SlideShare uma empresa Scribd logo

Security Inside Out: Latest Innovations in Oracle Database 12c

T
Troy Kitch

Oracle Database 12c includes more new security capabilities than any other release in Oracle history! In this presentation you will learn about these capabilities, as well as innovative new solutions to protect Oracle Database instances and non-Oracle databases. Hear how Oracle is responding to customer requirements to stay ahead of the evolving threat and regulatory landscape with new preventive controls that include data redaction and a new unified platform that provides database traffic monitoring and enterprise wide auditing.

TecnologiaNotícias e política
1 de 30
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.1
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.2 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Release timing for Oracle Database 12c is planned for Calendar Year 2013.
Security Inside Out Latest Innovations in Oracle Database 12c <presenter name> <presenter title> <presenter company>
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.4 Breached using weak or stolen credentials Preventable with basic controls 76% 97% Records breached from servers67% Over 1.1B Served Discovered by an external party69%
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.5 “We are at the mercy of a new generation of spies who operate remotely [that] have already shown their ability to penetrate our power plants, steal our latest submarine technology, rob our banks, and invade the Pentagon’s secret communications systems.” Joel Brenner, former Inspector General of the National Security Agency and Chief of Counterintelligence for the Director of National Intelligence Data Breaches are the Tip of the Iceberg… Digital Security is the New Battle Ground
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.6 “You don’t bother to just simply hack the organization and its infrastructure; you focus much more of your attention on hacking the employees….” Anatomy of an Attack Uri Rivner CTO, RSA (Security Division of EMC) Targets Increasing as Attacks Evolve DBAs, OS Admins, Developers, Multiple Copies of the Data, etc.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.7 Forrester Research Network Security SIEM Endpoint Security Web Application Firewall Email Security Authentication & User Security Database Security Why Are Databases So Vulnerable? 80% of IT Security Programs Don’t Address Database Security “Enterprises are taking on risks that they may not even be aware of. Especially as more and more attacks against databases exploit legitimate access.”
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.8 Oracle Database Security Solutions Defense-in-Depth for Maximum Security Activity Monitoring Database Firewall Auditing and Reporting DETECTIVE Redaction and Masking Privileged User Controls Encryption PREVENTIVE ADMINISTRATIVE Sensitive Data Discovery Configuration Management Privilege Analysis
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.9 Oracle Database Security Solutions Defense-in-Depth for Maximum Security Activity Monitoring Database Firewall Auditing and Reporting DETECTIVE Redaction and Masking Privileged User Controls Encryption PREVENTIVE ADMINISTRATIVE Sensitive Data Discovery Configuration Management Privilege Analysis
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.10  Transparent data encryption  Prevents access to data at rest  Requires no application changes  Built-in two-tier key management  “Near Zero” overhead with hardware  Integrations with Oracle technologies – e.g. Exadata, Advanced Compression, ASM, GoldenGate, DataPump, etc. Oracle Advanced Security Encryption is the Foundation Preventive Control for Oracle Databases Disk Backups Exports Off-Site Facilities Applications
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.11  Real-time sensitive data redaction based on database session context  Library of redaction policies and point- and-click policy definition  Consistent enforcement, policies applied to data  Transparent to applications, users, and operational activities Oracle Advanced Security Redaction of Sensitive Data Displayed Preventive Control for Oracle Database 12c Credit Card Numbers 4451-2172-9841-4368 5106-8395-2095-5938 7830-0032-0294-1827 Redaction Policy xxxx-xxxx-xxxx-4368 4451-2172-9841-4368 Billing Department Call Center Application
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.12  Replace sensitive application data  Referential integrity detected/preserved  Extensible template library and formats  Application templates available  Support for masking data in non-Oracle databases Oracle Data Masking Masking Data for Non-Production Use Preventive Control for Oracle Databases LAST_NAME SSN SALARY ANSKEKSL 323—23-1111 60,000 BKJHHEIEDK 252-34-1345 40,000 LAST_NAME SSN SALARY AGUILAR 203-33-3234 40,000 BENSON 323-22-2943 60,000 Production Non-Production Dev Test Production
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.13  Limit DBA access to application data  Multi-factor SQL command rules  Realms create protective zones  Enforce enterprise data governance, least privilege, segregation of duties  Out of the box application policies Oracle Database Vault Privileged User Controls Preventive Control for Oracle Databases Procurement HR Finance select * from finance.customers Application DBA Applications Security DBA DBA
