoc deployment of point solutions focused on detection rather than prevention. In this webcast, guest speaker Forrester Research, Inc. Principal Analyst Noel Yuhanna will discuss the findings of this study and the importance of an integrated and comprehensive database security platform that can provide better security at lower cost. You will also hear from Roxana Bradescu, Director of Database Security Product Management at Oracle, about the recent innovations in Oracle’s database security platform, and learn how you can make the most of your security investments.

Register now for ISACA Webcast this Thursday, February 9 at 9am PT/12pm ET.

*Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements, a commissioned study conducted by Forrester Consulting on behalf of Oracle, January 2012.

Thursday Feb 02, 2012

RSA Conference 2012: Oracle to Highlight Oracle Database Firewall

Amid a growing onslaught of data breaches around the world, this year's RSA Conference will highlight the latest in security insights and technology—including the most recent advances in Oracle Database Firewall. The conference, which will take place in San Francisco, February 27 to March 2, features a keynote address by former British Prime Minister Tony Blair, 17 separate technical tracks, 220 hands-on sessions, and myriad networking opportunities for attendees.

RSA Conference 2012 attendees will also have access to Oracle security experts with in-depth insight into the latest developments in Oracle Database Firewall, including extended support for MySQL Enterprise Edition, new reporting infrastructure for modifying the layout of existing reports, new built-in reports to help comply with regulatory mandates and more. 

Until February 24, 2012, attendees can also opt to register for a complimentary exhibit hall-only pass by using discount code EC12ORAC. 

Learn more and register for the RSA Conference 2012 now

Friday Jan 20, 2012

Best Practices for Database Security and Compliance Webcast Series Begins Feb 1

As the amount of digital information continues to grow, so do the challenges of safeguarding that data. Two-thirds of sensitive and regulated data resides in databases, yet most IT Security programs fail to adequately address database security.

Please join Tom Kyte, Senior Technical Architect at Oracle, as he kicks off the database security best practices webcast series and discusses the threats every IT Database and Security administrator needs to be aware of. Tom will cover an overview of the best practices for securing your databases and guarding against SQL injection attacks, encrypting sensitive data, enforcing least privilege and separation of duties, database auditing and masking non-production data.

  • Feb 1 - Best Practices for Database Security and Compliance
  • Feb 29 - Best Practices for Database Activity Monitoring and Blocking
  • Mar 28 - Best Practices for Database Auditing, Alerting and Reporting
  • Apr 25 - Best Practices for Transparent Data Encryption
  • May 30 - Best Practices for Database Privileged User Access Control
*All webcasts begin 10 a.m. PT | 1 p.m. ET | London 6 p.m GMT

Tuesday Jan 03, 2012

Is Your Organization Susceptible to a Data Breach?

If your answer is yes (or you're not sure), then you aren’t alone. According to the recent Independent Oracle Users Group Data Security Survey, 60% said that a data breach is likely, or they’re not sure what to expect, over the next 12 months. As you prepare to secure your databases in 2012, see the first in our  “real world” video series that illustrate the different ways organizations are susceptible to security breaches and how Oracle can help mitigate.

X Marks the Spot - An oil company finds that their drilling efforts are way off target, someone has tampered with mission-critical enterprise intelligence. More than half of organizations would have no way of knowing if privileged users are abusing their access. Learn about Oracle Audit Vault for database activity auditing, alerting and reporting.

Friday Nov 04, 2011

RSA Attack Tip of the Iceberg and Wake Up Call for Organizations Worldwide?

Security experts now say that RSA wasn’t the only corporation victimized in the attack that shook the corporate and government leaders worldwide. If this could happen to a Security company like RSA, could this happen to any organization? Apparently the answer is yes. About 760 other organizations according to a recent post on Brian Krebs blog. Interestingly enough none of these organizations have spoken out. Is it because they don’t want the brand hit or is it just that they didn’t know what happened? My money’s on the latter.

Every year Verizon reports that the majority of data breaches are discovered by third parties. I wonder how many of the 760 companies Krebs named are scrambling to figure what was compromised in the attack.  Were critical business plans stolen? Or were manufacturing parameters changed? Going through logs looking for clues. But wait what logs? According to a recent survey of the Independent Oracle User Group only 30% of organizations are monitoring reads and writes to sensitive data stored in their databases. Taken in combination with the lack of preventive controls at the database layer, most organizations are soft targets for Advanced Persistent Threats as well as not so advanced opportunistic attacks like the Liza Moon SQL injection attack used to compromise over 4 million databases in a single day.

So what’s the solution: Auditing? Database Firewalls? Encryption? Privileged user controls? Strong authentication? Multi-factor authorization? Yes, yes, yes, yes, yes, and yes. The answer is defense in depth. I am still surprised how many seasoned IT Security professionals don’t want to hear this answer. But security requires investment and vigilance. Our defenses must become as advanced and persistent as the threats we are trying to combat.

Tuesday Sep 27, 2011

Webcast: Database Activity Auditing, Alerting, and Reporting with Oracle Audit Vault

Although almost all organizations use native database auditing, few actually monitor this audit trail for threats or conduct regular database audits to quickly detect and remediate potential security problems. Join Tammy Bednar, Senior Principal Product Manager at Oracle, for this webcast and learn how to make the most of native database auditing by using Oracle Audit Vault.

