1 / 34

Oracle Audit Vault and Database Firewall: New Centralized Monitoring and Auditing Platform

Oracle Audit Vault and Database Firewall: New Centralized Monitoring and Auditing Platform. Frank Yang APAC Database Security Product Manager.

alayna
Download Presentation

Oracle Audit Vault and Database Firewall: New Centralized Monitoring and Auditing Platform

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Oracle Audit Vault and Database Firewall: New Centralized Monitoring and Auditing Platform Frank YangAPAC Database Security Product Manager

  2. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

  3. Program Agenda • Why Database Monitoring and Auditing • Overview of Oracle Audit Vault and Database Firewall • Key Features • Successful Story • Summary • Q&A

  4. Billions of Database Records Breached Globally 97% of Breaches Were Avoidable with Basic Controls 98% records stolen from databases 84% records breached using stolen credentials 71% fell within minutes 92% discovered by third party

  5. Why are Databases so Vulnerable? 80% of IT Security Programs Don’t Address Database Security • Forrester Research “Enterprises are taking on risks that they may not even be aware of. Especially as more and more attacks against databases exploit legitimate access.” ? Database Security

  6. Why Monitor Your Databases? Use Cases • Monitor Database activity without impacting your Database • Detect actions of malicious outsiders and insiders • Protect against SQL injection attacks on applications • Enforce conformance to corporate security policy

  7. Why Audit Your Databases? Use Cases • Collect comprehensive information about all relevant user activity • Who, what, when, where • Before/after values • Full execution and application context • Audit all pathways to the Database • SQL executed by stored procedures • Direct connections • Scheduled jobs • Operational activities

  8. Oracle Database Security Solutions Defense-in-Depth for Maximum Security PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring • Privilege Analysis Redaction and Masking Database Firewall Sensitive Data Discovery Privileged User Controls Auditing and Reporting Configuration Management

  9. Oracle Database Security Solutions Detect and Block Threats, Alert, Audit and Report PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring • Privilege Analysis Redaction and Masking Database Firewall Sensitive Data Discovery Privileged User Controls Auditing and Reporting Configuration Management

  10. To fill a shape with an image. Use existing picture box, DO NOT delete and create new picture box. Right click on the shape. At the bottom of the submenu select “Format Shape” Select “Fill” at the top of the “Format Shape” dialog box. Select “Picture or Texture fill” from the options. And select “File” under the “Insert from” option. Navigate to the file you want to use and select “Insert” On the “Format” tab, in the Size group, click on “Crop to Fill” in the Crop tool and drag the image bounding box to the desired size DELETE THIS INSTRUCTION NOTE WHEN NOT IN USE IntroducingOracle Audit Vault and Database Firewall

  11. Oracle Audit Vault and Database Firewall Detective/Preventive Control for Oracle and Non-Oracle Databases Users Applications Database Firewall Allow Log Alert Substitute Block Audit Vault Agent Firewall Events Auditor Reports Audit Data Alerts ! Security Manager Policies OS, Directory Services, File system & Custom Audit Logs Audit Vault

  12. Oracle Audit Vault and Database Firewall SQL Injection Protection with Positive Security Model SELECT * from stock where catalog-no='PHE8131' White List Allow Block SELECT * from stock where catalog-no=‘' union select cardNo,0,0 from Orders --’ Applications Databases • “Allowed” behavior can be defined for any user or application • Automated white list generation for any application • Out-of-policy database transaction detected and blocked/alerted

  13. Oracle Audit Vault and Database Firewall Enforcing Database Activity with Negative Security Model SELECT * FROM v$session Black List Block DBA activity from Application? SELECT * FROM v$session Allow + Log DBA activity from Approved Workstation • Stop specific unwanted SQL interactions, user or schema access • Blacklisting can be done on factors such as time of day, day of week, network, application, user name, OS user name etc • Provide flexibility to authorized users while still monitoring activity

  14. Oracle Audit Vault and Database Firewall • Comprehensive Enterprise Audit and Log Consolidation • Databases: Oracle, SQL Server, DB2 LUW, Sybase ASE,MySQL • New Audit Sources • Operating Systems: Microsoft Windows, Solaris ,Linux • Directory Services: Active Directory • File Systems: Oracle ACFS • Audit Collection Plugins for Custom Audit Sources • XML file maps custom audit elements to canonical audit elements • Collect and map data from XML audit file and database tables

  15. Oracle Audit Vault and Database FirewallAudit and Event Repository • Based on proven Oracle Database technology • Includes compression, partitioning, scalability, high availability, etc. • Open schema for flexible reporting • Information lifecycle management for target specific data retention • Centralized web console for easy administration • Command line utility for automation and scripting

  16. Oracle Audit Vault and Database FirewallAudit and Event Data Security • Software appliance based on hardened OS and pre-configured database • Fine-grained administrative groups • Sources can be grouped for access authorization • Individual auditor reports limited to data from the ‘grouped’ sources • Separation of duties • Powerful multi-event alerting with thresholds and group-by

  17. Oracle Audit Vault and Database FirewallPerformance and Scalability • Audit Vault • Supports monitoring and auditing multiple hundreds of heterogeneous database and non-database targets • Supports wide range of hardware to meet load requirements • Database Firewall • Decision time is independent of the number of rules in the policy • Multi-device / multi-process / multi-core scalability • 8 core can handle between 30K – 60K transactions/second

  18. Oracle Audit Vault and Database FirewallSingle Administrator Console

  19. Oracle Audit Vault and Database FirewallDefault Reports

  20. Oracle Audit Vault and Database FirewallOut-of-the Box Compliance Reporting

  21. Oracle Audit Vault and Database FirewallReport with Data from Multiple Source Types

  22. Oracle Audit Vault and Database Firewall Auditing Stored Procedure Calls – Not Visible on the Network

  23. Oracle Audit Vault and Database FirewallExtensive Audit Details

  24. Oracle Audit Vault and Database FirewallBlocking SQL Injection Attacks

  25. Oracle Audit Vault and Database FirewallPowerful Alerting Filter Conditions

  26. Oracle Audit Vault and Database Firewall Flexible Deployment Architectures In-Line Blocking and Monitoring Audit Vault Standby Audit Vault Primary Remote Monitoring Out-of-Band Monitoring Applications and Users HA Mode Inbound SQL Traffic Audit Agents Audit Data Software Appliances

  27. T-Mobile Protecting Customer Data in Oracle and non-Oracle Databases • Provider of wireless voice, messaging, and data services throughout the U.S. • Fourth largest wireless company in the U.S. with more than 35 million subscribers • Industry: Telecom

  28. SquareTwo Financial Addresses Regulatory Compliance, Enables Separation of Duties • Leader in $100 billion asset recovery and management industry • Partner Network used by Fortune 500 companies in banking, credit card, and health care • Industry: Financial Services

  29. Audit Vault and Database Firewall Summary • A comprehensive platform for monitoring and auditing • Supports multiple deployment modes • Powerful out of the box and custom reports • Enterprise scalability and performance • Soft-appliance packaging • Supports Oracle and non-Oracle

  30. Q&A

  31. Graphic Section Divider

More Related