Thursday Mar 21, 2013

Security Inside Out Newsletter Available - Subscribe Now!

The latest edition of Security Inside Out newsletter is now available. If you don't get this bi-monthly security newsletter in your inbox, then please subscribe. The latest news includes:

Q&A: Ontario Commissioner and Leading Privacy Expert Dr. Ann Cavoukian

Dr. Ann Cavoukian is both Ontario's information and privacy commissioner and one of the leading privacy experts in the world. In January, Dr. Cavoukian and Oracle released a new white paper covering the convergence of privacy and security. 

Read More

Oracle Named a Leader in Gartner Magic Quadrant for Data Masking Technology

Gartner, Inc. has named Oracle as a leader in its “Magic Quadrant for Data Masking Technology,” published in December 2012.

Read More

Virgin Media Relies on Oracle Identity Management to Secure Wi-Fi Service in the London Underground

Leading up to the 2012 Olympics, Virgin Media was entrusted with a massive undertaking—to quickly and securely provide London's Underground stations with Wi-Fi service. The company turned to two Oracle Identity Management solutions—Oracle Virtual Directory and Oracle Entitlements Server—to successfully deliver.

Read More

Thursday Feb 14, 2013

Gartner Positions Oracle in Leaders Quadrant for Data Masking

Gartner, Inc. has named Oracle as a Leader in its first “Magic Quadrant for Data Masking Technology(1). Gartner’s Magic Quadrant reports position vendors within a particular quadrant based on their completeness of vision and ability to execute.

According to Gartner, “Adopting data masking helps enterprises raise the level of security and privacy assurance against abuses. At the same time, data masking helps enterprises meet compliance requirements with the security and privacy standards recommended by regulating/auditing authorities.”

Gartner continued, “…we expect a relatively high speed of technology maturity for data masking. By 2016, the static data masking [SDM] market will reach the Plateau of Productivity in Gartner's Hype Cycle, with approximately 50% of the target audience adopting it.”

“With more structured and unstructured data in enterprise databases, companies need simple and consistent tools to comply with data privacy regulations and mask sensitive data during application development, testing or data analysis,” said Vipin Samar, Vice President of Database Security Product Development, Oracle. “Oracle is the world’s #1 database provider, integrating best-in-class hardware and software to deliver extreme performance and ensure robust database security for our customers.”

Oracle Data Masking Pack is a component of Oracle Enterprise Manager and part of the Oracle Database Security defense-in-depth solution. Get the Gartner Magic Quadrant for Data Masking Technology here.

(1) Gartner, Inc., “Magic Quadrant for Data Masking Technology,” by Joseph Feiman, Carsten Casper, December 20, 2012

Monday Jul 09, 2012

Lockdown Your Database Security

A new article in Oracle Magazine outlines a comprehensive defense-in-depth approach for appropriate and effective database protection. There are multiple ways attackers can disrupt the confidentiality, integrity and availability of data and therefore, putting in place layers of defense is the best measure to protect your sensitive customer and corporate data.

“In most organizations, two-thirds of sensitive and regulated data resides in databases,” points out Vipin Samar, vice president of database security technologies at Oracle. “Unless the databases are protected using a multilayered security architecture, that data is at risk to be read or changed by administrators of the operating system, databases, or network, or hackers who use stolen passwords to pose as administrators. Further, hackers can exploit legitimate access to the database by using SQL injection attacks from the Web. Organizations need to mitigate all types of risks and craft a security architecture that protects their assets from attacks coming from different sources.”

Friday Nov 04, 2011

RSA Attack Tip of the Iceberg and Wake Up Call for Organizations Worldwide?

Security experts now say that RSA wasn’t the only corporation victimized in the attack that shook the corporate and government leaders worldwide. If this could happen to a Security company like RSA, could this happen to any organization? Apparently the answer is yes. About 760 other organizations according to a recent post on Brian Krebs blog. Interestingly enough none of these organizations have spoken out. Is it because they don’t want the brand hit or is it just that they didn’t know what happened? My money’s on the latter.

Every year Verizon reports that the majority of data breaches are discovered by third parties. I wonder how many of the 760 companies Krebs named are scrambling to figure what was compromised in the attack.  Were critical business plans stolen? Or were manufacturing parameters changed? Going through logs looking for clues. But wait what logs? According to a recent survey of the Independent Oracle User Group only 30% of organizations are monitoring reads and writes to sensitive data stored in their databases. Taken in combination with the lack of preventive controls at the database layer, most organizations are soft targets for Advanced Persistent Threats as well as not so advanced opportunistic attacks like the Liza Moon SQL injection attack used to compromise over 4 million databases in a single day.

So what’s the solution: Auditing? Database Firewalls? Encryption? Privileged user controls? Strong authentication? Multi-factor authorization? Yes, yes, yes, yes, yes, and yes. The answer is defense in depth. I am still surprised how many seasoned IT Security professionals don’t want to hear this answer. But security requires investment and vigilance. Our defenses must become as advanced and persistent as the threats we are trying to combat.
About

Who are we?

Follow us on

  • TwitterFacebookLinkedIn

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
2
3
4
5
6
7
8
9
10
12
13
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today