Intro Securitday Bilbao

316 views
235 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
316
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Intro Securitday Bilbao

  1. 1. 1 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  2. 2. 2 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  3. 3. 3 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  4. 4. Las amenazas están fuera, lasvulnerabilidades en el interiorJosé Manuel Rodríguez de LlanoSales Manager SeguridadOracle Iberia4 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  5. 5. This document is for informational purposes. It is not a commitment todeliver any material, code, or functionality, and should not be relied upon inmaking purchasing decisions. The development, release, and timing of anyfeatures or functionality described in this document remains at the solediscretion of Oracle. This document in any form, software or printed matter,contains proprietary information that is the exclusive property ofOracle. This document and information contained herein may not bedisclosed, copied, reproduced or distributed to anyone outside Oraclewithout prior written consent of Oracle. This document is not part of yourlicense agreement nor can it be incorporated into any contractualagreement with Oracle or its subsidiaries or affiliates. 5 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  6. 6. SEGURIDAD6 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  7. 7. Evolución => acelerada7 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  8. 8. COMPLEJIDAD CRECIENTE • Recursos constantes8 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  9. 9. La Seguridad es una cuestión estratégica El número y complejidad de las amenazas externas aumenta 6M Passwords Linkedin robadas $1Billón Coste Global del Cibercrimen 12M Tarjetas de Sony crédito robadas McAfee 2010 1.3M Cuentas $7.2 Millones SEGA On-line Coste medio de Fuga de DatosSecurity Week Dec 15, 2011 BetaNewsSeven Significant Hacks of 2011 June 6, 2012 Ponemon 2011 9 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  10. 10. El Riesgo amenaza el Negocio Marca, reputación, responsabilidad, valor para el accionista Sony RSA 3x Reducción del Valor de la Marca Societe $100M Coste 97% Evitables con controles simples UBS Generale $1000M Pérdidas. $7000M Dimisión CEO. Pérdidas Security Week Dec 15, 2011 Bloomberg June 8 2011 Verizon DBIR 2012 Seven Significant Hacks of 201110 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  11. 11. Las causas están dentro Controles simples en sistemas centrales pueden prevenir la mayoría de fugas Linkedin Societe Generale Passwords cifradas ligeramente Trader con permisos excesivos Sony RSA Tarjetas de Crédito sin cifrar Malware utilizando acceso de empleado11 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  12. 12. La respuesta es..de momento…reactiva “Most security organizations continue to focus inappropriate attention on network vulnerabilities and reactive network security tools rather than on proactive application security practices”.12 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  13. 13. El Modo Reactivo no funciona Mayor presupuesto de IT dedicado a Seguridad no enfocado en los riesgos correctosThe Evolution of IT Security 2010 to 2011 2010 94% contra servidores Endpoint Security 66% datos sensibles en Vulnerability Management Base de Datos 2007 14% 96% Security NetworkPCI no cumplen 5% Abuso de Presupuesto IT Email SecurityPrivilegios 32% del hacking Other Security involucra 8.2% credenciales robadas Presupuesto IT IDC 2011 :Effective Data Leak Prevention Programs Verizon DBIR 2012 & IDC 2011 13 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  14. 14. APPLICATIONS credenciales robadas hacking con MIDDLEWARE Registros robados a través de web/app servers DATABASE Registros robados de Bases de Datos OPERATING SYSTEM de privilegios Por abuso Ataques contra servidores SERVERS Robos de información off-line STORAGE Fugas contra servidores de ficheros14 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  15. 15. Oracle: Seguridad desde el Interior Social Social BLOG BLOG Datos Aplicaciones Usuarios15 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 15
  16. 16. Oracle: Seguridad desde el Interior Social Social SEGURIDAD GESTION DE IDENTIDADES BLOG BLOG BASE DE DATOS Y ACCESOS Datos Aplicaciones Usuarios16 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 16
  17. 17. Oracle Identity Management 11gR2 Completo, Innovador, Integrado Gobierno de Identidades Gestión de Accesos Directory Services • Gestión de Passwords • Single Sign-On & Federación • Almacenamiento LDAP • Petición/Aprobación Self-Service • Seguridad en Web Services • Virtualización de Directorios • Provisión basada en Roles • Autenticación & Prevención del • Sincronización LDAP Fraude • Monitorización de Políticas • Directorio Unificado • Autorización • Certificación de Accesos basada en riesgo • Acceso desde Dispositivos Móviles • Gestión de Usuarios Privilegiados ...17 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  18. 18. Seguridad Oracle para Bases de datos Resumen de Soluciones • Oracle Advanced Security • Oracle Database Vault • Oracle Audit Vault • Oracle Total Recall • Oracle Database Firewall • Oracle Data Masking18 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  19. 19. Acceso Ubicuo y Móvil. Seguridad del Centro de Datos SECURITY UNLOCKS Peticion de Accesos Agil OPPORTUNITY Certificación de “Compliance” Seguridad en Servicios Web19 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 11
  20. 20. de las compañias utilizarán 90% de las 62% redes sociales para conectar con clientes compañias proveerán aplicaciones móviles en 2014 76% 10% Guardan credenciales guardan passwords como58% Construyendo app stores corporativas texto20 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  21. 21. Seguridad del21 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  22. 22. AREAS • Pérdida, acceso inapropiado a • 3 en operacion y administración • . Normativas de proteccion de datos DE FOCO22 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  23. 23. Access User Request Provisioning Help Desk Access Tickets Control Off Boarding y Certification On-boarding Review23 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  24. 24. CERTIFICACION DE &Auditoría Certificación Segregación Control de Detección de Funciones Procesos y de Fraude Transacciones24 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  25. 25. getPatient PATIENT PATIENT RECORD RECORD xxxx xx xxx-xx25 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  26. 26. 26 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
  27. 27. 27 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.

×