Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 1.

Similar presentations


Presentation on theme: "Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 1."— Presentation transcript:

1 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 1

2 Latest Innovations in Database Security Frank Yang APAC Database Security Product Manager

3 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 3 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

4 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 4 Program Agenda  Business drivers for database security  Monitoring Oracle and non-Oracle databases  New solutions to secure data and applications  Updates for existing database security features

5 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 5 Business Drivers for Data Security Protect sensitive data Manage Compliance Control Costs Plan for Growth

6 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 6 What Do We Know About Our Attackers? PERSISTENT PLANNED ADVANCED ADAPTIVE THREATS TARGETS  Apply enough fire power to break weakest link  Ability to dial-up the attack vector  Scanning, scoping, infiltrating  Stay put, but avoid detection  Infrastructure, IP, and business targets  Cause harm directly/indirectly

7 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 7 Challenges in Securing Databases Meeting Ever Changing Threat & Compliance Landscape Performance & Management Securing Oracle & Non Oracle Databases Securing Existing Applications

8 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 8 Oracle Database Security Solutions Protecting Critical Data Infrastructure Activity Monitoring Database Firewall DETECTIVE Privilege User Control Encryption and Masking PREVENTIVEADMINISTRATIVE Data Discovery and Classification Database Lifecycle Management

9 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 9 INTRODUCING ORACLE AUDIT VAULT AND DATABASE FIREWALL

10 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Oracle Audit Vault and Database Firewall New Detective Control for Oracle and Non-Oracle Databases Audit/Event Warehouse Security Manager Reports Users Applications Block Log Allow Alert Substitute ! ! Alerts Database Firewall Firewall Events DB Audit Data Custom Server OS, Directory & Custom Audit Logs Auditor Policies

11 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Activity Reports System Privileges Used

12 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Activity Reports System Privileges Used

13 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 13

14 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Oracle Audit Vault and Database Firewall  Technology Differentiators – Exceptional horizontal and vertical scalability to support massive volume of data – Accurate network monitoring based on SQL grammar – Extensible platform with Templates for new custom audit sources (no-coding) – Audit policy management and integrated audit trail cleanup – Compliance/custom reports/alerts and workflow without overloading the security team – Information lifecycle management for target specific retention  Deployment Simplicity – Start with auditing and extend to monitoring; or vice-versa – Ease of deployment with “software appliance” on your hardware – Multiple deployment modes: in-line, out-of-band, proxy, host-based, HA Comprehensive Auditing and Monitoring Platform

15 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide ORACLE PRODUCT LOGO INTRODUCING ORACLE DATA REDACTION xxxx-xxxx-xxxx -4368

16 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Oracle Data Redaction New Preventive Control Credit Card Numbers Credit Card Numbers Policy  Real-time redaction of sensitive data based on context  Transparent to applications, no code changes required  Consistent enforcement within the database  No changes in regular database operations Call Center Application Credit Card Processing xxxx-xxxx-xxxx

17 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide XXX-XX-2147 Supported Transformations Stored Data Redacted Results 10/09/ Full Partial RegExp Random 01/01/2001

18 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Declarative Multi-factor Policies Policy identification What to redact? How to redact? When to redact? Data Redaction Policy PL/SQL APIs, Enterprise Manager

19 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Redaction Using Enterprise Manager

20 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide ORACLE PRODUCT LOGO INTRODUCING PRIVILEGE ANALYSIS

21 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Privilege Use Analysis Reduce Attack Surface  Report on actual privileges and roles used in the database  Revoke unnecessary privileges and roles as needed  Help enforce least privilege and reduce risks Privilege Analysis Create … Select … Update … DBA role APPADMIN role

22 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Privilege Analysis System Privileges Used

23 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Privilege Analysis Unused Privileges to be Revoked?

24 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide ORACLE PRODUCT LOGO INTRODUCING UNIFIED AUDITING

25 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Oracle Database Auditing Catch Anomalies with Conditional Auditing Policy Based Conditional Extensible Syntax User Exceptions Unified Audit Secure, Performant Set of privileges, objects, actions auditing managed as a group Multi-factor auditing to easily catch anomalies Audit all access except when connected by …. Add context data: realms, labels, app context, etc.

26 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Create Custom Audit Policies

27 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide ORACLE PRODUCT LOGO INTRODUCING REAL APPLICATION SECURITY

28 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide NameManagerSSNSalaryPhone_Number AdamGerald JuliaAdam JamesAdam StevenAdam ShantaSteven PayamSteven MichaelPayam HR Application Security Requirements Employees can view public information.

