Tuesday Aug 27, 2013

Focus On Database Security at Oracle OpenWorld, 2013

Plan for Oracle OpenWorld with the most recent Focus On Database Security content!

Oracle OpenWorld is Sept 22-26, 2013 in San Francisco and this Focus On Database Security organizes all database security content including, sessions, hands-on-labs, and demos . This document is subject to change, so check back as we get closer to OpenWorld.

Here's a brief summary:

General Sessions

  • Oracle Database 12c—Engineered for Clouds and Big Data
  • Security Inside-Out with Oracle Database 12c

Conference Sessions

  • Oracle Database 12c Real Application Security for Oracle Application Express
  • Oracle Audit Vault and Database Firewall: First Line of Defense in Data Security
  • Introducing Oracle Key Vault: Enterprise Database Encryption Key Management
  • New Security Capabilities in Oracle Database 12c
  • Oracle Audit Vault and Database Firewall: Deployment Best Practices
  • Oracle Exadata Database Machine Security Best Practices
  • Oracle Database Security Solutions Customer Panel: Real-World Case Studies
  • DBA Best Practices for Protecting Data Privacy with Oracle’s Data Masking
  • Sensitive Data Redaction with Oracle Database 12c
  • Oracle Database Transparent Data Encryption Best Practices
  • Privileged Database User Security Best Practices

HOL (Hands-on Lab) Sessions

  • Database Activity Monitoring, Firewall, and Auditing
  • Hands-on Lab: New Security Capabilities in Oracle Database 12c
  • Database Activity Monitoring, Firewall, and Auditing

Demos

  • Oracle Advanced Security Encryption   
  • Oracle Advanced Security Redaction   
  • Oracle Audit Vault and Database Firewall
  • Oracle Database Vault and Oracle Label Security

See the complete Focus On Database Security here.

Tuesday Aug 06, 2013

Plug into Defense-in-Depth with Oracle Database 12c

Designed for the Cloud, the new multitenant architecture of Oracle Database 12c now enables customers to greatly simplify and accelerate database consolidation by enabling the management of hundreds of databases as one. To protect the unprecedented amounts of data customers will store within their databases, Oracle Database 12c also introduces more security capabilities than any previous Oracle Database release.

“Oracle Database 12c represents a complete shift in database technology. With the growing amount of stored data, these new multitenant databases will be targeted by both hackers and insiders, and scrutinized by auditors more than ever,” says Vipin Samar, vice president, database security product development, Oracle. “It’s imperative that customers take advantage of the new security capabilities in Oracle Database 12c to protect their data and database infrastructure.”

Key new capabilities to help customers mitigate risks and address compliance requirements include:

Data Redaction. Part of Oracle Advanced Security, Data Redaction complements transparent data encryption (TDE) by ensuring sensitive data is not exposed to users of current applications. While TDE protects information from database bypass attacks at the operating system level, Data Redaction conditionally redacts sensitive data in the outgoing result set by replacing original data with **** or any other fixed or random string of choice based upon the customer requirements. Data is redacted based on simple declarative policies that take into account rich database session context such as IP address, program name, and application user. The original data remains unaltered along with existing operational procedures.

Privilege Analysis. Part of Oracle Database Vault, Privilege Analysis can harden database access by identifying users’ or applications’ unused privileges and roles based upon the actual roles and privileges used at runtime on production servers. Typically over time, applications and users amass powerful privileges and roles that may no longer be necessary. Finding the set of used roles and privileges is important because it helps identify the minimal set required and allows unused privileges to be revoked, reducing the attack surface.

Database Vault also enables customers to realize the full potential of Oracle Database 12c multitenant-based consolidation by preventing common database administrators from accessing application data stored in a pluggable database. With three distinct separation-of-duty controls, Database Vault is critical to regulatory compliance in multitenant environments.

Conditional Auditing. Oracle Database 12c introduces a new auditing framework that creates audit records based on the context of the database session. For example, an audit policy can be defined to audit all SQL statements unless they are coming from the application server’s IP address and with the given program name. Out-of-policy connections can be fully audited while no audit data will be generated for others, enabling highly selective and effective auditing.