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.14 Label Based Access Control Preventive Control for Oracle Databases Transactions Report Data Reports Confidential Sensitive Sensitive Confidential Public  Virtual information partitioning for cloud, SaaS, hosting environments  Classify users and data using labels  Labels based on business drivers  Automatically enforced row level access control, transparent to applications  Labels can be factors in other policies Oracle Label Security
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.15 Oracle Database Security Solutions Defense-in-Depth for Maximum Security Activity Monitoring Database Firewall Auditing and Reporting DETECTIVE Redaction and Masking Privileged User Controls Encryption PREVENTIVE ADMINISTRATIVE Sensitive Data Discovery Configuration Management Privilege Analysis
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.16 Oracle Audit Vault and Database Firewall Database Activity Monitoring and Firewall Detective Control for Oracle and non-Oracle Databases  Monitors network traffic, detect and block unauthorized activity  Highly accurate SQL grammar analysis  Can detect/stop SQL injection attacks  Whitelist approach to enforce activity  Blacklists for managing high risk activity  Scalable secure software appliance Block Log Allow Alert SubstituteApps Whitelist Blacklist SQL Analysis Policy Factors Users
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.17 Oracle Audit Vault and Database Firewall Audit, Report, and Alert in Real-Time Detective Control for Oracle and non-Oracle Databases Audit Data & Event Logs Policies Built-in Reports Alerts Custom Reports ! OS & Storage Directories Databases Oracle Database Firewall Custom Security Analyst Auditor SOC  Centralized secure repository delivered as secure, scalable software appliance  Powerful alerting - thresholds, group-by  Out-of-the box and custom reports  Consolidated multi-source reporting  Built-in fine grain segregation of duties
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.18 Built-in Reports Alerts Custom Reports ! Oracle Audit Vault and Database Firewall New Solution for Oracle and Non-Oracle Databases Firewall Events Users Applications Database Firewall Allow Log Alert Substitute Block Audit Data Audit Vault OS, Directory, File System & Custom Audit Logs Policies Security Analyst Auditor SOC
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.19 Oracle Database Security Solutions Defense-in-Depth for Maximum Security Activity Monitoring Database Firewall Auditing and Reporting DETECTIVE Redaction and Masking Privileged User Controls Encryption PREVENTIVE ADMINISTRATIVE Sensitive Data Discovery Configuration Management Privilege Analysis
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.20 Oracle Database Vault Discover Use of Privileges and Roles Administrative Control for Oracle Database 12c Privilege Analysis Create… Drop… Modify… DBA role APPADMIN role  Turn on privilege capture mode  Report on actual privileges and roles used in the database  Helps revoke unnecessary privileges  Enforce least privilege and reduce risks  Increase security without disruption
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.21  Scan Oracle for sensitive data  Built-in, extensible data definitions  Discover application data models  Protect sensitive data appropriately: encrypt, redact, mask, audit… Oracle Enterprise Manager 12c Discover Sensitive Data and Databases Administrative Control for Oracle Database 12c
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.22 Oracle Database Lifecycle Management Configuration Management Administrative Control for Oracle Databases Discover Scan & Monitor Patch  Discover and classify databases  Scan for best practices, standards  Detect unauthorized changes  Automated remediation  Patching and provisioning
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.23 Oracle Database Security Solutions Defense-in-Depth for Maximum Security Activity Monitoring Database Firewall Auditing and Reporting DETECTIVE Redaction and Masking Privileged User Controls Encryption PREVENTIVE ADMINISTRATIVE Sensitive Data Discovery Configuration Management Privilege Analysis
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.24 Oracle Database Security Customers Worldwide Rely on Oracle Database Security
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.25 Oracle Database Security Solutions Summary Simple and Flexible Enterprise Ready Security and Compliance Speed and Scale
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.26  Data Sheets  Whitepapers  Webcasts  Case Studies  Events  News  and more… www.oracle.com/database/security Resources
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.27 Q&A
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.28
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.29 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Release timing for Oracle Database 12c is planned for Calendar Year 2013.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.30

