Contenu connexe
Tendances
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...TrustArc
Similaire à Defending Cloud Data with Monitoring and Auditing
Similaire à Defending Cloud Data with Monitoring and Auditing (20)
Plus de Dr. Wilfred Lin (Ph.D.)
Plus de Dr. Wilfred Lin (Ph.D.) (20)
Defending Cloud Data with Monitoring and Auditing
- 2. Agenda
Data growth and cloud adoption
Data governance and risk management
Detect fraudulent data migration
Monitor data moving to and within the cloud
Report to address regulatory compliance
2
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
- 6. Data in the Cloud
The Digital Universe in the Cloud Will Increase 20% by 2020
Not touched
by cloud
Stored or
touched
17%
2012
37%
2020
6
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Source: IDC Digital Universe Study
- 7. Security: Top of Mind for Customers
Only thing trending
higher than the cloud?
Security concerns about
the cloud…
82%
54%
#1
Risk
7
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Concerned about cloud
security & privacy
Worried about a cloud
provider data breach
Undetected data breach
- 8. Cloud Security Spend Increasing
20% of IT
budget by
2016
Source: Gartner
8
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
- 9. Database Security Strategy
Defense-in-Depth for Maximum Security
PREVENTIVE
DETECTIVE
ADMINISTRATIVE
Encryption
Activity Monitoring
Privilege Analysis
Redaction and Masking
Database Firewall
Sensitive Data Discovery
Privileged User Controls
Auditing and Reporting
Configuration Management
9
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
- 11. Oracle Database Security Solutions
Defense-in-Depth for Maximum Security
PREVENTIVE
DETECTIVE
ADMINISTRATIVE
Encryption
Activity Monitoring
Privilege Analysis
Redaction and Masking
Database Firewall
Sensitive Data Discovery
Privileged User Controls
Auditing and Reporting
Configuration Management
11
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
- 13. Data Governance and Risk Management
Policies and Procedures for Managing Information Usage
Opportunity
LOB
IT
Risk
13
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
- 15. DoR employee
Phishing email malware
8/29 used passwords to
access 6 servers
9/1-2 Installed malicious
backdoor and accessed
22 servers
Malware stole
Username password
9/12 Copied database backup files
to a staging directory
10/19-20 DoR remediates after being
notified of breach by 3rd party
Aug/Sep 2012
8/27 Attacker logs
into remote access service w/
credentials
Executed utilities designed to
obtain user account passwords
(six servers)
15
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
9/13 Exfiltrated tax
records since ‘98:
3.8m individuals
$12 million in associated costs
Jeopardized governor’s re-election
1-year credit-monitoring & ID theft protection 800,000
- 16. Detect Fraudulent Data Migration
Database Auditing
Monitor for large internal data migrations in
existing environments
Audit all databases for privilege user data access
Automate continual auditing of sensitive data
16
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
- 17. T-Mobile
Monitors Data Exfiltration in Oracle and non-Oracle Databases
Solution
Provider of wireless voice,
messaging, and data
services throughout the U.S.
Fourth largest wireless
company in the U.S. with
more than 35 million
subscribers
Industry: Telecom
17
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Addresses data security with Database
Firewall, TDE, Data Masking as comprehensive
database security defense-in-depth strategy
Database activity monitoring prevents insider
and external threats
Deployed and setup within a few hours; already
protected against a few compromised accounts
that were harvesting data
- 18. Monitor Data Moving To and Within the Cloud
Database Activity Monitoring and SQL Injection Prevention
Monitor database and system activity
– Increase traffic visibility
Prevent database threats
– SQL injection attacks and privilege escalation
Detect application by-pass and data harvesting
18
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
- 19. SquareTwo Financial
Prevents Database Threats Including SQL Injection Attacks
Solution
Leader in $100 billion asset
recovery and management
industry
Partner Network used by
Fortune 500 companies in
banking, credit card, and
health care
Industry: Financial Services
19
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Addresses compliance with Database Firewall,
TDE, Data Masking as comprehensive
database security defense-in-depth strategy
Database activity monitoring to protect against
insider and external threats, including SQL
injection attacks
Securing Exadata and SQL Server databases
- 20. Address Regulatory Compliance
Reporting and Alerting
Comply with regulations
– GLBA, HIPAA, SOX, PCI and more
Alert in real-time to prevent further compromise
Collect, consolidate audit trails and system logs
20
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
- 21. TransUnion Interactive
Addresses PCI DSS Compliance
Solution
Consumer subsidiary of
TransUnion, a global leader
in credit information
Maintains credit histories on
over 500 million consumers
globally
Industry: Financial Services
21
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Deployed Database Firewall in one month to
monitor database traffic
Achieved 10k transactions/sec while
maintaining performance
Using reports to monitor traffic and manage
workloads and capacity
Additional: Oracle Advanced Security to
encrypt tablespaces
- 22. Oracle Audit Vault and Database Firewall
Database Firewall
APP
S
Firewall
Events
Alerts
!
Built-in Reports
AUDIT
DATA
Custom Reports
Policies
AUDIT VAULT
22
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Custom
- 23. For More Information
Oracle Audit Vault and Database Firewall
23
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.