SlideShare a Scribd company logo

Security for heterogeneous enviroments

Download as PPTX, PDF
Federman Hoyos
Federman Hoyos

Security, Oracle

Technology
1 of 46
1
<Insert Picture Here> Security for Heterogeneous Environments Federman Hoyos IT Solution Architect
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 3
Your Information Assets Across Heterogeneous Databases Customer Product Employee Finance Clinical Trials 4
Your Information Asset Lifecycle Shared with 3rd Parties • Almost 50% of all organizations exposed Production data in non-Production environments • Only 16% have a system in place for deidentifying sensitive data Clinical IT Service Market Business Application Research Providers Research partners Developers 5
Your Information Asset Protection Challenge • Ensure comprehensive protection of your information assets across heterogeneous enterprise databases • Reduce information lifecycle costs through automation Clinical IT Service Market Business Application Research Providers Research partners Developers 6
Secure Test System Deployments Production Test LAST_NAME SSN SALARY LAST_NAME SSN SALARY AGUILAR 203-33-3234 40,000 SMITH 111—23-1111 60,000 BENSON 323-22-2943 60,000 MILLER 222-34-1345 40,000 7
How Secure Test System Deployments Production Test LAST_NAME SSN SALARY LAST_NAME SSN SALARY AGUILAR 203-33-3234 40,000 SMITH 111—23-1111 60,000 BENSON 323-22-2943 60,000 MILLER 222-34-1345 40,000 • Deploy secure test system by masking sensitive data • Sensitive data never leaves the database • Extensible template library and policies for automation • Sophisticated masking: Condition-based, compound, deterministic • Integrated masking and cloning • Leverage masking templates for common data types
Data Masking using Oracle Enterprise Manager Centrally controlled. Globally managed. • Monitoring • Performance Diagnostics • Patching & Provisioning • Configuration Management • Data Masking 9
Data Masking Methodology Production Non-Production LAST_NAME SSN SALARY LAST_NAME SSN SALARY AGUILAR 203-33-3234 40,000 SMITH 111—23-1111 40,000 BENSON 323-22-2943 60,000 JOHNSON 222-34-1345 60,000 • Find: Catalog and identify sensitive data across enterprise databases • Assess: Define the optimal data masking techniques • Secure: Automate non-production systems through data masking • Test: Ensure the integrity of applications through testing 10
FIND: Catalog and identify sensitive data across enterprise databases ASSESS SECURE TEST 11
Catalog Sensitive Data in Your Enterprise Databases Person Name Bank Account Number Maiden Name Card Number (Credit or Debit Card Number) Business Address Tax Registration Number or National Tax ID • Business-driven Business Telephone Number Person Identification Number Business Email Address Welfare Pension Insurance Number • Criteria: Custom Name Unemployment Insurance Number Employee Number Government Affiliation ID – Violate government User Global Identifier Military Service ID regulations Party Number or Customer Number Social Insurance Number Account Name Pension ID Number – Violate business Mail Stop Article Number regulations GPS Location Civil Identifier Number Student Exam Hall Ticket Number Hafiza Number – Damage shareholder Club Membership ID Library Card Number Social Security Number Trade Union Membership Number value through loss of Identity Card Number Pension Registration Number • Market capital Instant Messaging Address National Insurance Number • Valuation Web site Health Insurance Number National Identifier Personal Public Service Number • Reputation Passport Number Electronic Taxpayer Identification Number • Customers Driver’s License Number Biometrics Data • Lawsuits Personal Address Digital ID Personal Telephone Number Citizenship Number • Business-driven Personal Email Address Voter Identification Number Visa Number or Work Permit Residency Number (Green Card) 12
FIND ASSESS: Define the optimal data masking techniques SECURE TEST 13
Comprehensive Mask Formats Mask Primitives and User-extensible Mask Formats • Mask primitives – Simple mask formats • ALPHA • NUMERIC • DATE – Simple mask techniques • SHUFFLE • RANDOMIZE • LOOKUP TABLE Mask formats for common sensitive data Accelerates solution deployment of masking Extensible mask routines Enables customization of business rules Define once, apply everywhere Ensures consistent enforcement of policies 14
Mask Definition Associate Mask Formats with Identified Sensitive Columns • Automatic discovery and enforcement of referential integrity • Registration and enforcement of referential integrity when entered as related columns – Application-enforced referential integrity – Business-process based data relationships – Non-Oracle database based referential integrity • Imported via XML generated via SQL against meta data 15
FIND ASSESS SECURE: Automate non- production systems through data masking TEST 16