Recomendados

Oracle Database Security
Oracle Database SecurityOracle Database Security
Oracle Database Security
Troy Kitch
 
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteOracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Edgar Alejandro Villegas
 
Oracle Database Firewall - Pierre Leon
Oracle Database Firewall - Pierre LeonOracle Database Firewall - Pierre Leon
Oracle Database Firewall - Pierre Leon
OracleVolutionSeries
 
Introducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallIntroducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database Firewall
Troy Kitch
 
Ppt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdfPpt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdf
Melody Liu
 
AV/DF Advanced Security Option
AV/DF Advanced Security OptionAV/DF Advanced Security Option
AV/DF Advanced Security Option
DLT Solutions
 
Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)
DCIT, a.s.
 
Oracle database 12c security and compliance
Oracle database 12c security and complianceOracle database 12c security and compliance
Oracle database 12c security and compliance
FITSFSd
 

Recomendados

Oracle Database Security
Oracle Database SecurityOracle Database Security
Oracle Database Security
Troy Kitch
 
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteOracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Edgar Alejandro Villegas
 
Oracle Database Firewall - Pierre Leon
Oracle Database Firewall - Pierre LeonOracle Database Firewall - Pierre Leon
Oracle Database Firewall - Pierre Leon
OracleVolutionSeries
 
Introducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallIntroducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database Firewall
Troy Kitch
 
Ppt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdfPpt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdf
Melody Liu
 
AV/DF Advanced Security Option
AV/DF Advanced Security OptionAV/DF Advanced Security Option
AV/DF Advanced Security Option
DLT Solutions
 
Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)
DCIT, a.s.
 
Oracle database 12c security and compliance
Oracle database 12c security and complianceOracle database 12c security and compliance
Oracle database 12c security and compliance
FITSFSd
 
Oracle database 12c 2 day + security guide
Oracle database 12c 2 day + security guideOracle database 12c 2 day + security guide
Oracle database 12c 2 day + security guide
bupbechanhgmail
 
Presentation database security enhancements with oracle
Presentation database security enhancements with oraclePresentation database security enhancements with oracle
Presentation database security enhancements with oracle
xKinAnx
 
Oracle Security Presentation
Oracle Security PresentationOracle Security Presentation
Oracle Security Presentation
Francisco Alvarez
 
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2
Oracle BH
 
PCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingPCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security Mapping
Troy Kitch
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
xKinAnx
 
Oracle Audit Vault Training | Audit Vault - Oracle Trainings
Oracle Audit Vault Training | Audit Vault - Oracle TrainingsOracle Audit Vault Training | Audit Vault - Oracle Trainings
Oracle Audit Vault Training | Audit Vault - Oracle Trainings
OracleTrainings
 
Oracle Database Security: Top 10 Things You Could & Should Be Doing Differently
Oracle Database Security: Top 10 Things You Could & Should Be Doing DifferentlyOracle Database Security: Top 10 Things You Could & Should Be Doing Differently
Oracle Database Security: Top 10 Things You Could & Should Be Doing Differently
Pythian
 
Oracle 11g security - 2014
Oracle 11g security - 2014Oracle 11g security - 2014
Oracle 11g security - 2014
Connor McDonald
 
Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...
Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...
Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...
InSync2011
 
Oracle-Security_Executive-Presentation
Oracle-Security_Executive-PresentationOracle-Security_Executive-Presentation
Oracle-Security_Executive-Presentation
stefanjung
 
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingOracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and Masking
DLT Solutions
 
SQL Server Security - Attack
SQL Server Security - Attack SQL Server Security - Attack
SQL Server Security - Attack
webhostingguy
 
Database security issues
Database security issuesDatabase security issues
Database security issues
n|u - The Open Security Community
 
Security Quick Tour
Security Quick TourSecurity Quick Tour
Security Quick Tour
Active Base
 
