innovations dbsec-12c-pub
DESCRIPTION
TRANSCRIPT
Innovations in DatabaseSecurity
Vipin SamarVice President Database Security, Oracle
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.2
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.3
Changing Security Landscape
Database Governance Model
Strategy for Securing the Database
Security Innovations in Oracle Database 12c
AGENDA
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.4
ANATOMY OF AN ATTACK START WITH A PHISHING SCAM
COMMANDSERVER
ATTACKER
ii iiii
i ii i
i
iii
DOWNLOADEDMALWARE
PHISHINGATTACK
XSS OR SQL INJECTIONATTACK
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.5
ANATOMY OF AN ATTACK ESTABLISH A FOOTHOLD
ii iii ii ii ii
i ii
ESTABLISH MULTIPLEBACKDOORS
DUMPING PASSWORDSDOMAIN CONTROLLER
GATHERING DATA
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.6
ANATOMY OF AN ATTACK EXFILTRATE DATA & COVER TRACKS
EXFILTRATE DATA VIA STAGING SERVER
ANYWHEREIN THE WORLD
STOLEN DATAUSED IN FOLLOW ONATTACKS
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.7
From MISTAKES to MALICIOUS
Adapted from Kuppinger Cole Presentation, March 2013
Basic security is no longer enough
MALICIOUSSocial Engineering
Denial of Service
Sophisticated Attacks
Data Theft
Loss to Business
Impacts Reputation
MISUSE• Privilege
Abuse
• Curiosity
• Leakage
MISTAKES• Accidental
deletes
• Unauthorized disclosures
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.8
DATABASE at the CORE is your Biggest Risk
96%Email Security
OF RECORDSBREACHED
FROM DATABASES
Vulnerability Management
End point Security
Network Security
Verizon Data Breach Report 2013
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.9
DATABASEGOVERNANCE
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.9
PREVENTIVE
ADMINISTRATIVE
DETECTIVE
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.10
PREVENTIVE CONTROLS
• PIVILEGE CONTROLS
• SECURE APP DATA
APPS
Dev/Test
ssn:423-55-3571dob: 12/01/1987
DATAMASKING
DATABASE VAULT
DBA CONTROLS
ssn:253-21-4321
“Insufficient Privilege”
*7#$%!!@!%afb##<>*$#@34
DATAENCRYPTION
DATAREDACTION
ssn:xxx-xx-4321dob:xx/xx/xxxx
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.11
DETECTIVE CONTROLS
Built-in Reports
Alerts
Custom Reports
!
Policies
AUDIT DATA
AUDIT
DATA
AUDIT VAULT
Firewall Events
Database Firewall
Custom
APPS
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.12
ADMINISTRATIVE CONTROLS
EM Lifecycle Management
Configuration Scanning
Analyze Privileges
Classify Sensitive
Data
Database Vault 12c
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.13
ORACLE DATABASE SECURITYMaximum Security or Critical Data Infrastructure
Auditing
Activity Monitoring
Database Firewall
DETECTIVE
Data Masking
Privileged User Controls
Encryption & Redaction
PREVENTIVE ADMINISTRATIVE
Sensitive Data Discovery
Configuration Management
Privilege Analysis
Activity Monitoring
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.14
CREATE A DATABASE SECURITY STRATEGY
• Take a risk-based strategic approach
• Implement database governance
• Let Oracle help customers with an assessment
Complimentary eBook Register Nowwww.mhprofessional.com/dbsec
Use Code: db12c
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.16