Oracle Audit Vault automatically collects and consolidates Oracle and non-Oracle database audit trails into a centralized secure repository, detects and alerts on suspicious activity in real-time, monitors privileged users, simplifies compliance reporting with built-in and custom reports, and streamlines your database audit process with key capabilities like reports scheduling, attestation, and archiving. Register now for the webcast

To learn more about Oracle Audit Vault, watch the flash demo and download the whitepaper.

Thursday Sep 15, 2011

IDC Report: Effective Data Leak Prevention Programs - Start by Protecting Data at the Source, Your Databases

What’s Missing from your Data Loss Prevention Strategy?

Although most organizations have data leak prevention (DLP) programs in place, IDC finds they are missing strategic solutions to protect their most valuable data assets – databases. IDC estimates the amount of data is doubling every two years and as the overall amount of data grows, so does the amount of sensitive and regulated information.

This IDC white paper presents a proactive approach to data protection, discusses the growing enterprise data threats and the impact government regulations have on requiring additional data protections.

Download the report and learn how enterprises must adopt security best practices that combine both DLP and database security to mitigate data breaches while ensuring data availability.

Wednesday Aug 03, 2011

Q&A from Oracle Database 11g Security and Compliance Webcast

Last week we had more than 2900 registrants for the Oracle Database 11g Security and Compliance webcast with guest speaker Tom Kyte. With hundreds of questions coming in, we weren’t able to answer them all. Here are answers to some of the most common questions. If you missed the webcast and want to watch the recording, or would like to sign up for upcoming webcasts in the series, register here.

Q: What is the performance overhead of implementing Oracle Advanced Security with Transparent Data Encryption?
A: According to internal benchmarks and feedback from successful production implementations, the performance overhead is in the single digits. With Oracle Database 11g Release 2 Patchset 1 (, the hardware crypto acceleration based on AES-NI available in most Intel® XEON® 5600 CPUs is automatically leveraged by TDE tablespace encryption, making TDE tablespace encryption a 'near-zero impact' encryption solution. Listen to TransUnion talk about their experience deploying tablepace encryption.

Q: Can the Oracle Database Firewall be used to monitor performance?
A: Yes. The Oracle Database Firewall can non-intrusively monitor SQL traffic coming to/from the database, including database response and status of SQL statement execution, so the Oracle Database Firewall can help developers to monitor and assess SQL queries performance on production databases, find slow or inconsistently performing queries and also help to identify all clients connecting to a specific database before and after migration by providing execution times on logged database activity. Learn more in the upcoming Database Firewall webcast.

Q: How does Oracle Data Masking protect sensitive data in non-production environments?
A: With Oracle Data Masking, sensitive information such as credit card or social security numbers can be replaced with realistic values, allowing production data to be safely used for development, testing, or sharing with out-source or off-shore partners for other non-production purposes. In other words sensitive data is protected by not being made available in these environments. To better understand data masking, take a look at the flash demo.

Q: Can the Oracle Database Vault administrator/owner see data protected by a realm?
A: No. The Oracle Database Vault owner account can only setup the realm. It cannot see data protected by a realm. This is part of the separation of duty that Oracle Database Vault enforces. Learn more in the Oracle Database Vault Best Practices whitepaper.

And the most frequently asked question…

Q: Is this webcast being recorded?
A: Yes, you can get the recording here, as well as register for upcoming webcasts in the series. Don’t miss the next one, Blocking SQL Injection Attacks and Other Threats with Oracle Database Firewall on August 25th at 11am PT, featuring guest speaker Steve Moyle, CTO of Oracle Database Firewall.

Monday Jul 18, 2011

Oracle Database 11g Security and Compliance Solutions Webcast Series

As many of you are rolling out Oracle Database 11g across your enterprise, and taking advantage of the unprecedented performance of the new Oracle Exadata Database Machine to consolidate your databases, now is the time to think about security. So for the next few months, we will be presenting a series of webcasts on Oracle Database 11g Security and Compliance to help you take advantage of your database infrastructure to protect data privacy, address regulatory compliance requirements, and defend against SQL injection and other attacks.

Our first webcast, July 28 at 10am PT, will feature Tom Kyte of the popular “Ask Tom” web site. Tom will introduce you to the comprehensive database security solutions offered by Oracle and help you understand the importance of each solution in a complete database defense in depth strategy.

When you register for this webcast, you will also have an opportunity to register for all the webcasts in the series:

  • Blocking SQL Injection Attacks and Other Threats with Oracle Database Firewall
  • Database Activity Auditing, Alerting and Reporting with Oracle Audit Vault
  • Transparent Data Encryption with Oracle Database 11g
  • Privileged User Access Control with Oracle Database 11g
And in the meantime, check out our new Oracle Database Security Resource Library. It includes whitepapers, demos, and everything else you need to get started today.

Wednesday Jul 06, 2011

Oracle Data Masking: Irreversibly De-Identify Sensitive Data For Non-Production Use

Check out the new Oracle Data Masking Flash Overview.

Many organizations inadvertently breach information when they routinely copy sensitive or regulated production data into non-production environments. Data in non-production environments has increasingly become the target of cyber criminals and can be lost or stolen due to weak security controls and unmonitored access. Just like data breaches in production environments, data breaches in non-production environments can cost millions of dollars to remediate and cause irreparable harm to reputation and brand.

With Oracle Data Masking Pack, sensitive and valuable information such as credit card and social security numbers can be replaced with realistic values. This allows production data to be safely used for development, testing, and sharing with out-source or off-shore partners, or other non-production purposes.


Who are we?

Follow us on

  • TwitterFacebookLinkedIn


« July 2016