Sustainable Compliance For PCI DSS Standard
Sustainable Compliance For PCI DSS StandardSustainable Compliance For PCI DSS Standard
Sustainable Compliance For PCI DSS Standard
Christian Frahm
 
[de Jager] Classify, Label and Protect your data with Azure Information Prote...
[de Jager] Classify, Label and Protect your data with Azure Information Prote...[de Jager] Classify, Label and Protect your data with Azure Information Prote...
[de Jager] Classify, Label and Protect your data with Azure Information Prote...
European Collaboration Summit
 
Database Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsDatabase Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower Costs
Imperva
 
8 isecurity database
8 isecurity database8 isecurity database
8 isecurity database
Anil Pandey
 
Microsoft Azure Information Protection
Microsoft Azure Information Protection Microsoft Azure Information Protection
Microsoft Azure Information Protection
Syed Sabhi Haider
 
Innovations dbsec-12c-pub
Innovations dbsec-12c-pubInnovations dbsec-12c-pub
Innovations dbsec-12c-pub
OracleIDM
 
A3 oracle database 12c extreme performance for cloud computing
A3 oracle database 12c extreme performance for cloud computingA3 oracle database 12c extreme performance for cloud computing
A3 oracle database 12c extreme performance for cloud computing
Dr. Wilfred Lin (Ph.D.)
 

Mais conteúdo relacionado

Mais procurados

Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2
Oracle BH
 
Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...
Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...
Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...
InSync2011
 
Oracle-Security_Executive-Presentation
Oracle-Security_Executive-PresentationOracle-Security_Executive-Presentation
Oracle-Security_Executive-Presentation
stefanjung
 
SQL Server Security - Attack
SQL Server Security - Attack SQL Server Security - Attack
SQL Server Security - Attack
webhostingguy
 
Security Quick Tour
Security Quick TourSecurity Quick Tour
Security Quick Tour
Active Base
 
[de Jager] Classify, Label and Protect your data with Azure Information Prote...
[de Jager] Classify, Label and Protect your data with Azure Information Prote...[de Jager] Classify, Label and Protect your data with Azure Information Prote...
[de Jager] Classify, Label and Protect your data with Azure Information Prote...
European Collaboration Summit
 

Mais procurados (20)

Oracle database 12c 2 day + security guide
Oracle database 12c 2 day + security guideOracle database 12c 2 day + security guide
Oracle database 12c 2 day + security guide
 
Presentation database security enhancements with oracle
Presentation database security enhancements with oraclePresentation database security enhancements with oracle
Presentation database security enhancements with oracle
 
Oracle Security Presentation
Oracle Security PresentationOracle Security Presentation
Oracle Security Presentation
 
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2
 
PCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security MappingPCI DSS v 3.0 and Oracle Security Mapping
PCI DSS v 3.0 and Oracle Security Mapping
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
 
Oracle Audit Vault Training | Audit Vault - Oracle Trainings
Oracle Audit Vault Training | Audit Vault - Oracle TrainingsOracle Audit Vault Training | Audit Vault - Oracle Trainings
Oracle Audit Vault Training | Audit Vault - Oracle Trainings
 
Oracle Database Security: Top 10 Things You Could & Should Be Doing Differently
Oracle Database Security: Top 10 Things You Could & Should Be Doing DifferentlyOracle Database Security: Top 10 Things You Could & Should Be Doing Differently
Oracle Database Security: Top 10 Things You Could & Should Be Doing Differently
 
Oracle 11g security - 2014
Oracle 11g security - 2014Oracle 11g security - 2014
Oracle 11g security - 2014
 
Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...
Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...
Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...
 
Oracle-Security_Executive-Presentation
Oracle-Security_Executive-PresentationOracle-Security_Executive-Presentation
Oracle-Security_Executive-Presentation
 
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingOracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and Masking
 
SQL Server Security - Attack
SQL Server Security - Attack SQL Server Security - Attack
SQL Server Security - Attack
 
Database security issues
Database security issuesDatabase security issues
Database security issues
 
Security Quick Tour
Security Quick TourSecurity Quick Tour
Security Quick Tour
 
Sustainable Compliance For PCI DSS Standard
Sustainable Compliance For PCI DSS StandardSustainable Compliance For PCI DSS Standard
Sustainable Compliance For PCI DSS Standard
 
[de Jager] Classify, Label and Protect your data with Azure Information Prote...
[de Jager] Classify, Label and Protect your data with Azure Information Prote...[de Jager] Classify, Label and Protect your data with Azure Information Prote...
[de Jager] Classify, Label and Protect your data with Azure Information Prote...
 