Test System Setup for Oracle Databases Creating Test Databases from Production Business T1 BusinessT1 T2 T3 T2 T3 data data T4 T5 T4 T5 Clone App Meta data App Meta data DB dictionary data DB dictionary data Production DB Test DB • Enterprise Manager out-of-the-box workflows • RMAN-based clone-and-masking (Recommended) • Export-Import • Backup and Restore • Transportable Tablespace
Test System Setup for non-Oracle Databases Creating Test Databases from Production using Oracle Gateways Business T1 1 BusinessT1 T2 T3 T2 T3 data Clone data T4 T5 T4 T5 Production DB App Meta data App Meta data Test DB DB dictionary data DB dictionary data 2 Database 4 gateway Masking Process 1. Production data copied to Test 2. Sensitive data copied to Staging 3. Sensitive data masked in Staging BusinessT1 3 4. Masked data copied from Staging to Test T2 T3 data 5. Truncate Data in Stage Database T4 T5 Staging DB
FIND ASSESS SECURE TEST: Ensure the integrity of applications through testing
Auditing your Database Information Sybase Oracle ASE IBM Database Microsoft DB2 SQL Server
Why Audit? • Its all about protecting sensitive data, maintaining customer trust, and protecting the business • Trust-but-verify that your employees are only performing operations required by the business • Detective controls to monitor what is really going on • Reduce the curiosity seekers from looking at data • Compliance demands that privileged users be monitored • Know what is going on before others tell you • Cost of compliance • Eliminate costly and complex scripts for reporting • Reduce reporting costs for specific compliance audits • SOX, PCI, HIPAA, SAS 70, STIG 22
Database Auditing and Applications Why Auditors Want to Audit Databases • Monitor privileged application user accounts for non- compliant activity • Audit non-application access to sensitive data (credit card, financial data, personal identifiable information, etc) • Verify that no one is trying to bypass the application controls/security • PO line items are changed so it does not require more approvals • Verify shared accounts are not be abused by non- privileged users • Application bypass - Use of application accounts to view application data 23
What Do You Need To Audit? Database PCI HIPAA/ SOX Basel II FISMA GLBA Audit Requirements DSS HITECH Accounts, Roles & GRANT changes ● ● ● ● ● ● Failed Logins and other Exceptions ● ● ● ● ● ● Privileged User Activity ● ● ● ● ● ● Access to Sensitive Data (SELECTs…) ● ● ● ● ● Data Changes (INSERT, UPDATE, …) ● ● Schema Changes (DROP, ALTER…) ● ● ● ● ● ● 24
Oracle Audit Vault Trust-but-Verify Consolidate and Secure Audit Data Out-of-the Box Compliance Reports Alert on Security Threats Sybase ASE Lower IT Costs With Entitlements & Audit Policies IBM Oracle DB2 Database Microsoft SQL Server 25
Oracle Audit Vault Oracle Database Audit Support • Database Audit Tables • Collect audit data for standard and fine-grained auditing • Oracle audit trail from OS files • Collect audit records written in XML or standard text file • Operating system Windows Event Viewer & SYSLOG • Collect Oracle database audit records • Redo log • Extract before/after values and DDL changes to table • Database Vault specific audit records 27
28
The Access Reports filter the audit content based on event and categories, such as Data Access: select, insert, update, delete.., and User Sessions: login, logout, etc. The Oracle Audit Vault Auditor’s Guide list the events that are collected and mapped to the categories. 29
The Entitlement Reports can be used for internal/external auditors to view Oracle database users and their privileges. You can view all Oracle databases and their users or filter by an individual database to view the privileges. The compare capability provides a report on changes to user privileges from one snapshot time to another. 30
The Alerts Report content can be accessed from the Dashboard or you can view all alerts that have been generated at one Alerts can be defined for time. The critical and warning •Directly viewing sensitive columns alert reports track •Creating users on sensitive systems critical and warning •Role grants on sensitive systems alerts. An alert is raised •“DBA” grants on all systems when data in a single •Failed logins for application user audit record matches a predefined alert rule condition. 31
Oracle Audit Vault Audit Trail Clean-Up: DBMS_AUDIT_MGMT • Automatically deletes Oracle audit trails from target after they are securely inserted into Audit Vault • Reduces DBA manageability challenges with audit trails Database 1) Transfer audit trail data 3) Delete older 2) Update last inserted record audit records 32
Setting Client Identifier with Applications • Any application running on Oracle database can set the client identifier Application sets client_info to User A User A connects Oracle Audit Record Application uses Server client_identifier Application resets client_info to User B Oracle User B Database connects 33
Protecting access to your Databases
Existing Security Solutions Not Enough Key Loggers Malware SQL Injection Espionage Spear Phishing Botware Social Engineering Database Application Users Application Database Administrators Data Must Be Protected at the Source
