Your SlideShare is downloading. ×
0
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
C7   defending the cloud with monitoring and auditing
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

C7 defending the cloud with monitoring and auditing

344

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
344
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Defending the Cloud with Monitoring and Auditing Eva Chang Senior Sales Consultant
  • 2. Agenda  Data growth and cloud adoption  Data governance and risk management  Detect fraudulent data migration  Monitor data moving to and within the cloud  Report to address regulatory compliance 2 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 3. 3 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 4. DVDs Stacked to the moon 4 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 5. 80% protected by Enterprises 5 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. And back
  • 6. Data in the Cloud The Digital Universe in the Cloud Will Increase 20% by 2020 Not touched by cloud Stored or touched 17% 2012 37% 2020 6 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Source: IDC Digital Universe Study
  • 7. Security: Top of Mind for Customers Only thing trending higher than the cloud? Security concerns about the cloud… 82% 54% #1 Risk 7 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Concerned about cloud security & privacy Worried about a cloud provider data breach Undetected data breach
  • 8. Cloud Security Spend Increasing 20% of IT budget by 2016 Source: Gartner 8 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 9. Database Security Strategy Defense-in-Depth for Maximum Security PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring Privilege Analysis Redaction and Masking Database Firewall Sensitive Data Discovery Privileged User Controls Auditing and Reporting Configuration Management 9 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 10. 10 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 11. Oracle Database Security Solutions Defense-in-Depth for Maximum Security PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring Privilege Analysis Redaction and Masking Database Firewall Sensitive Data Discovery Privileged User Controls Auditing and Reporting Configuration Management 11 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 12. Data Governance Reporting for Compliance Data Migration Cloud Data Movement 12 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 13. Data Governance and Risk Management Policies and Procedures for Managing Information Usage Opportunity LOB IT Risk 13 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 14. 14 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 15. DoR employee Phishing email malware 8/29 used passwords to access 6 servers 9/1-2 Installed malicious backdoor and accessed 22 servers Malware stole Username password 9/12 Copied database backup files to a staging directory 10/19-20 DoR remediates after being notified of breach by 3rd party Aug/Sep 2012 8/27 Attacker logs into remote access service w/ credentials Executed utilities designed to obtain user account passwords (six servers) 15 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 9/13 Exfiltrated tax records since ‘98: 3.8m individuals $12 million in associated costs Jeopardized governor’s re-election 1-year credit-monitoring & ID theft protection 800,000
  • 16. Detect Fraudulent Data Migration Database Auditing  Monitor for large internal data migrations in existing environments  Audit all databases for privilege user data access  Automate continual auditing of sensitive data 16 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 17. T-Mobile Monitors Data Exfiltration in Oracle and non-Oracle Databases Solution Provider of wireless voice, messaging, and data services throughout the U.S. Fourth largest wireless company in the U.S. with more than 35 million subscribers Industry: Telecom 17 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.  Addresses data security with Database Firewall, TDE, Data Masking as comprehensive database security defense-in-depth strategy  Database activity monitoring prevents insider and external threats  Deployed and setup within a few hours; already protected against a few compromised accounts that were harvesting data
  • 18. Monitor Data Moving To and Within the Cloud Database Activity Monitoring and SQL Injection Prevention  Monitor database and system activity – Increase traffic visibility  Prevent database threats – SQL injection attacks and privilege escalation  Detect application by-pass and data harvesting 18 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 19. SquareTwo Financial Prevents Database Threats Including SQL Injection Attacks Solution Leader in $100 billion asset recovery and management industry Partner Network used by Fortune 500 companies in banking, credit card, and health care Industry: Financial Services 19 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.  Addresses compliance with Database Firewall, TDE, Data Masking as comprehensive database security defense-in-depth strategy  Database activity monitoring to protect against insider and external threats, including SQL injection attacks  Securing Exadata and SQL Server databases
  • 20. Address Regulatory Compliance Reporting and Alerting  Comply with regulations – GLBA, HIPAA, SOX, PCI and more  Alert in real-time to prevent further compromise  Collect, consolidate audit trails and system logs 20 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 21. TransUnion Interactive Addresses PCI DSS Compliance Solution Consumer subsidiary of TransUnion, a global leader in credit information Maintains credit histories on over 500 million consumers globally Industry: Financial Services 21 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.  Deployed Database Firewall in one month to monitor database traffic  Achieved 10k transactions/sec while maintaining performance  Using reports to monitor traffic and manage workloads and capacity  Additional: Oracle Advanced Security to encrypt tablespaces
  • 22. Oracle Audit Vault and Database Firewall Database Firewall APP S Firewall Events Alerts ! Built-in Reports AUDIT DATA Custom Reports Policies AUDIT VAULT 22 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Custom
  • 23. For More Information Oracle Audit Vault and Database Firewall 23 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 24. Complimentary eBook Register Now www.mhprofessional.com/dbsec Use Code: db12c 24 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 25. Q&A 25 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 26. 26 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

×