Database Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsDatabase Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower Costs
 
8 isecurity database
8 isecurity database8 isecurity database
8 isecurity database
 
Microsoft Azure Information Protection
Microsoft Azure Information Protection Microsoft Azure Information Protection
Microsoft Azure Information Protection
 

Semelhante a Security Inside Out: Latest Innovations in Oracle Database 12c

Innovations dbsec-12c-pub
Innovations dbsec-12c-pubInnovations dbsec-12c-pub
Innovations dbsec-12c-pub
OracleIDM
 
A3 oracle database 12c extreme performance for cloud computing
A3 oracle database 12c extreme performance for cloud computingA3 oracle database 12c extreme performance for cloud computing
A3 oracle database 12c extreme performance for cloud computing
Dr. Wilfred Lin (Ph.D.)
 
B4 the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everythingB4 the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everything
Dr. Wilfred Lin (Ph.D.)
 
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirementsMySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
Olivier DASINI
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
Government Technology and Services Coalition
 

Semelhante a Security Inside Out: Latest Innovations in Oracle Database 12c (20)

Innovations dbsec-12c-pub
Innovations dbsec-12c-pubInnovations dbsec-12c-pub
Innovations dbsec-12c-pub
 
A3 oracle database 12c extreme performance for cloud computing
A3 oracle database 12c extreme performance for cloud computingA3 oracle database 12c extreme performance for cloud computing
A3 oracle database 12c extreme performance for cloud computing
 
B4 the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everythingB4 the identity of things-securing the internet of everything
B4 the identity of things-securing the internet of everything
 
Bilbao oracle12c keynote
Bilbao oracle12c keynoteBilbao oracle12c keynote
Bilbao oracle12c keynote
 
MySQL 8.0 - Security Features
MySQL 8.0 - Security FeaturesMySQL 8.0 - Security Features
MySQL 8.0 - Security Features
 
Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015
 
Integrate Oracle Identity Management and Advanced Controls for maximum effici...
Integrate Oracle Identity Management and Advanced Controls for maximum effici...Integrate Oracle Identity Management and Advanced Controls for maximum effici...
Integrate Oracle Identity Management and Advanced Controls for maximum effici...
 
DevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 SecurityDevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 Security
 
MySQL Enterprise Monitor
MySQL Enterprise MonitorMySQL Enterprise Monitor
MySQL Enterprise Monitor
 
Apouc 2014-business-analytics-and-big-data
Apouc 2014-business-analytics-and-big-dataApouc 2014-business-analytics-and-big-data
Apouc 2014-business-analytics-and-big-data
 
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 SecurityPercona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 Security
 
Con8819 context and risk aware access control any device any where - final
Con8819 context and risk aware access control any device any where - finalCon8819 context and risk aware access control any device any where - final
Con8819 context and risk aware access control any device any where - final
 
Securing Mobile Device Access
Securing Mobile Device AccessSecuring Mobile Device Access
Securing Mobile Device Access
 
MySQL Enterprise Monitor
MySQL Enterprise MonitorMySQL Enterprise Monitor
MySQL Enterprise Monitor
 
Cloud based database
Cloud based databaseCloud based database
Cloud based database
 
Best Practices in Implementing Oracle Database Security Products
Best Practices in Implementing Oracle Database Security ProductsBest Practices in Implementing Oracle Database Security Products
Best Practices in Implementing Oracle Database Security Products
 
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirementsMySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
 
Securing Oracle Database 12c
Securing Oracle Database 12cSecuring Oracle Database 12c
Securing Oracle Database 12c
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
 
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate CloudEngineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
Engineered Systems - nejlepší cesta, jak zabezpečit váš dataAccelerate Cloud
 

Último

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Último (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