SQL Injection Review The biggest danger to cyber security Attacks blocked!!! X Data and/or credential theft SQL command Successful Millions of attack attacks Malware injection App Server Database App Server Database Firewall • Successful attack • Implications Attacks logged • Query database • Lost data • Modify data • Monetary theft • Deliver malware • Steal credentials / deny service
Oracle Database Firewall First Line of Defense Allow Log Alert Substitute Applications Block Alerts Built-in Custom Policies Reports Reports • Monitor database activity to prevent unauthorized database access, SQL injections, privilege or role escalation, illegal access to sensitive data, etc. • Highly accurate SQL grammar based analysis without costly false positives • Flexible SQL level enforcement options based on white lists and black lists • Scalable architecture provides enterprise performance in all deployment modes • Built-in and custom compliance reports for SOX, PCI, and other regulations
Oracle Database Firewall Positive Security Model White List Allow Block Applications • “Allowed” behavior can be defined for any user or application • Whitelist can take into account built-in factors such as time of day, day of week, network, application, etc. • Automatically generate whitelists for any application • Transactions found not to match the policy instantly rejected • Database will only process data how you want and expect
Oracle Database Firewall Negative Security Model Black List Allow Block Applications • Stop specific unwanted SQL commands, user or schema access • Prevent privilege or role escalation and unauthorized access to sensitive data • Blacklist can take into account built-in factors such as time of day, day of week, network, application, etc. • Selectively block any part of transaction in context to your business and security goals
Oracle Database Firewall Policy Enforcement Log Allow SELECT * FROM Alert accounts Substitute Applications Becomes Block SELECT * FROM dual where 1=0 • Innovative SQL grammar technology reduces millions of SQL statements into a small number of SQL characteristics or “clusters” • Superior performance and policy scalability • Flexible enforcement at SQL level: block, substitute, alert and pass, log only • SQL substitution foils attackers without disrupting applications • Zero day protection without false positives
Reporting Speeding deployment means lower cost • Database Firewall log data consolidated into reporting database • Over 130 built in reports that can be modified/customized • Entitlement report for database attestation • Activity and privileged user reports • Supports demonstrating PCI, SOX, HIPAA, etc. • Write your own reports Unique to Oracle 43
Oracle Database Firewall Database Activity Masking • Prevents creating yet another database with sensitive and regulated data • Sensitive and regulated information contained in SQL statements can be masked or redacted in real-time prior to being logged • Flexible masking policies allow masking all data or just specific columns • Critical for organizations who want to monitor and log all database activity
Oracle Database Firewall Architecture Local Monitor Database Firewalls HA Mode Database Firewall Policy Analyzer Management Server • Low TCO Oracle Enterprise Linux based “software appliance” • Supports Intel-based hardware platforms for vertical and horizontal scalability • Policy enforcement separated from policy management and reporting for scalability and performance • Optional lightweight agents that reside within the database or the OS • Supports Oracle and non-Oracle Databases, and is application agnostic
Oracle Database Firewall Fast and Flexible Deployments Application Servers Users Database Out-of-Band Router Firewall Database Servers In-Line Host Based Agent • In-Line: All database traffic goes through the Oracle Database Firewall • Out-of-Band/Passive: Database Firewall connected to a SPAN port or TAP • Optional Host Based Remote or Local Monitors • Can send network traffic from the database host to the Database Firewall • Can send non-network database activity to the Database Firewall to identify unauthorized use of local console or remote sessions
Oracle Security Solutions Complete Defense-in-Depth • Comprehensive – single vendor addresses all your requirements • Transparent – no changes to existing applications or databases • Easy to deploy – point and click interfaces deliver value within hours • Cost Effective – integrated solutions reduce risk and lower TCO • Proven – #1 Database with over 30 years of security innovation! Monitoring Auditing Access Encryption & Blocking Control & Masking • Database • Audit Vault • Database • Data Masking Firewall Vault • Label Security • Identity Management
DEMO Demo…
En el booth de Oracle Solution Specialist le podemos brindar información sobre los servicios que ofrecemos y de Nuestras Soluciones

