Thursday Dec 20, 2012

Oracle Audit Vault and Database Firewall In the News

Here's some news coverage regarding our recent announcement of Oracle Audit Vault and Database Firewall.

 ...and some quotable quotes:

"Oracle is simplifying its security offerings by combining a pair of existing tools into a single package. The offering, Oracle Audit Vault and Database Firewall, provides both network traffic sniffing for security threats and audit data analysis.” – IDG News Service

“Oracle is merging a couple of its existing security products together to make one big solution to tackle Oracle and non-Oracle database traffic.” – ZDNet Between the Lines blog

“The consolidated, centralized repository enables all audit and event logs to be analyzed in real-time against pre-defined policies; offers visibility into stored procedure execution, recursive SQL and operational activities; comes with dozens of built-in reports to meet compliance requirements; and provides a range of alerts, including multi-event alerts and alert thresholds.” – Database Trends and Applications

Wednesday Nov 28, 2012

Introducing Next-Generation Enterprise Auditing and Database Firewall Webcast, 12/12/12

Join us, December 12 at 10am PT/1pm ET, to hear about a new Oracle product that monitors Oracle and non-Oracle database traffic, detects unauthorized activity including SQL injection attacks, and blocks internal and external threats from reaching the database. In addition, this new product collects and consolidates audit data from databases, operating systems, directories, and any custom template-defined source into a centralized, secure warehouse.

This new enterprise security monitoring and auditing platform allows organizations to quickly detect and respond to threats with powerful real-time policy analysis, alerting and reporting capabilities. Based on proven SQL grammar analysis that ensures accuracy, performance, and scalability, organizations can deploy with confidence in any mode.

You will also hear how organizations such as TransUnion Interactive and SquareTwo Financial rely on Oracle today to monitor and secure their Oracle and non-Oracle database environments.

Register for the webcast here.

Monday Jul 09, 2012

Lockdown Your Database Security

A new article in Oracle Magazine outlines a comprehensive defense-in-depth approach for appropriate and effective database protection. There are multiple ways attackers can disrupt the confidentiality, integrity and availability of data and therefore, putting in place layers of defense is the best measure to protect your sensitive customer and corporate data.

“In most organizations, two-thirds of sensitive and regulated data resides in databases,” points out Vipin Samar, vice president of database security technologies at Oracle. “Unless the databases are protected using a multilayered security architecture, that data is at risk to be read or changed by administrators of the operating system, databases, or network, or hackers who use stolen passwords to pose as administrators. Further, hackers can exploit legitimate access to the database by using SQL injection attacks from the Web. Organizations need to mitigate all types of risks and craft a security architecture that protects their assets from attacks coming from different sources.”

Friday Nov 04, 2011

RSA Attack Tip of the Iceberg and Wake Up Call for Organizations Worldwide?

Security experts now say that RSA wasn’t the only corporation victimized in the attack that shook the corporate and government leaders worldwide. If this could happen to a Security company like RSA, could this happen to any organization? Apparently the answer is yes. About 760 other organizations according to a recent post on Brian Krebs blog. Interestingly enough none of these organizations have spoken out. Is it because they don’t want the brand hit or is it just that they didn’t know what happened? My money’s on the latter.

Every year Verizon reports that the majority of data breaches are discovered by third parties. I wonder how many of the 760 companies Krebs named are scrambling to figure what was compromised in the attack.  Were critical business plans stolen? Or were manufacturing parameters changed? Going through logs looking for clues. But wait what logs? According to a recent survey of the Independent Oracle User Group only 30% of organizations are monitoring reads and writes to sensitive data stored in their databases. Taken in combination with the lack of preventive controls at the database layer, most organizations are soft targets for Advanced Persistent Threats as well as not so advanced opportunistic attacks like the Liza Moon SQL injection attack used to compromise over 4 million databases in a single day.

So what’s the solution: Auditing? Database Firewalls? Encryption? Privileged user controls? Strong authentication? Multi-factor authorization? Yes, yes, yes, yes, yes, and yes. The answer is defense in depth. I am still surprised how many seasoned IT Security professionals don’t want to hear this answer. But security requires investment and vigilance. Our defenses must become as advanced and persistent as the threats we are trying to combat.
About

Who are we?

Follow us on

  • TwitterFacebookLinkedIn

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
2
3
4
5
6
7
8
9
10
12
13
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today