Beruflich Dokumente
Kultur Dokumente
Defense-in-Depth Approach
Oracle Database Security Solutions
Oracle Database Firewall New!
Summary
Q&A
3
Why Secure the Database?
Exploding Data
Lot at stake Audit findings
Highly available Data Outsourcing/offshoring
Sophisticated hackers Customer, Employee,
Citizen, Corporate data Data consolidation
Opportunistic insiders Data breaches in sector
Reputation
Fines & Penalties
4
Security Technologies Deployed
Employee
email Security Vulnerability Mgmt
Customer
Citizen
Identity Management
5
How Data Gets Compromised?
Source: Verizon 2010 Data Breach Investigations Report
6 6
Where Losses Come From?
7
Top Attack Techniques
% Breaches and % Records
8
Existing Security Solutions Not Enough
Web Users
9
Database Security
Defense-In-Depth Approach
10
Oracle Database Security
Defense-in-Depth
Encryption and Masking
Oracle Advanced Security
Oracle Secure Backup
Oracle Data Masking
Access Control
Oracle Database Vault
Oracle Label Security
Auditing and Tracking
Oracle Audit Vault
Oracle Configuration Management
Oracle Total Recall
11
Oracle Database Security
Defense-in-Depth
Encryption and Masking
Oracle Advanced Security
Oracle Secure Backup
Oracle Data Masking
12 12
Oracle Advanced Security
Endtoend Encryption
Disk
Backups
Exports
Application
Off-Site
Facilities
13
Oracle Advanced Security
Integrated with Oracle Enterprise Manager
14 14
TDE Column Encryption
Integrated with Oracle Enterprise Manager
15 15
Oracle Advanced Security
Whats New and Coming?
16
Oracle Data Masking
Irreversible De-Identification
Production Non-Production
LAST_NAME SSN SALARY LAST_NAME SSN SALARY
17 17
Oracle Data Masking
Whats Coming?
18
Oracle Database Security
Defense-in-Depth
Encryption and Masking
Oracle Advanced Security
Oracle Secure Backup
Oracle Data Masking
Access Control
Oracle Database Vault
Oracle Label Security
19 19
Oracle Database Vault
Separation of Duties & Privileged User Controls
Procurement
DBA
HR
Application
Finance
select * from finance.customers
20 20
Oracle Database Vault
Multi-Factor Access Control Policy Enforcement
Procurement
HR
Application Rebates
21 21
Oracle Database Vault
Out-of-the Box Protections For Applications
Infosys Finacle
22 22
Oracle Label Security
Data Classification for Access Control
Sensitive
Transactions
Confidential
Report Data
Public
Reports
Confidential Sensitive
23 23
Oracle Database Security
Defense-in-Depth
Encryption and Masking
Oracle Advanced Security
Oracle Secure Backup
Oracle Data Masking
Access Control
Oracle Database Vault
Oracle Label Security
Auditing and Tracking
Oracle Audit Vault
Oracle Configuration Management
Oracle Total Recall
24 24
Oracle Audit Vault
Automated Audit Collection and Reporting
HR Data ! Alerts
Built-in
CRM Data Reports
Audit
Data Custom
ERP Data Reports
Databases Policies
Auditor
25 25
Oracle Audit Vault
Consolidated Reports Span Enterprise Databases
26 26
Oracle Audit Vault 10.2.3.2
Default Reports
27 27
Oracle Configuration Management
Secure Configuration & Change Tracking
Out-of-box User-defined Real-Time Change Industry & Compliance
Policies Policies & Detection Regulatory Dashboard
Groups Frameworks
Optimized for Oracle with Industry Specific Compliance Dashboards
28 28
Oracle Database Security
Defense-in-Depth
Encryption and Masking
Oracle Advanced Security
Oracle Secure Backup
Oracle Data Masking
Access Control
Oracle Database Vault
Oracle Label Security
Auditing and Tracking
Oracle Audit Vault
Oracle Configuration Management
Oracle Total Recall
29
Oracle Database Firewall
First Line of Defense
Allow
Log
Alert
Substitute
Applications
Block
30
Oracle Database Firewall
Security Model
White List
Allow
Block
Applications
31
Oracle Database Firewall
Deployment Architecture
In-Line Blocking
and Monitoring
Out-of-Band
Inbound Monitoring
SQL Traffic
HA In-Line
Mode
Management
Management Policy
Server
Server Analyzer
32
Oracle Database Security Big Picture
Audit
consolidation
Unauthorized
Allow Sensitive
Procurement Local Activity
Log DB Consolidation
HR
Confidential Security
Alert
Local DBA
Substitute Rebates
Public Privilege Mis-Use
Applications
Block
Network SQL
Monitoring Encrypted Encrypted Encrypted Data
and Blocking Database Backups Exports Masking
33
Oracle Database Security
Key Differentiators
Transparent
Performant
Certified with
Applications
Best-in-Class
Defense-in-
Depth
34
More Oracle Database Security Presentations
Monday:
12:30 pm: Making a Business Case for Information Security MS 300
3:30 pm: Oracle Database 11g Release 2 Security: Defense-in-Depth MS 103
Tuesday:
12:30 pm: Real-World Deployment and Best Practices : Oracle Audit Vault MS 104
2:00 pm: Real-World Deployment and Best Practices : Oracle Advanced Security MS 300
2:00 pm: Best Practices for Ensuring the Highest Enterprise Database Security MS 304
3:30 pm: Database Security Event Management : Oracle Audit Vault and ArcSight MS 300
5:00 pm: Real-World Deployment and Best Practices :Oracle Database Vault MS 303
Wednesday:
10:00 am: Protect Data and Save Money: Aberdeen MS 306
11:30 am: Preventing Database Attacks With Oracle Database Firewall MS 306
4:45 pm: Centralized Key Management and Performance :Oracle Advanced Security MS 306
Thursday:
10:30 am: Deploying Oracle Database 11g Securely on Oracle Solaris MS 104
MS = Moscone South
35
Oracle Database Security Hands-on-Labs
Monday:
Database Vault 11:00AM | Marriott Marquis, Salon 10 / 11 Check Availability
Database Vault 5:00PM | Marriott Marquis, Salon 10 / 11 Check Availability
Tuesday:
Database Security 11:00AM | Marriott Marquis, Salon 10 / 11 Check Availability
Thursday
Advanced Security 12:00PM | Marriott Marquis, Salon 10 / 11 Check Availability
Audit Vault 1:30PM | Marriott Marquis, Salon 10 / 11 Check Availability
36
Oracle Database Security Demo Grounds
Moscone West
Exhibition Hours
Monday, September 20 9:45 a.m. - 5:30 p.m.
Tuesday, September 21 9:45 a.m. - 5:30 p.m.
Wednesday, September 22 9:00 a.m. - 4:00 p.m.
37
The preceding is intended to outline our general
product direction. It is intended for information
purposes only, and may not be incorporated into any
contract. It is not a commitment to deliver any
material, code, or functionality, and should not be
relied upon in making purchasing decisions.
The development, release, and timing of any
features or functionality described for Oracles
products remains at the sole discretion of Oracle.
38
For More Information
search.oracle.com
database security
oracle.com/database/security
39 39
40 40