Security Inside Out: Latest Innovations in Oracle Database 12c

  • 1. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.1
  • 2. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.2 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Release timing for Oracle Database 12c is planned for Calendar Year 2013.
  • 3. Security Inside Out Latest Innovations in Oracle Database 12c <presenter name> <presenter title> <presenter company>
  • 4. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.4 Breached using weak or stolen credentials Preventable with basic controls 76% 97% Records breached from servers67% Over 1.1B Served Discovered by an external party69%
  • 5. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.5 “We are at the mercy of a new generation of spies who operate remotely [that] have already shown their ability to penetrate our power plants, steal our latest submarine technology, rob our banks, and invade the Pentagon’s secret communications systems.” Joel Brenner, former Inspector General of the National Security Agency and Chief of Counterintelligence for the Director of National Intelligence Data Breaches are the Tip of the Iceberg… Digital Security is the New Battle Ground
  • 6. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.6 “You don’t bother to just simply hack the organization and its infrastructure; you focus much more of your attention on hacking the employees….” Anatomy of an Attack Uri Rivner CTO, RSA (Security Division of EMC) Targets Increasing as Attacks Evolve DBAs, OS Admins, Developers, Multiple Copies of the Data, etc.
  • 7. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.7 Forrester Research Network Security SIEM Endpoint Security Web Application Firewall Email Security Authentication & User Security Database Security Why Are Databases So Vulnerable? 80% of IT Security Programs Don’t Address Database Security “Enterprises are taking on risks that they may not even be aware of. Especially as more and more attacks against databases exploit legitimate access.”
  • 8. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.8 Oracle Database Security Solutions Defense-in-Depth for Maximum Security Activity Monitoring Database Firewall Auditing and Reporting DETECTIVE Redaction and Masking Privileged User Controls Encryption PREVENTIVE ADMINISTRATIVE Sensitive Data Discovery Configuration Management Privilege Analysis
  • 9. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.9 Oracle Database Security Solutions Defense-in-Depth for Maximum Security Activity Monitoring Database Firewall Auditing and Reporting DETECTIVE Redaction and Masking Privileged User Controls Encryption PREVENTIVE ADMINISTRATIVE Sensitive Data Discovery Configuration Management Privilege Analysis
  • 10. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.10  Transparent data encryption  Prevents access to data at rest  Requires no application changes  Built-in two-tier key management  “Near Zero” overhead with hardware  Integrations with Oracle technologies – e.g. Exadata, Advanced Compression, ASM, GoldenGate, DataPump, etc. Oracle Advanced Security Encryption is the Foundation Preventive Control for Oracle Databases Disk Backups Exports Off-Site Facilities Applications
  • 11. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.11  Real-time sensitive data redaction based on database session context  Library of redaction policies and point- and-click policy definition  Consistent enforcement, policies applied to data  Transparent to applications, users, and operational activities Oracle Advanced Security Redaction of Sensitive Data Displayed Preventive Control for Oracle Database 12c Credit Card Numbers 4451-2172-9841-4368 5106-8395-2095-5938 7830-0032-0294-1827 Redaction Policy xxxx-xxxx-xxxx-4368 4451-2172-9841-4368 Billing Department Call Center Application
  • 12. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.12  Replace sensitive application data  Referential integrity detected/preserved  Extensible template library and formats  Application templates available  Support for masking data in non-Oracle databases Oracle Data Masking Masking Data for Non-Production Use Preventive Control for Oracle Databases LAST_NAME SSN SALARY ANSKEKSL 323—23-1111 60,000 BKJHHEIEDK 252-34-1345 40,000 LAST_NAME SSN SALARY AGUILAR 203-33-3234 40,000 BENSON 323-22-2943 60,000 Production Non-Production Dev Test Production
  • 13. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.13  Limit DBA access to application data  Multi-factor SQL command rules  Realms create protective zones  Enforce enterprise data governance, least privilege, segregation of duties  Out of the box application policies Oracle Database Vault Privileged User Controls Preventive Control for Oracle Databases Procurement HR Finance select * from finance.customers Application DBA Applications Security DBA DBA