New roles have been introduced for managing audit data and audit policies inside the database. Audit data integrity is further protected by restricting management to the built-in audit data management package, preventing audit trail tampering using ad hoc SQL commands. Multiple audit statements can be grouped together for easier management. Three default audit policies are configured and shipped out of the box.

Additionally, Oracle Audit Vault and Database Firewall now supports Oracle Database 12c, and can be used to collect, consolidate, alert and report on audit data from Oracle and non-Oracle databases and operating systems. Oracle Audit Vault and Database Firewall can also monitor Oracle Database 12c SQL activity over the network, blocking any unauthorized activity such as SQL injection attacks, or insider abuse.

Sensitive Data Discovery and Management. Locating and cataloging sensitive data is more critical than ever. Oracle Enterprise Manager Data Discovery and Modeling (DDM) and Sensitive Data Discovery (SDD) facilitate the process of locating sensitive data within an application and applying security controls on that data. In addition, the new Oracle Database 12c Transparent Sensitive Data Protection (TSDP) can load sensitive information from Oracle Enterprise Manager Data Discovery and Modeling into the Oracle database and apply security controls such as Data Redaction. This greatly reduces the operational burden of managing sensitive data consistently in Oracle Database 12c environments.

Real Application Security. Oracle Database 12c introduces the next generation authorization framework to support the increased application security requirements in multitenant environments. Unlike the traditional Oracle VPD, Oracle Database 12c Real Application Security (RAS) provides a declarative model that allows developers to define the data security policy based on application users, roles and privileges within the Oracle Database. This new RAS-based paradigm is more secure, scalable, and cost effective.

In addition to these critical new capabilities, Oracle Database 12c greatly strengthens the overall database security posture with new Oracle Database Vault realm controls, Oracle Advanced Security TDE key management, Oracle Enterprise Manager Security Console, and more.

All the security capabilities available in Oracle Database 12c are compatible with the new multitenant architecture in Oracle Database 12c. As a result, customers can quickly and efficiently address the unique security requirements of each pluggable database. The security policies move with the pluggable database when it is unplugged from one and plugged into a new Oracle Database 12c multitenant server.

Learn more about Oracle Database Security

Monday Jul 08, 2013

Oracle Database 12c Launch Webcast Featuring Security

 

Security A Key Part of Introducing Oracle Database 12c Webcast

More information is coming out as we introduce the next edition of Oracle Database 12c, including more new security capabilities than any other release in Oracle history! During the webcast featuring Mark Hurd, Andy Mendelsohn, and Tom Kyte, you'll also hear from Vipin Samar, Vice President of Oracle Database Security as he highlights some of these new features including sensitive data redaction and privilege analysis.

This is a must-see event, so register now for the July 10th webcast: Introducing Oracle Database 12c.

Plus, we'll have some security experts on hand to answer your questions via the chat console.

Wednesday Jun 05, 2013

Comprehensive Database Security Defense-in-Depth

Recent successful cyber attacks against some of the most security savvy organizations have put into question IT Security strategies across all industries. The reliance on network security and user credentials have left many institutions vulnerable to attacks by insiders, outsiders exploiting stolen credentials, and SQL injection attacks. Additionally, the pervasive use of production data in non-production environments means that attackers can focus their efforts on a development or test server. Analysts estimate that less than 20% of IT Security plans address database security. 

Oracle Database Security

When Oracle talks about having a comprehensive database strategy, it includes defense-in-depth security controls that protect multiple layers in and around the database environment.

  • Preventive controls are those that are intended to avoid an incident from occurring
  • Detective controls help identify an incident's activities and potentially an intruder
  • Administrative controls are the tools that help with the process and procedures associated with database security
To learn more about each of the Oracle Database Security controls, please visit oracle.com/database/security

Wednesday May 22, 2013

Join Us at the Gartner Security and Risk Management Summit, June 10

Oracle will be a Silver sponsor at this year's Gartner Security & Risk Management Summit in Maryland, and showcasing Oracle Database Security solutions. Stop by to meet and interact with Oracle Security experts throughout the event.

