Copyright © 2012, Oracle and/or its affiliates. All rights reserved.1

Introducing

Oracle Audit Vault and Database Firewall

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.3

Billions of Database Records Breached Globally97% of Breaches Were Avoidable with Basic Controls

98% records stolenfrom databases

84% records breached using stolen credentials

71% fell within minutes

92% discovered by third party

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.5

Forrester Research

Network Security

SIEM

Endpoint Security

Web Application

Firewall

Email Security

Authentication & User Security

Database Security

?

Why are Databases so Vulnerable?

“Enterprises are taking on risks

that they may not even be aware

of. Especially as more and more

attacks against databases exploit

legitimate access.”

80% of IT Security Programs Don’t Address Database Security

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.6

Oracle Database Security SolutionsDefense-in-Depth for Maximum Security

Activity Monitoring

Database Firewall

Auditing and Reporting

DETECTIVE

Redaction and Masking

Privileged User Controls

Encryption

PREVENTIVE ADMINISTRATIVE

Sensitive Data Discovery

Configuration Management

Privilege Analysis

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.7

Oracle Database Security SolutionsDetect and Block Threats, Alert, Audit and Report

Activity Monitoring

Database Firewall

Auditing and Reporting

DETECTIVE

Redaction and Masking

Privileged User Controls

Encryption

PREVENTIVE ADMINISTRATIVE

Sensitive Data Discovery

Configuration Management

Privilege Analysis

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.8

Oracle Audit Vault and Database FirewallNew Solution for Oracle and Non-Oracle Databases

Firewall Events

Users

Applications

Database FirewallAllow

Log

Alert

Substitute

Block

Audit Data

Audit Vault

Reports

!Alerts

Policies

Auditor

Security Manager

OS, Directory, File System & Custom Audit Logs

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.9

Oracle Audit Vault and Database FirewallSQL Injection Protection with Positive Security Model

White List

ApplicationsBlock

Allow

SELECT * from stock where catalog-no='PHE8131'

SELECT * from stock where catalog-no=‘' union select cardNo,0,0 from Orders --’

• “Allowed” behavior can be defined for any user or application• Automated white list generation for any application• Out-of-policy database transaction detected and blocked/alerted

Databases

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.10

Oracle Audit Vault and Database FirewallEnforcing Database Activity with Negative Security Model

• Stop specific unwanted SQL interactions, user or schema access• Blacklisting can be done on factors such as time of day, day of week,

network, application, user name, OS user name etc• Provide flexibility to authorized users while still monitoring activity

SELECT * FROM v$session

Block

Allow+ Log

Black List

DBA activity from Application?

SELECT * FROM v$session

DBA activity from Approved Workstation

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.11

Oracle Audit Vault and Database Firewall

Databases: Oracle, SQL Server, DB2 LUW, Sybase ASE

New Audit Sources – Operating Systems: Microsoft Windows, Solaris

– Directory Services: Active Directory

– File Systems: Oracle ACFS

Audit Collection Plugins for Custom Audit Sources– XML file maps custom audit elements to canonical audit elements

– Collect and map data from XML audit file and database tables

Comprehensive Enterprise Audit and Log Consolidation

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.12

Based on proven Oracle Database technology– Includes compression, partitioning, scalability, high availability, etc.

– Open schema for flexible reporting

Information lifecycle management for target specific data

retention

Centralized web console for easy administration

Command line utility for automation and scripting

Oracle Audit Vault and Database FirewallAudit and Event Repository

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.13

Software appliance based on hardened OS and pre-

configured database

Fine-grained administrative groups– Sources can be grouped for access authorization

– Individual auditor reports limited to data from the ‘grouped’ sources

Separation of duties

Powerful multi-event alerting with thresholds and group-by

Oracle Audit Vault and Database FirewallAudit and Event Data Security

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.14

Oracle Audit Vault and Database FirewallSingle Administrator Console

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.15

Oracle Audit Vault and Database FirewallDefault Reports

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.16

Oracle Audit Vault and Database FirewallOut-of-the Box Compliance Reporting

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.17

Oracle Audit Vault and Database FirewallReport with Data from Multiple Source Types

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.18

Oracle Audit Vault and Database FirewallAuditing Stored Procedure Calls – Not Visible on the Network

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.19

Oracle Audit Vault and Database FirewallExtensive Audit Details

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.20

Oracle Audit Vault and Database FirewallBlocking SQL Injection Attacks

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.21

Oracle Audit Vault and Database FirewallPowerful Alerting Filter Conditions

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.22

Oracle Audit Vault and Database FirewallFlexible Deployment Architectures

Inbound SQL Traffic

Audit VaultStandby

In-Line Blocking and Monitoring

HA Mode

Out-of-Band Monitoring

Audit VaultPrimary

Applicationsand Users

Remote Monitoring

Software Appliances

Audit Data

Audit Agents

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.23

Oracle Audit Vault and Database FirewallPerformance and Scalability

Audit Vault– Supports monitoring and auditing multiple hundreds of heterogeneous

database and non-database targets

– Supports wide range of hardware to meet load requirements

Database Firewall– Decision time is independent of the number of rules in the policy

– Multi-device / multi-process / multi-core scalability

– 8 core can handle between 30K – 60K transactions/second

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.24

T-MobileProtecting Customer Data in Oracle and non-Oracle Databases

Challenge Protect sensitive data – PCI, CPNI, SPII – in both Oracle and non-

Oracle Databases Monitor database threats, including SQL injection attacks and data

harvesting, without having to change application code Full visibility into database activity Understand what types of changes are being made to sensitive data

Solution Addresses data security with Database Firewall, TDE, Data

Masking as comprehensive database security defense-in-depth strategy

Database activity monitoring prevents insider and external threats Deployed and setup within a few hours; already protected against a

few compromised accounts that were harvesting data

Provider of wireless voice, messaging, and data services throughout the U.S.

Fourth largest wireless company in the U.S. with more than 35 million subscribers

Industry: Telecom

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.25

SquareTwo FinancialAddresses Regulatory Compliance, Enables Separation of Duties

Challenge Comply with a number of regulations: GLBA, HIPAA, SOX, and PCI Prove separation of duties for Sarbanes-Oxley compliance Quickly scale IT Security to address fast 37% company growth Minimal disruption to 5.9 million accounts while maintaining growth Secure Exadata Database Machine with no application changes

Solution Addresses compliance with Database Firewall, TDE, Data Masking

as comprehensive database security defense-in-depth strategy Database activity monitoring to protect against insider and external

threats, including SQL injection attacks Securing Exadata and SQL Server database activity

Leader in $100 billion asset recovery and management industry

Partner Network used by Fortune 500 companies in banking, credit card, and health care

Industry: Financial Services

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.26

TransUnion InteractiveAddresses Regulatory Compliance, Secures Sensitive Data

Challenge Maintain PCI DSS, SOX, and GLBA compliance Increase database traffic visibility; detect and monitor activity Increase database security and monitor for application SQL

injection attacks Detect and prevent application by-pass and data harvesting

Solution Deployed Database Firewall in one month; monitor database traffic Achieved 10k transactions/sec while maintaining performance Using reports to monitor traffic and manage workloads and capacity Use Oracle Advanced Security to encrypt tablespaces

Consumer subsidiary of TransUnion, a global leader in credit information

Maintains credit histories on over 500 million consumers globally

Industry: Financial Services

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.27

For More InformationOracle Audit Vault and Database Firewall

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.28

Q&A

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.29