Recommended

Sms passcode
Sms passcodeSms passcode
Sms passcodeTechMeetups
 
ISACA New York Metro April 30 2012
ISACA New York Metro April 30 2012ISACA New York Metro April 30 2012
ISACA New York Metro April 30 2012Ulf Mattsson
 
E collaborationscottrea
E collaborationscottreaE collaborationscottrea
E collaborationscottreaCollaborative Health Consortium
 
Ulf mattsson webinar jun 7 2012 slideshare version
Ulf mattsson webinar jun 7 2012 slideshare versionUlf mattsson webinar jun 7 2012 slideshare version
Ulf mattsson webinar jun 7 2012 slideshare versionUlf Mattsson
 
ISACA Dallas Texas 2010 - Ulf Mattsson
ISACA Dallas Texas 2010 - Ulf MattssonISACA Dallas Texas 2010 - Ulf Mattsson
ISACA Dallas Texas 2010 - Ulf MattssonUlf Mattsson
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1OracleIDM
 
Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010Oracle BH
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Datacard
 

Recommended

Sms passcode
Sms passcodeSms passcode
Sms passcodeTechMeetups
 
ISACA New York Metro April 30 2012
ISACA New York Metro April 30 2012ISACA New York Metro April 30 2012
ISACA New York Metro April 30 2012Ulf Mattsson
 
E collaborationscottrea
E collaborationscottreaE collaborationscottrea
E collaborationscottreaCollaborative Health Consortium
 
Ulf mattsson webinar jun 7 2012 slideshare version
Ulf mattsson webinar jun 7 2012 slideshare versionUlf mattsson webinar jun 7 2012 slideshare version
Ulf mattsson webinar jun 7 2012 slideshare versionUlf Mattsson
 
ISACA Dallas Texas 2010 - Ulf Mattsson
ISACA Dallas Texas 2010 - Ulf MattssonISACA Dallas Texas 2010 - Ulf Mattsson
ISACA Dallas Texas 2010 - Ulf MattssonUlf Mattsson
 
A better waytosecureapps-finalv1
A better waytosecureapps-finalv1A better waytosecureapps-finalv1
A better waytosecureapps-finalv1OracleIDM
 
Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010Oracle tech fmw-05-idm-neum-16.04.2010
Oracle tech fmw-05-idm-neum-16.04.2010Oracle BH
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Datacard
 
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET Journal
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
 
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...Hitachi ID Systems, Inc.
 
Credexo IDM
Credexo IDMCredexo IDM
Credexo IDMsiadehghan
 
Hitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioningHitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioningHitachi ID Systems, Inc.
 
P hallam baker_keynote
P hallam baker_keynoteP hallam baker_keynote
P hallam baker_keynoteshindeshekhar
 
Enterprise Security Architecture: From Access to Audit
Enterprise Security Architecture: From Access to AuditEnterprise Security Architecture: From Access to Audit
Enterprise Security Architecture: From Access to AuditBob Rhubart
 
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...Hitachi ID Systems, Inc.
 
Integrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCIntegrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCDATAVERSITY
 
Od webcast-cloud-fraud final
Od webcast-cloud-fraud finalOd webcast-cloud-fraud final
Od webcast-cloud-fraud finalOracleIDM
 
Testing cloud services - EuroSTAR
Testing cloud services - EuroSTARTesting cloud services - EuroSTAR
Testing cloud services - EuroSTARJeroen Mengerink
 
Sxsw ppt voice-1
Sxsw ppt voice-1Sxsw ppt voice-1
Sxsw ppt voice-1Dan Miller
 
Trade Secrets in the Video Game Industry
Trade Secrets in the Video Game IndustryTrade Secrets in the Video Game Industry
Trade Secrets in the Video Game IndustryKyle Conklin
 
Vormetric data security complying with pci dss encryption rules
Vormetric data security complying with pci dss encryption rulesVormetric data security complying with pci dss encryption rules
Vormetric data security complying with pci dss encryption rulesVormetric Inc
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsUlf Mattsson
 
Higgins Overview 2008 [Compatibility Mode]
Higgins Overview 2008 [Compatibility Mode]Higgins Overview 2008 [Compatibility Mode]
Higgins Overview 2008 [Compatibility Mode]Markus Sabadello
 
Finger print
Finger printFinger print
Finger printsandycracker93
 
Webinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSWebinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSonionid12
 