Strategic Roadmaps to Secure the Enterprise and Reduce Risk

As the premier gathering of enterprise IT security and risk management executives, the summit takes a comprehensive look at the entire spectrum of IT security, business continuity management and risk, including: network and infrastructure security, identity and access management, compliance, privacy, fraud, business continuity management, and resilience. This year’s summit offers five in-depth, role-based programs:

  • CISO Program
  • IT Security
  • Risk Management and Compliance
  • Business Continuity Management (BCM)
  • The Business of IT Security

Thursday May 09, 2013

New Study Reveals Security Spending Not Protecting the Right Assets

Despite widespread belief that database breaches represent the greatest security risk to their business, organizations continue to devote a far greater share of their security resources to network assets rather than database assets, according to a new report, An Inside Out Approach to Enterprise Security, issued by CSO and sponsored by Oracle.

Read more here in the latest Database Insider newsletter.

Thursday Mar 21, 2013

Security Inside Out Newsletter Available - Subscribe Now!

The latest edition of Security Inside Out newsletter is now available. If you don't get this bi-monthly security newsletter in your inbox, then please subscribe. The latest news includes:

Q&A: Ontario Commissioner and Leading Privacy Expert Dr. Ann Cavoukian

Dr. Ann Cavoukian is both Ontario's information and privacy commissioner and one of the leading privacy experts in the world. In January, Dr. Cavoukian and Oracle released a new white paper covering the convergence of privacy and security. 

Read More

Oracle Named a Leader in Gartner Magic Quadrant for Data Masking Technology

Gartner, Inc. has named Oracle as a leader in its “Magic Quadrant for Data Masking Technology,” published in December 2012.

Read More

Virgin Media Relies on Oracle Identity Management to Secure Wi-Fi Service in the London Underground

Leading up to the 2012 Olympics, Virgin Media was entrusted with a massive undertaking—to quickly and securely provide London's Underground stations with Wi-Fi service. The company turned to two Oracle Identity Management solutions—Oracle Virtual Directory and Oracle Entitlements Server—to successfully deliver.

Read More

Friday Mar 15, 2013

Finding Oracle Database Security Information

One of the many issues security professionals face is tracking down information for their particular security challenges. Oracle has a multitude of resources across our comprehensive database security defense-in-depth solutions. Quite frankly, it can be difficult to find the particular information you're looking for. So, here's an attempt to consolidate some of those key resources: 

Product Information 

 Customer Case Studies

Events and Training

Analyst, News, and Social

Collateral


Thursday Feb 14, 2013

Gartner Positions Oracle in Leaders Quadrant for Data Masking

Gartner, Inc. has named Oracle as a Leader in its first “Magic Quadrant for Data Masking Technology(1). Gartner’s Magic Quadrant reports position vendors within a particular quadrant based on their completeness of vision and ability to execute.

According to Gartner, “Adopting data masking helps enterprises raise the level of security and privacy assurance against abuses. At the same time, data masking helps enterprises meet compliance requirements with the security and privacy standards recommended by regulating/auditing authorities.”

Gartner continued, “…we expect a relatively high speed of technology maturity for data masking. By 2016, the static data masking [SDM] market will reach the Plateau of Productivity in Gartner's Hype Cycle, with approximately 50% of the target audience adopting it.”

“With more structured and unstructured data in enterprise databases, companies need simple and consistent tools to comply with data privacy regulations and mask sensitive data during application development, testing or data analysis,” said Vipin Samar, Vice President of Database Security Product Development, Oracle. “Oracle is the world’s #1 database provider, integrating best-in-class hardware and software to deliver extreme performance and ensure robust database security for our customers.”

Oracle Data Masking Pack is a component of Oracle Enterprise Manager and part of the Oracle Database Security defense-in-depth solution. Get the Gartner Magic Quadrant for Data Masking Technology here.

