Wednesday Mar 04, 2015

Securing Information in the New Digital Economy

We are in the midst of a data breach epidemic, fueled by a lucrative information black market. The perimeter security most IT organizations rely on has become largely ineffective. Nearly 70% of security resources are focused on perimeter controls, but most exploited vulnerabilities are internal. 

Effective modern security requires an inside-out approach with a focus on data and internal controls.

A New Hacker Economy

Today, a layered economy of specialized, organized hackers has created a black market estimated to be more lucrative than the illegal drug trade. (Lillian Ablon 2014) Hacking-for-hire has made the black market accessible to non-experts, expanding its reach exponentially.  As businesses grow their online footprints, criminals find new ways of attacking their vulnerabilities.

Thinking Inside-Out

Internal systems are the new perimeter – the new front line in the battle for data security. Security should be built into the customer and employee experiences.

  • Manage privileged user access and think beyond the password: another layer of authentication can vastly increase security.
  • Make it more costly and difficult for attackers by protecting the most valuable information first. 

Rebalancing Information Security

Diminish the information supply chain and cut off the cash flow to the black market. Taking a security inside-out approach could bring an end to the arms race, giving economic recovery a chance.

To learn more about Securing Information in the New Digital Economy, read the joint Oracle and Verizon Report.

Thursday Dec 20, 2012

Oracle Audit Vault and Database Firewall In the News

Here's some news coverage regarding our recent announcement of Oracle Audit Vault and Database Firewall.

 ...and some quotable quotes:

"Oracle is simplifying its security offerings by combining a pair of existing tools into a single package. The offering, Oracle Audit Vault and Database Firewall, provides both network traffic sniffing for security threats and audit data analysis.” – IDG News Service

“Oracle is merging a couple of its existing security products together to make one big solution to tackle Oracle and non-Oracle database traffic.” – ZDNet Between the Lines blog

“The consolidated, centralized repository enables all audit and event logs to be analyzed in real-time against pre-defined policies; offers visibility into stored procedure execution, recursive SQL and operational activities; comes with dozens of built-in reports to meet compliance requirements; and provides a range of alerts, including multi-event alerts and alert thresholds.” – Database Trends and Applications

Wednesday Nov 28, 2012

Introducing Next-Generation Enterprise Auditing and Database Firewall Webcast, 12/12/12

Join us, December 12 at 10am PT/1pm ET, to hear about a new Oracle product that monitors Oracle and non-Oracle database traffic, detects unauthorized activity including SQL injection attacks, and blocks internal and external threats from reaching the database. In addition, this new product collects and consolidates audit data from databases, operating systems, directories, and any custom template-defined source into a centralized, secure warehouse.

This new enterprise security monitoring and auditing platform allows organizations to quickly detect and respond to threats with powerful real-time policy analysis, alerting and reporting capabilities. Based on proven SQL grammar analysis that ensures accuracy, performance, and scalability, organizations can deploy with confidence in any mode.

You will also hear how organizations such as TransUnion Interactive and SquareTwo Financial rely on Oracle today to monitor and secure their Oracle and non-Oracle database environments.

Register for the webcast here.

Monday Jul 09, 2012

Lockdown Your Database Security

A new article in Oracle Magazine outlines a comprehensive defense-in-depth approach for appropriate and effective database protection. There are multiple ways attackers can disrupt the confidentiality, integrity and availability of data and therefore, putting in place layers of defense is the best measure to protect your sensitive customer and corporate data.

“In most organizations, two-thirds of sensitive and regulated data resides in databases,” points out Vipin Samar, vice president of database security technologies at Oracle. “Unless the databases are protected using a multilayered security architecture, that data is at risk to be read or changed by administrators of the operating system, databases, or network, or hackers who use stolen passwords to pose as administrators. Further, hackers can exploit legitimate access to the database by using SQL injection attacks from the Web. Organizations need to mitigate all types of risks and craft a security architecture that protects their assets from attacks coming from different sources.”

Friday Nov 04, 2011

RSA Attack Tip of the Iceberg and Wake Up Call for Organizations Worldwide?

Security experts now say that RSA wasn’t the only corporation victimized in the attack that shook the corporate and government leaders worldwide. If this could happen to a Security company like RSA, could this happen to any organization? Apparently the answer is yes. About 760 other organizations according to a recent post on Brian Krebs blog. Interestingly enough none of these organizations have spoken out. Is it because they don’t want the brand hit or is it just that they didn’t know what happened? My money’s on the latter.

Every year Verizon reports that the majority of data breaches are discovered by third parties. I wonder how many of the 760 companies Krebs named are scrambling to figure what was compromised in the attack.  Were critical business plans stolen? Or were manufacturing parameters changed? Going through logs looking for clues. But wait what logs? According to a recent survey of the Independent Oracle User Group only 30% of organizations are monitoring reads and writes to sensitive data stored in their databases. Taken in combination with the lack of preventive controls at the database layer, most organizations are soft targets for Advanced Persistent Threats as well as not so advanced opportunistic attacks like the Liza Moon SQL injection attack used to compromise over 4 million databases in a single day.

So what’s the solution: Auditing? Database Firewalls? Encryption? Privileged user controls? Strong authentication? Multi-factor authorization? Yes, yes, yes, yes, yes, and yes. The answer is defense in depth. I am still surprised how many seasoned IT Security professionals don’t want to hear this answer. But security requires investment and vigilance. Our defenses must become as advanced and persistent as the threats we are trying to combat.
About

Who are we?

Follow us on

  • TwitterFacebookLinkedIn

Search

Archives
« July 2015
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
       
Today