OOW 2009 EBS Security R12
OOW 2009 EBS Security R12OOW 2009 EBS Security R12
OOW 2009 EBS Security R12jucaab
 
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access ControlManaging PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access ControlRamesh Nagappan
 
Bezpečnost pro vaše data s minimem úsilí
Bezpečnost pro vaše data s minimem úsilíBezpečnost pro vaše data s minimem úsilí
Bezpečnost pro vaše data s minimem úsilíMarketingArrowECS_CZ
 
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingOracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingDLT Solutions
 

More Related Content

What's hot

IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET Journal
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
 
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...Hitachi ID Systems, Inc.
 
Hitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioningHitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioningHitachi ID Systems, Inc.
 
P hallam baker_keynote
P hallam baker_keynoteP hallam baker_keynote
P hallam baker_keynoteshindeshekhar
 
Enterprise Security Architecture: From Access to Audit
Enterprise Security Architecture: From Access to AuditEnterprise Security Architecture: From Access to Audit
Enterprise Security Architecture: From Access to AuditBob Rhubart
 
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...Hitachi ID Systems, Inc.
 
Integrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCIntegrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCDATAVERSITY
 
Od webcast-cloud-fraud final
Od webcast-cloud-fraud finalOd webcast-cloud-fraud final
Od webcast-cloud-fraud finalOracleIDM
 
Testing cloud services - EuroSTAR
Testing cloud services - EuroSTARTesting cloud services - EuroSTAR
Testing cloud services - EuroSTARJeroen Mengerink
 
Sxsw ppt voice-1
Sxsw ppt voice-1Sxsw ppt voice-1
Sxsw ppt voice-1Dan Miller
 
Trade Secrets in the Video Game Industry
Trade Secrets in the Video Game IndustryTrade Secrets in the Video Game Industry
Trade Secrets in the Video Game IndustryKyle Conklin
 
Vormetric data security complying with pci dss encryption rules
Vormetric data security complying with pci dss encryption rulesVormetric data security complying with pci dss encryption rules
Vormetric data security complying with pci dss encryption rulesVormetric Inc
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsUlf Mattsson
 
Higgins Overview 2008 [Compatibility Mode]
Higgins Overview 2008 [Compatibility Mode]Higgins Overview 2008 [Compatibility Mode]
Higgins Overview 2008 [Compatibility Mode]Markus Sabadello
 
Webinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSWebinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSonionid12
 
OOW 2009 EBS Security R12
OOW 2009 EBS Security R12OOW 2009 EBS Security R12
OOW 2009 EBS Security R12jucaab
 
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access ControlManaging PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access ControlRamesh Nagappan
 

What's hot (20)

IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
 
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...
 
Credexo IDM
Credexo IDMCredexo IDM
Credexo IDM
 
Hitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioningHitachi ID Identity Manager: Self-service and automated user provisioning
Hitachi ID Identity Manager: Self-service and automated user provisioning
 
P hallam baker_keynote
P hallam baker_keynoteP hallam baker_keynote
P hallam baker_keynote
 
Enterprise Security Architecture: From Access to Audit
Enterprise Security Architecture: From Access to AuditEnterprise Security Architecture: From Access to Audit
Enterprise Security Architecture: From Access to Audit
 
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
Hitachi ID Password Manager (formerly P-Synch): Lower cost, improve service a...
 
Integrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCIntegrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLC
 
Od webcast-cloud-fraud final
Od webcast-cloud-fraud finalOd webcast-cloud-fraud final
Od webcast-cloud-fraud final
 
Testing cloud services - EuroSTAR
Testing cloud services - EuroSTARTesting cloud services - EuroSTAR
Testing cloud services - EuroSTAR
 
Sxsw ppt voice-1
Sxsw ppt voice-1Sxsw ppt voice-1
Sxsw ppt voice-1
 
Trade Secrets in the Video Game Industry
Trade Secrets in the Video Game IndustryTrade Secrets in the Video Game Industry
Trade Secrets in the Video Game Industry
 
Vormetric data security complying with pci dss encryption rules
Vormetric data security complying with pci dss encryption rulesVormetric data security complying with pci dss encryption rules
Vormetric data security complying with pci dss encryption rules
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
 
Higgins Overview 2008 [Compatibility Mode]
Higgins Overview 2008 [Compatibility Mode]Higgins Overview 2008 [Compatibility Mode]
Higgins Overview 2008 [Compatibility Mode]
 