(1) Gartner, Inc., “Magic Quadrant for Data Masking Technology,” by Joseph Feiman, Carsten Casper, December 20, 2012

Wednesday Feb 06, 2013

(ISC)2 Security Briefing Series - The Easy Target: Your Unsecured Databases

Please join Oracle and (ISC)2 as we discuss the importance of detective, preventive, and administrative security controls for a comprehensive database security defense-in-depth strategy.

Part 1: 60 Seconds to Infiltrate, Months to Discover

According to leading industry reports, 98% of breached data originates from database servers and nearly half are compromised in less than a minute! Almost all victims are not aware of a breach until a third party notifies them and nearly all breaches could have been avoided through the use of basic controls. Join (ISC)2 and Oracle on January 31, 2013 for Part 1 of our next Security Briefings series that will focus on database security and the detective, preventive, and administrative controls that can be put in place to mitigate the risk to your databases. There's no turning back the clock on stolen data, but you can put in place controls to ensure your organization won't be the next headline.

Register Now

Part 2: As Attacks Evolve, Can You Prevent Them?
Thursday, February 21, 2013, 10am PST/1pm EST
The collaboration and sharing of information made possible by social media has enabled a new class of social engineering attacks, greatly increasing the risks posed by insiders for most organizations. Consider that LinkedIn searches for "Database Administrator" and "System Administrator" return over one million potential targets. In fact, stolen credentials were involved in 84% of the attacks that have resulted in over one billion records stolen from database servers. Join (ISC)2 and Oracle on February 21, 2013 for Part 2 of our Security Briefings series as we focus on database security and the preventive controls that can be used to mitigate the risks posed by insiders and attackers exploiting legitimate access to data and database infrastructure by adopting a defense-in-depth strategy. 
Part 3: Data Breaches are the Tip of the Iceberg
Date/Time: April 4, 2013, 10am PST/1pm EST
Digital security is the new battleground and cyber criminals are focused on stealing corporate and government secrets for financial and strategic gain. With increasing internal and external attacks and stronger regulatory compliance enforcement, investing in data security is a top priority for organizations; yet, significant gaps still exist at the very core — the databases that house the crown jewels. Join (ISC)2 and Oracle on Apr 4, 2013 for the conclusion of our Security Briefings series as we summarize implementing an effective database security strategy by using administrative controls that can help organizations discover where sensitive data resides and who has privileged access to this data.

Wednesday Jan 23, 2013

SquareTwo Enables Development Efficiency, Compliance with Oracle

SquareTwo Financial, a leader in the $100 billion asset recovery and management industry, enables fast growth and regulatory compliance with Oracle Database Security defense-in-depth solutions. Hear J-T Gaietto, manager of information security, discuss how they use Oracle Database Firewall, Oracle Data Masking, and Oracle Advanced Security to enable fast growth and comply with regulatory mandates. 

SquareTwo Financial Enables Development Efficiency and Compliance with Oracle Database Security

Watch the video.

Challenges

  • Comply with a number of regulations: GLBA, HIPAA HITECH, SOX, and PCI DSS
  • Prove separation of duties for Sarbanes-Oxley Act compliance
  • Quickly scale IT security to address fast 37% company growth
  • Minimal disruption to 5.9 million accounts while maintaining growth
  • Secure heterogeneous database environment, with no application changes

Solution

  • Address compliance with database firewall, transparent data encryption,
    data masking for a comprehensive database security defense-in-depth strategy
  • Database activity monitoring to protect against insider and external threats,
    including SQL injection attacks
  • Secure Oracle Exadata and Microsoft SQL Server database activity, with
    no application changes 

 Listen to the podcast for more details.

Thursday Dec 20, 2012

Oracle Audit Vault and Database Firewall In the News

Here's some news coverage regarding our recent announcement of Oracle Audit Vault and Database Firewall.

