Introducing Oracle Audit Vault and Database Firewall
-
Upload
troy-kitch -
Category
Technology
-
view
2.645 -
download
4
description
Transcript of Introducing Oracle Audit Vault and Database Firewall
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.1
Introducing
Oracle Audit Vault and Database Firewall
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.3
Billions of Database Records Breached Globally97% of Breaches Were Avoidable with Basic Controls
98% records stolenfrom databases
84% records breached using stolen credentials
71% fell within minutes
92% discovered by third party
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.5
Forrester Research
Network Security
SIEM
Endpoint Security
Web Application
Firewall
Email Security
Authentication & User Security
Database Security
?
Why are Databases so Vulnerable?
“Enterprises are taking on risks
that they may not even be aware
of. Especially as more and more
attacks against databases exploit
legitimate access.”
80% of IT Security Programs Don’t Address Database Security
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.6
Oracle Database Security SolutionsDefense-in-Depth for Maximum Security
Activity Monitoring
Database Firewall
Auditing and Reporting
DETECTIVE
Redaction and Masking
Privileged User Controls
Encryption
PREVENTIVE ADMINISTRATIVE
Sensitive Data Discovery
Configuration Management
Privilege Analysis
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.7
Oracle Database Security SolutionsDetect and Block Threats, Alert, Audit and Report
Activity Monitoring
Database Firewall
Auditing and Reporting
DETECTIVE
Redaction and Masking
Privileged User Controls
Encryption
PREVENTIVE ADMINISTRATIVE
Sensitive Data Discovery
Configuration Management
Privilege Analysis
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.8
Oracle Audit Vault and Database FirewallNew Solution for Oracle and Non-Oracle Databases
Firewall Events
Users
Applications
Database FirewallAllow
Log
Alert
Substitute
Block
Audit Data
Audit Vault
Reports
!Alerts
Policies
Auditor
Security Manager
OS, Directory, File System & Custom Audit Logs
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.9
Oracle Audit Vault and Database FirewallSQL Injection Protection with Positive Security Model
White List
ApplicationsBlock
Allow
SELECT * from stock where catalog-no='PHE8131'
SELECT * from stock where catalog-no=‘' union select cardNo,0,0 from Orders --’
• “Allowed” behavior can be defined for any user or application• Automated white list generation for any application• Out-of-policy database transaction detected and blocked/alerted
Databases
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.10
Oracle Audit Vault and Database FirewallEnforcing Database Activity with Negative Security Model
• Stop specific unwanted SQL interactions, user or schema access• Blacklisting can be done on factors such as time of day, day of week,
network, application, user name, OS user name etc• Provide flexibility to authorized users while still monitoring activity
SELECT * FROM v$session
Block
Allow+ Log
Black List
DBA activity from Application?
SELECT * FROM v$session
DBA activity from Approved Workstation
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.11
Oracle Audit Vault and Database Firewall
Databases: Oracle, SQL Server, DB2 LUW, Sybase ASE
New Audit Sources – Operating Systems: Microsoft Windows, Solaris
– Directory Services: Active Directory
– File Systems: Oracle ACFS
Audit Collection Plugins for Custom Audit Sources– XML file maps custom audit elements to canonical audit elements
– Collect and map data from XML audit file and database tables
Comprehensive Enterprise Audit and Log Consolidation
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.12
Based on proven Oracle Database technology– Includes compression, partitioning, scalability, high availability, etc.
– Open schema for flexible reporting
Information lifecycle management for target specific data
retention
Centralized web console for easy administration
Command line utility for automation and scripting
Oracle Audit Vault and Database FirewallAudit and Event Repository
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.13
Software appliance based on hardened OS and pre-
configured database
Fine-grained administrative groups– Sources can be grouped for access authorization
– Individual auditor reports limited to data from the ‘grouped’ sources
Separation of duties
Powerful multi-event alerting with thresholds and group-by
Oracle Audit Vault and Database FirewallAudit and Event Data Security
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.14
Oracle Audit Vault and Database FirewallSingle Administrator Console
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.15
Oracle Audit Vault and Database FirewallDefault Reports
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.16
Oracle Audit Vault and Database FirewallOut-of-the Box Compliance Reporting
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.17
Oracle Audit Vault and Database FirewallReport with Data from Multiple Source Types
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.18
Oracle Audit Vault and Database FirewallAuditing Stored Procedure Calls – Not Visible on the Network
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.19
Oracle Audit Vault and Database FirewallExtensive Audit Details
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.20
Oracle Audit Vault and Database FirewallBlocking SQL Injection Attacks
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.21
Oracle Audit Vault and Database FirewallPowerful Alerting Filter Conditions
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.22
Oracle Audit Vault and Database FirewallFlexible Deployment Architectures
Inbound SQL Traffic
Audit VaultStandby
In-Line Blocking and Monitoring
HA Mode
Out-of-Band Monitoring
Audit VaultPrimary
Applicationsand Users
Remote Monitoring
Software Appliances
Audit Data
Audit Agents
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.23
Oracle Audit Vault and Database FirewallPerformance and Scalability
Audit Vault– Supports monitoring and auditing multiple hundreds of heterogeneous
database and non-database targets
– Supports wide range of hardware to meet load requirements
Database Firewall– Decision time is independent of the number of rules in the policy
– Multi-device / multi-process / multi-core scalability
– 8 core can handle between 30K – 60K transactions/second
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.24
T-MobileProtecting Customer Data in Oracle and non-Oracle Databases
Challenge Protect sensitive data – PCI, CPNI, SPII – in both Oracle and non-
Oracle Databases Monitor database threats, including SQL injection attacks and data
harvesting, without having to change application code Full visibility into database activity Understand what types of changes are being made to sensitive data
Solution Addresses data security with Database Firewall, TDE, Data
Masking as comprehensive database security defense-in-depth strategy
Database activity monitoring prevents insider and external threats Deployed and setup within a few hours; already protected against a
few compromised accounts that were harvesting data
Provider of wireless voice, messaging, and data services throughout the U.S.
Fourth largest wireless company in the U.S. with more than 35 million subscribers
Industry: Telecom
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.25
SquareTwo FinancialAddresses Regulatory Compliance, Enables Separation of Duties
Challenge Comply with a number of regulations: GLBA, HIPAA, SOX, and PCI Prove separation of duties for Sarbanes-Oxley compliance Quickly scale IT Security to address fast 37% company growth Minimal disruption to 5.9 million accounts while maintaining growth Secure Exadata Database Machine with no application changes
Solution Addresses compliance with Database Firewall, TDE, Data Masking
as comprehensive database security defense-in-depth strategy Database activity monitoring to protect against insider and external
threats, including SQL injection attacks Securing Exadata and SQL Server database activity
Leader in $100 billion asset recovery and management industry
Partner Network used by Fortune 500 companies in banking, credit card, and health care
Industry: Financial Services
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.26
TransUnion InteractiveAddresses Regulatory Compliance, Secures Sensitive Data
Challenge Maintain PCI DSS, SOX, and GLBA compliance Increase database traffic visibility; detect and monitor activity Increase database security and monitor for application SQL
injection attacks Detect and prevent application by-pass and data harvesting
Solution Deployed Database Firewall in one month; monitor database traffic Achieved 10k transactions/sec while maintaining performance Using reports to monitor traffic and manage workloads and capacity Use Oracle Advanced Security to encrypt tablespaces
Consumer subsidiary of TransUnion, a global leader in credit information
Maintains credit histories on over 500 million consumers globally
Industry: Financial Services
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.27
For More InformationOracle Audit Vault and Database Firewall
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.28
Q&A
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.29