Finger print
Finger printFinger print
Finger print
 
Webinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSWebinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSS
 
OOW 2009 EBS Security R12
OOW 2009 EBS Security R12OOW 2009 EBS Security R12
OOW 2009 EBS Security R12
 
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access ControlManaging PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
 

Viewers also liked

Bezpečnost pro vaše data s minimem úsilí
Bezpečnost pro vaše data s minimem úsilíBezpečnost pro vaše data s minimem úsilí
Bezpečnost pro vaše data s minimem úsilíMarketingArrowECS_CZ
 
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingOracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingDLT Solutions
 
How to cuddle your EJBs, Carlo de Wolf
How to cuddle your EJBs, Carlo de WolfHow to cuddle your EJBs, Carlo de Wolf
How to cuddle your EJBs, Carlo de WolfOpenBlend society
 
Tackling Actual Problems on the Wings of the Netbeans Platform, Jure Polutnik
Tackling Actual Problems on the Wings of the Netbeans Platform, Jure PolutnikTackling Actual Problems on the Wings of the Netbeans Platform, Jure Polutnik
Tackling Actual Problems on the Wings of the Netbeans Platform, Jure PolutnikOpenBlend society
 
Memory is the new disk, disk is the new tape, Bela Ban (JBoss by RedHat)
Memory is the new disk, disk is the new tape, Bela Ban (JBoss by RedHat)Memory is the new disk, disk is the new tape, Bela Ban (JBoss by RedHat)
Memory is the new disk, disk is the new tape, Bela Ban (JBoss by RedHat)OpenBlend society
 
Seam 3 from a Web developer’s point of view, Matija Mazi (Parsek)
Seam 3 from a Web developer’s point of view, Matija Mazi (Parsek)Seam 3 from a Web developer’s point of view, Matija Mazi (Parsek)
Seam 3 from a Web developer’s point of view, Matija Mazi (Parsek)OpenBlend society
 
Byteman and The Jokre, Sanne Grinovero (JBoss by RedHat)
Byteman and The Jokre, Sanne Grinovero (JBoss by RedHat)Byteman and The Jokre, Sanne Grinovero (JBoss by RedHat)
Byteman and The Jokre, Sanne Grinovero (JBoss by RedHat)OpenBlend society
 
Oracle数据库高级安全选件ASO介绍
Oracle数据库高级安全选件ASO介绍Oracle数据库高级安全选件ASO介绍
Oracle数据库高级安全选件ASO介绍jenkin
 
SOA architecture patterns, Matjaž Jurič (FRI/Univerza v Ljubljani)
SOA architecture patterns, Matjaž Jurič (FRI/Univerza v Ljubljani)SOA architecture patterns, Matjaž Jurič (FRI/Univerza v Ljubljani)
SOA architecture patterns, Matjaž Jurič (FRI/Univerza v Ljubljani)OpenBlend society
 
National Reference runtime environment, Boris Šaletić (MJU)
National Reference runtime environment, Boris Šaletić (MJU)National Reference runtime environment, Boris Šaletić (MJU)
National Reference runtime environment, Boris Šaletić (MJU)OpenBlend society
 
Java SE 7 - The Platform Evolves, Dalibor Topić (Oracle)
Java SE 7 - The Platform Evolves, Dalibor Topić (Oracle)Java SE 7 - The Platform Evolves, Dalibor Topić (Oracle)
Java SE 7 - The Platform Evolves, Dalibor Topić (Oracle)OpenBlend society
 
Introducing Hibernate OGM: porting JPA applications to NoSQL, Sanne Grinovero...
Introducing Hibernate OGM: porting JPA applications to NoSQL, Sanne Grinovero...Introducing Hibernate OGM: porting JPA applications to NoSQL, Sanne Grinovero...
Introducing Hibernate OGM: porting JPA applications to NoSQL, Sanne Grinovero...OpenBlend society
 

Viewers also liked (13)

Bezpečnost pro vaše data s minimem úsilí
Bezpečnost pro vaše data s minimem úsilíBezpečnost pro vaše data s minimem úsilí
Bezpečnost pro vaše data s minimem úsilí
 
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingOracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and Masking
 
How to cuddle your EJBs, Carlo de Wolf
How to cuddle your EJBs, Carlo de WolfHow to cuddle your EJBs, Carlo de Wolf
How to cuddle your EJBs, Carlo de Wolf
 