 ...and some quotable quotes:

"Oracle is simplifying its security offerings by combining a pair of existing tools into a single package. The offering, Oracle Audit Vault and Database Firewall, provides both network traffic sniffing for security threats and audit data analysis.” – IDG News Service

“Oracle is merging a couple of its existing security products together to make one big solution to tackle Oracle and non-Oracle database traffic.” – ZDNet Between the Lines blog

“The consolidated, centralized repository enables all audit and event logs to be analyzed in real-time against pre-defined policies; offers visibility into stored procedure execution, recursive SQL and operational activities; comes with dozens of built-in reports to meet compliance requirements; and provides a range of alerts, including multi-event alerts and alert thresholds.” – Database Trends and Applications

Thursday Dec 06, 2012

Columbia University Secures PeopleSoft Financials with Oracle's Transparent Data Encryption

Columbia University, the oldest institution of higher learning in New York, protects sensitive data in Oracle's PeopleSoft Financials using Oracle Advanced Security with transparent data encryption. Hear, Nick Caragiulo, manager of database administration, discuss how Columbia helps address internal and regulatory requirements for encryption of data at rest and in motion.

Wednesday Nov 21, 2012

Closing the Gap: 2012 IOUG Enterprise Data Security Survey

The new survey from the Independent Oracle Users Group (IOUG) titled "Closing the Security Gap: 2012 IOUG Enterprise Data Security Survey," uncovers some interesting trends in IT security among IOUG members and offers recommendations for securing data stored in enterprise databases.
Closing the Gap: 2012 IOUG Enterprise Data Security Survey Report
"Despite growing threats and enterprise data security risks, organizations that implement appropriate detective, preventive, and administrative safeguards are seeing significant results," finds the report's author, Joseph McKendrick, analyst, Unisphere Research.

Produced by Unisphere Research and underwritten by Oracle, the report is based on responses from 350 IOUG members representing a variety of job roles, organization sizes, and industry verticals.

Key findings include

  • Corporate budgets increase, but trailing. Though corporate data security budgets are increasing this year, they still have room to grow to reach the previous year’s spending. Additionally, more than half of respondents say their organizations still do not have, or are unaware of, data security plans to help address contingencies as they arise.
  • Danger of unauthorized access. Less than a third of respondents encrypt data that is either stored or in motion, and at the same time, more than three-fifths say they send actual copies of enterprise production data to other sites inside and outside the enterprise.
  • Privileged user misuse. Only about a third of respondents say they are able to prevent privileged users from abusing data, and most do not have, or are not aware of, ways to prevent access to sensitive data using spreadsheets or other ad hoc tools.
  • Lack of consistent auditing. A majority of respondents actively collect native database audits, but there has not been an appreciable increase in the implementation of automated tools for comprehensive auditing and reporting across databases in the enterprise.

IOUG Recommendations
The report's author finds that securing data requires not just the ability to monitor and detect suspicious activity, but also to prevent the activity in the first place. To achieve this comprehensive approach, the report recommends the following.

  • Apply an enterprise-wide security strategy. Database security requires multiple layers of defense that include a combination of preventive, detective, and administrative data security controls.
  • Get business buy-in and support. Data security only works if it is backed through executive support. The business needs to help determine what protection levels should be attached to data stored in enterprise databases.
  • Provide training and education. Often, business users are not familiar with the risks associated with data security. Beyond IT solutions, what is needed is a well-engaged and knowledgeable organization to help make security a reality.

Wednesday Nov 07, 2012

Gone in 60 Seconds: An Insecure Database is an Easy Target

According to the recent Verizon Data Breach Investigations Report, 98% of breached data originates from database servers and nearly half are compromised in less than a minute! Almost all victims are not even aware of a breach until a third party notifies them and nearly all breaches could have been avoided through the use of basic controls.

Join us for this November 28th webcast to learn more about the evolving threats to databases that have resulted in over 1 billion stolen records. Also, hear how organizations can mitigate risks by adopting a defense-in-depth strategy that focuses on basic controls to secure data at the source - the database.

There's no turning back the clock on stolen data, but you can put in place controls to ensure your organization won't be the next headline.

Note, this webcast will be recorded for on-demand access after November 28th. 

About

Who are we?

Follow us on

  • TwitterFacebookLinkedIn

Search

Archives
« March 2015
SunMonTueWedThuFriSat
1
2
3
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
    
       
Today