Upload
wilfred-lin
View
334
Download
1
Tags:
Embed Size (px)
Citation preview
Defending the Cloud with
Monitoring and Auditing
Eva Chang
Senior Sales Consultant
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 2
Agenda
Data growth and cloud adoption
Data governance and risk management
Detect fraudulent data migration
Monitor data moving to and within the cloud
Report to address regulatory compliance
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 3
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 4
Stacked to the moon
DVDs
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 5
And back 80% protected by Enterprises
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 6
Data in the Cloud The Digital Universe in the Cloud Will Increase 20% by 2020
17%
2012
Not touchedby cloud
Stored ortouched
Source: IDC Digital Universe Study
37%
2020
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 7
Concerned about cloud security & privacy 82% Worried about a cloud provider data breach 54%
Undetected data breach #1Risk
Security: Top of Mind for Customers
Only thing trending higher than the cloud?
Security concerns about the cloud…
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 8
20% of IT budget by 2016
Cloud Security Spend Increasing
Source: Gartner
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 9
Database Security Strategy Defense-in-Depth for Maximum Security
Activity Monitoring
Database Firewall
Auditing and Reporting
DETECTIVE
Redaction and Masking
Privileged User Controls
Encryption
PREVENTIVE ADMINISTRATIVE
Sensitive Data Discovery
Configuration Management
Privilege Analysis
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 10
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 11
Oracle Database Security Solutions Defense-in-Depth for Maximum Security
Activity Monitoring
Database Firewall
Auditing and Reporting
DETECTIVE
Redaction and Masking
Privileged User Controls
Encryption
PREVENTIVE ADMINISTRATIVE
Sensitive Data Discovery
Configuration Management
Privilege Analysis
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 12
Data Migration
Cloud Data
Movement
Reporting for
Compliance
Data Governance
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 13
Data Governance and Risk Management
Opportunity
Risk
Policies and Procedures for Managing Information Usage
LOB IT
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 14
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 15
Aug/Sep 2012
DoR employee
Phishing email malware
Malware stole
Username password
8/27 Attacker logs
into remote access service w/
credentials
Executed utilities designed to
obtain user account passwords
(six servers)
9/13 Exfiltrated tax
records since ‘98:
3.8m individuals
$12 million in associated costs
Jeopardized governor’s re-election
1-year credit-monitoring & ID theft protection 800,000
9/1-2 Installed malicious
backdoor and accessed
22 servers
8/29 used passwords to
access 6 servers
9/12 Copied database backup files
to a staging directory
10/19-20 DoR remediates after being
notified of breach by 3rd party
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 16
Detect Fraudulent Data Migration Database Auditing
Monitor for large internal data migrations in
existing environments
Audit all databases for privilege user data access
Automate continual auditing of sensitive data
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 17
T-Mobile Monitors Data Exfiltration in Oracle and non-Oracle Databases
Solution
Addresses data security with Database
Firewall, TDE, Data Masking as comprehensive
database security defense-in-depth strategy
Database activity monitoring prevents insider
and external threats
Deployed and setup within a few hours; already
protected against a few compromised accounts
that were harvesting data
Provider of wireless voice,
messaging, and data
services throughout the U.S.
Fourth largest wireless
company in the U.S. with
more than 35 million
subscribers
Industry: Telecom
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 18
Monitor Data Moving To and Within the Cloud Database Activity Monitoring and SQL Injection Prevention
Monitor database and system activity
– Increase traffic visibility
Prevent database threats
– SQL injection attacks and privilege escalation
Detect application by-pass and data harvesting
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 19
SquareTwo Financial Prevents Database Threats Including SQL Injection Attacks
Solution
Addresses compliance with Database Firewall,
TDE, Data Masking as comprehensive
database security defense-in-depth strategy
Database activity monitoring to protect against
insider and external threats, including SQL
injection attacks
Securing Exadata and SQL Server databases
Leader in $100 billion asset
recovery and management
industry
Partner Network used by
Fortune 500 companies in
banking, credit card, and
health care
Industry: Financial Services
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 20
Address Regulatory Compliance Reporting and Alerting
Comply with regulations
– GLBA, HIPAA, SOX, PCI and more
Alert in real-time to prevent further compromise
Collect, consolidate audit trails and system logs
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 21
TransUnion Interactive Addresses PCI DSS Compliance
Solution
Deployed Database Firewall in one month to
monitor database traffic
Achieved 10k transactions/sec while
maintaining performance
Using reports to monitor traffic and manage
workloads and capacity
Additional: Oracle Advanced Security to
encrypt tablespaces
Consumer subsidiary of
TransUnion, a global leader
in credit information
Maintains credit histories on
over 500 million consumers
globally
Industry: Financial Services
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 22
Built-in Reports
Alerts
Custom Reports
!
Policies
AUDIT
DATA
AUDIT VAULT
Firewall
Events
Database Firewall
Custom
APP
S
Oracle Audit Vault and Database Firewall
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 23
For More Information Oracle Audit Vault and Database Firewall
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 24
Complimentary eBook Register Now
www.mhprofessional.com/dbsec
Use Code: db12c
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 25
Q&A
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 26