Tackling Actual Problems on the Wings of the Netbeans Platform, Jure Polutnik
Tackling Actual Problems on the Wings of the Netbeans Platform, Jure PolutnikTackling Actual Problems on the Wings of the Netbeans Platform, Jure Polutnik
Tackling Actual Problems on the Wings of the Netbeans Platform, Jure Polutnik
 
Memory is the new disk, disk is the new tape, Bela Ban (JBoss by RedHat)
Memory is the new disk, disk is the new tape, Bela Ban (JBoss by RedHat)Memory is the new disk, disk is the new tape, Bela Ban (JBoss by RedHat)
Memory is the new disk, disk is the new tape, Bela Ban (JBoss by RedHat)
 
Oracle Data Masking and Subsettingのご紹介
Oracle Data Masking and Subsettingのご紹介Oracle Data Masking and Subsettingのご紹介
Oracle Data Masking and Subsettingのご紹介
 
Seam 3 from a Web developer’s point of view, Matija Mazi (Parsek)
Seam 3 from a Web developer’s point of view, Matija Mazi (Parsek)Seam 3 from a Web developer’s point of view, Matija Mazi (Parsek)
Seam 3 from a Web developer’s point of view, Matija Mazi (Parsek)
 
Byteman and The Jokre, Sanne Grinovero (JBoss by RedHat)
Byteman and The Jokre, Sanne Grinovero (JBoss by RedHat)Byteman and The Jokre, Sanne Grinovero (JBoss by RedHat)
Byteman and The Jokre, Sanne Grinovero (JBoss by RedHat)
 
Oracle数据库高级安全选件ASO介绍
Oracle数据库高级安全选件ASO介绍Oracle数据库高级安全选件ASO介绍
Oracle数据库高级安全选件ASO介绍
 
SOA architecture patterns, Matjaž Jurič (FRI/Univerza v Ljubljani)
SOA architecture patterns, Matjaž Jurič (FRI/Univerza v Ljubljani)SOA architecture patterns, Matjaž Jurič (FRI/Univerza v Ljubljani)
SOA architecture patterns, Matjaž Jurič (FRI/Univerza v Ljubljani)
 
National Reference runtime environment, Boris Šaletić (MJU)
National Reference runtime environment, Boris Šaletić (MJU)National Reference runtime environment, Boris Šaletić (MJU)
National Reference runtime environment, Boris Šaletić (MJU)
 
Java SE 7 - The Platform Evolves, Dalibor Topić (Oracle)
Java SE 7 - The Platform Evolves, Dalibor Topić (Oracle)Java SE 7 - The Platform Evolves, Dalibor Topić (Oracle)
Java SE 7 - The Platform Evolves, Dalibor Topić (Oracle)
 
Introducing Hibernate OGM: porting JPA applications to NoSQL, Sanne Grinovero...
Introducing Hibernate OGM: porting JPA applications to NoSQL, Sanne Grinovero...Introducing Hibernate OGM: porting JPA applications to NoSQL, Sanne Grinovero...
Introducing Hibernate OGM: porting JPA applications to NoSQL, Sanne Grinovero...
 

Similar to Security for heterogeneous enviroments

Combating "Smash and Grab" Hacking with Tripwire Cybercrime Controls
Combating "Smash and Grab" Hacking with Tripwire Cybercrime ControlsCombating "Smash and Grab" Hacking with Tripwire Cybercrime Controls
Combating "Smash and Grab" Hacking with Tripwire Cybercrime ControlsTripwire
 
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due DiligenceResilient Systems
 
Introduction to Mydex CIC Personal Data Stores - 7th March 2013
Introduction to Mydex CIC Personal Data Stores - 7th March 2013Introduction to Mydex CIC Personal Data Stores - 7th March 2013
Introduction to Mydex CIC Personal Data Stores - 7th March 2013Mydex CIC
 
Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Risk Crew
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Symantec APJ
 
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Symantec APJ
 
Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceOracle
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Emrah Alpa, CISSP CEH CCSK
 
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Andrew Hughes
 
OISC2013_Presentation
OISC2013_PresentationOISC2013_Presentation
OISC2013_PresentationAustin Nagel
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to ComplianceSecurity Innovation
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkPrecisely
 
Electronic data & record management
Electronic data & record managementElectronic data & record management
Electronic data & record managementGreenLeafInst
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 
HXR 2016: Free the Data Access & Integration -Jonathan Hare, WebShield
HXR 2016: Free the Data Access & Integration -Jonathan Hare, WebShieldHXR 2016: Free the Data Access & Integration -Jonathan Hare, WebShield
HXR 2016: Free the Data Access & Integration -Jonathan Hare, WebShieldHxRefactored
 