29 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide HR Application Security Requirements Public page contains basic employee information. - Users in Employee role can view public record. An employee can view his own record and update his contact information. NameManagerSSNSalaryPhone_Number AdamGerald JuliaAdam JamesAdam StevenAdam ShantaSteven PayamSteven MichaelPayam

30 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide NameManagerSSNSalaryPhone_Number AdamGerald JuliaAdam JamesAdam StevenAdam ShantaSteven PayamSteven MichaelPayam HR Application Security Requirements Manager can view salary of his organization.

31 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide NameManagerSSNSalaryPhone_Number AdamGerald JuliaAdam JamesAdam StevenAdam ShantaSteven PayamSteven MichaelPayam HR Application Security Requirements HR representative can view employee SSN.

32 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Real Application Security HR Application Shared, All- Powerful Connection Direct, Uncontrolled Access Business Logic Security Policy Users and Roles Business Logic CRM Application Security Policy Users and Roles Light Weight Sessions Security Enforced on Direct Connections Identity/Policy Store

33 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide ORACLE PRODUCT LOGO ENHANCEMENTS TO SECURITY FEATURES

34 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Performance Leap for Sec. Features Eliminating Performance as an Issue * On Developer machine; Formal performance tests TBD ** With hardware acceleration on Intel or Oracle SPARC ComponentSpeed-up* Database Vault x Label Security x Advanced Security Transparent Data Encryption 5 - 7x** Advanced Security Network Encryption 5 - 7x** Database Auditing 2 - 5x

35 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Cryptographic Enhancements  SHA-512 for Password verifiers, Certificate signatures, DBMS_CRYPTO  Cryptographic hardware acceleration – Network encryption, DBMS_CRYPTO toolkit and other operations – Now on Windows, in addition to Linux and Solaris  FIPS 140 validation for cryptographic operations  Export/import/merge operations to move individual keys  Operations to migrate keys between wallet and HSM keystore

36 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Oracle Database Vault  Seal off access to sensitive data even when emergency access is given to application DBA or support analyst  Freeze all security settings identified by Privilege Analysis: roles, grants, …  Single command to enable Database Vault Mandatory Realm select * from finance.cust

37 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Privilege User Controls  Strong password policies, prohibit account sharing  Least privilege analysis for privileged users  Separation of duty with task specific roles  Multi-factor authorization controls  Multi-factor conditional and exception based auditing  Audit top level and recursive SQL statements  Database Vault Realms  Monitoring activities through Audit Vault and Database Firewall

38 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Improving Database Security Posture  Out-of-the-box audit policies (Account Management, Security Configuration, Database Parameters)  Mandatory audit of audit administration  New roles for Audit Reviewer, Audit Administrator  New roles for Key Management, Backup, Data Guard  New Kerberos stack  Running Oracle Database as a Windows service

39 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Building Secure Applications  Sensitive data discovery, Least privilege analysis  Multi-factor authorization, auditing, and redaction  Virtual Private Database for row/column security  Label based access control  Secure Application Context  Code-based access control (CBAC) associates privileges with code  Real Application Security

40 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Enterprise Manager Security Console  Centralized Console  Events and alerts  Policy management  Step-by-step  Create by examples  Format libraries Simplified Management

41 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Discover Sensitive Data Administrative Control  Scan databases for sensitive data  Create and maintain application data models  Encrypt, redact, mask, audit…

42 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Securely Provisioning Test Systems  Masking at-Source minimizes sensitive data exposure  Application Masking Templates – E-Business Suite – Fusion Applications – PeopleSoft (planned with PTools 8.5.3)  Self-updated masking templates – EM Oracle Mask Sensitive Data for Test/Dev Subsetted & Masked Data Pump File New Prod Before Test At-Source Masking

43 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Oracle Database Security Solutions Maximum Security for Critical Data Infrastructure Activity Monitoring Database Firewall DETECTIVE Redaction and Masking Encryption PREVENTIVEADMINISTRATIVE Data Discovery and Classification Database Lifecycle Management

44 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Oracle Database Security Key Benefits Simple and Flexible Security and Compliance Enterprise Ready Speed and Scale

45 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide Graphic Section Divider

46 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 46


Download ppt "Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 1."

Similar presentations


Ads by Google