  • 14. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.14 Label Based Access Control Preventive Control for Oracle Databases Transactions Report Data Reports Confidential Sensitive Sensitive Confidential Public  Virtual information partitioning for cloud, SaaS, hosting environments  Classify users and data using labels  Labels based on business drivers  Automatically enforced row level access control, transparent to applications  Labels can be factors in other policies Oracle Label Security
  • 15. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.15 Oracle Database Security Solutions Defense-in-Depth for Maximum Security Activity Monitoring Database Firewall Auditing and Reporting DETECTIVE Redaction and Masking Privileged User Controls Encryption PREVENTIVE ADMINISTRATIVE Sensitive Data Discovery Configuration Management Privilege Analysis
  • 16. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.16 Oracle Audit Vault and Database Firewall Database Activity Monitoring and Firewall Detective Control for Oracle and non-Oracle Databases  Monitors network traffic, detect and block unauthorized activity  Highly accurate SQL grammar analysis  Can detect/stop SQL injection attacks  Whitelist approach to enforce activity  Blacklists for managing high risk activity  Scalable secure software appliance Block Log Allow Alert SubstituteApps Whitelist Blacklist SQL Analysis Policy Factors Users
  • 17. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.17 Oracle Audit Vault and Database Firewall Audit, Report, and Alert in Real-Time Detective Control for Oracle and non-Oracle Databases Audit Data & Event Logs Policies Built-in Reports Alerts Custom Reports ! OS & Storage Directories Databases Oracle Database Firewall Custom Security Analyst Auditor SOC  Centralized secure repository delivered as secure, scalable software appliance  Powerful alerting - thresholds, group-by  Out-of-the box and custom reports  Consolidated multi-source reporting  Built-in fine grain segregation of duties
  • 18. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.18 Built-in Reports Alerts Custom Reports ! Oracle Audit Vault and Database Firewall New Solution for Oracle and Non-Oracle Databases Firewall Events Users Applications Database Firewall Allow Log Alert Substitute Block Audit Data Audit Vault OS, Directory, File System & Custom Audit Logs Policies Security Analyst Auditor SOC
  • 19. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.19 Oracle Database Security Solutions Defense-in-Depth for Maximum Security Activity Monitoring Database Firewall Auditing and Reporting DETECTIVE Redaction and Masking Privileged User Controls Encryption PREVENTIVE ADMINISTRATIVE Sensitive Data Discovery Configuration Management Privilege Analysis
  • 20. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.20 Oracle Database Vault Discover Use of Privileges and Roles Administrative Control for Oracle Database 12c Privilege Analysis Create… Drop… Modify… DBA role APPADMIN role  Turn on privilege capture mode  Report on actual privileges and roles used in the database  Helps revoke unnecessary privileges  Enforce least privilege and reduce risks  Increase security without disruption
  • 21. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.21  Scan Oracle for sensitive data  Built-in, extensible data definitions  Discover application data models  Protect sensitive data appropriately: encrypt, redact, mask, audit… Oracle Enterprise Manager 12c Discover Sensitive Data and Databases Administrative Control for Oracle Database 12c
  • 22. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.22 Oracle Database Lifecycle Management Configuration Management Administrative Control for Oracle Databases Discover Scan & Monitor Patch  Discover and classify databases  Scan for best practices, standards  Detect unauthorized changes  Automated remediation  Patching and provisioning
  • 23. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.23 Oracle Database Security Solutions Defense-in-Depth for Maximum Security Activity Monitoring Database Firewall Auditing and Reporting DETECTIVE Redaction and Masking Privileged User Controls Encryption PREVENTIVE ADMINISTRATIVE Sensitive Data Discovery Configuration Management Privilege Analysis
  • 24. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.24 Oracle Database Security Customers Worldwide Rely on Oracle Database Security
  • 25. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.25 Oracle Database Security Solutions Summary Simple and Flexible Enterprise Ready Security and Compliance Speed and Scale
  • 26. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.26  Data Sheets  Whitepapers  Webcasts  Case Studies  Events  News  and more… www.oracle.com/database/security Resources
  • 27. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.27 Q&A
  • 28. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.28
  • 29. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.29 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Release timing for Oracle Database 12c is planned for Calendar Year 2013.
  • 30. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.30