Your SlideShare is downloading. ×
F5 Networks Adds To Oracle Database
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

F5 Networks Adds To Oracle Database

2,726

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,726
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
69
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • User logs into a web applicationF5 identifies possible SQL injection eventSecurity event containint use and web app info is sent from ASM to DBFW via an iRuleDBFW correlates the ASM event with the database traffic logDBFW take an appropriate action (block, alert, pass)Correlated even data is sent to SIEM logEnriched data is available for reporting and forensic analysisIntegrated report is available for distributionIntegrated log entry is generated and stored in DBFW
  • Transcript

    • 1. F5 Adds Solutions for Oracle Database
    • 2. Announcement Highlights, February 14
      F5 adds to its portfolio of solutions for Oracle Database
      New solution combines F5 BIG-IP Application Security Manager with Oracle Database Firewall
      Solution provides:
      Strong protection against SQL injection attacks around the web application and database
      Audit data to correlate security events reported by the web application firewall and database firewall
      Logs user information for attacks and out-of-policy behavior
    • 3. Application Trends and Drivers
      “Webification” of applications
      Intelligent browsers and applications
      Increasing regulatory requirements (PCI)
      Untargeted attacks – BOTs
      Targeted attacks – (D)DoS
      Public awareness of breach attempts and data security
      Tough economy = constrained resources and budgets cuts increased security risks; reduced compliance
    • 4. Web applications are at risk
      SANS report
      Focused on patching Operating Systems
      80% of vulnerabilities are in web apps
      60% of the attack vectors are web based
      Reports from 7Safe and Web Hacking Incidents Database stat that 60% of all breach incidents examined involved SQL injection
    • 5. F5 and Oracle Solutionsare Engineered to WorkTogether
    • 6. F5 and Oracle Solutions areEngineered to Work Together
    • 7. F5 BIG-IP Application Security Manager
      Provides comprehensive protection of all web application vulnerabilities
      Logs and reports all application traffic and attacks
      Enables Layer 2 through Layer 7 protection
      Learning and Blocking Modes
      Web attack types
      SQL Injection
    • 8. Oracle Database Firewall
      Real-time database activity monitoring and blocking
      Responds to each type of threat via either logging, monitoring, alerting, blocking, or substituting
      Deployed out-of-band or in-band with heterogeneous database environments
      Available as a virtual appliance
    • 9. F5 and Oracle Integrated Solution
      Monitor and block traffic at the web and database layers
      Application sessions tracked from client, to web, to database, and back
      When anomalies are detected by ASM, they are logged by both ASM and Oracle DBFW
      ASM provides user and web context of the attack enabling complete visibility of attack from source IP address, through HTTP page and session to SQL transaction.
      DBFW can analyze the full SQL transaction to see if the query is out of policy, rather than just a fragment.
      Ensures that administrators are always able to get consistent, correlated application monitoring data
      Web tier attacks are blocked by ASM
      Undetected attacks that get to the database are blocked by DBFW
    • 10. www.acme.com?id=%27+OR+1%3D1+-
      How Does it Work?
      ASM Event
      User Identity
      External Users
      Administrators
      APPLICATIONS
      Internal
      Users
      NETWORK
      DATABASES
      Integrated Log
      DBFW Management Server
      Correlated Syslog Event
      SIEM
      Web Application traffic is secured with ASM,
      Database traffic is secured with Database Firewall
    • 11. Example Report
    • 12. Case Study: Large Financial in the UK
    • 13. F5 Networks and Oracle
      Deliver application and database security event correlation
      Unity security information management
      Monitor security more easily
      Protect applications and databases from unauthorized access
      Driving joint customer engagements
      Available now

    ×