Lessons in privacy engineering from a nation scale identity system - connect id
Lessons in privacy engineering from a nation scale identity system - connect idLessons in privacy engineering from a nation scale identity system - connect id
Lessons in privacy engineering from a nation scale identity system - connect idDavid Kelts, CIPT
 
2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...David Cunningham
 
Protecting Your Data in the Cloud - CSO - Conference 2011
Protecting Your Data in the Cloud - CSO - Conference 2011 Protecting Your Data in the Cloud - CSO - Conference 2011
Protecting Your Data in the Cloud - CSO - Conference 2011 Ulf Mattsson
 
Sunera Business & Technology Risk Consulting
Sunera Business & Technology Risk ConsultingSunera Business & Technology Risk Consulting
Sunera Business & Technology Risk ConsultingSunera
 

Similar to Security for heterogeneous enviroments (20)

Combating "Smash and Grab" Hacking with Tripwire Cybercrime Controls
Combating "Smash and Grab" Hacking with Tripwire Cybercrime ControlsCombating "Smash and Grab" Hacking with Tripwire Cybercrime Controls
Combating "Smash and Grab" Hacking with Tripwire Cybercrime Controls
 
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - Intel
 
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
 
Introduction to Mydex CIC Personal Data Stores - 7th March 2013
Introduction to Mydex CIC Personal Data Stores - 7th March 2013Introduction to Mydex CIC Personal Data Stores - 7th March 2013
Introduction to Mydex CIC Personal Data Stores - 7th March 2013
 
Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16
 
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
 
Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And Compliance
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
 
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
 
OISC2013_Presentation
OISC2013_PresentationOISC2013_Presentation
OISC2013_Presentation
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
Electronic data & record management
Electronic data & record managementElectronic data & record management
Electronic data & record management
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
 
HXR 2016: Free the Data Access & Integration -Jonathan Hare, WebShield
HXR 2016: Free the Data Access & Integration -Jonathan Hare, WebShieldHXR 2016: Free the Data Access & Integration -Jonathan Hare, WebShield
HXR 2016: Free the Data Access & Integration -Jonathan Hare, WebShield
 
Lessons in privacy engineering from a nation scale identity system - connect id
Lessons in privacy engineering from a nation scale identity system - connect idLessons in privacy engineering from a nation scale identity system - connect id
Lessons in privacy engineering from a nation scale identity system - connect id
 
2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...
 
Protecting Your Data in the Cloud - CSO - Conference 2011
Protecting Your Data in the Cloud - CSO - Conference 2011 Protecting Your Data in the Cloud - CSO - Conference 2011
Protecting Your Data in the Cloud - CSO - Conference 2011
 
Sunera Business & Technology Risk Consulting
Sunera Business & Technology Risk ConsultingSunera Business & Technology Risk Consulting
Sunera Business & Technology Risk Consulting
 

Recently uploaded

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 

Recently uploaded (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 

Security for heterogeneous enviroments

  • 1. 1
  • 2. <Insert Picture Here> Security for Heterogeneous Environments Federman Hoyos IT Solution Architect
  • 3. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 3
  • 4. Your Information Assets Across Heterogeneous Databases Customer Product Employee Finance Clinical Trials 4
  • 5. Your Information Asset Lifecycle Shared with 3rd Parties • Almost 50% of all organizations exposed Production data in non-Production environments • Only 16% have a system in place for deidentifying sensitive data Clinical IT Service Market Business Application Research Providers Research partners Developers 5
  • 6. Your Information Asset Protection Challenge • Ensure comprehensive protection of your information assets across heterogeneous enterprise databases • Reduce information lifecycle costs through automation Clinical IT Service Market Business Application Research Providers Research partners Developers 6
  • 7. Secure Test System Deployments Production Test LAST_NAME SSN SALARY LAST_NAME SSN SALARY AGUILAR 203-33-3234 40,000 SMITH 111—23-1111 60,000 BENSON 323-22-2943 60,000 MILLER 222-34-1345 40,000 7
  • 8. How Secure Test System Deployments Production Test LAST_NAME SSN SALARY LAST_NAME SSN SALARY AGUILAR 203-33-3234 40,000 SMITH 111—23-1111 60,000 BENSON 323-22-2943 60,000 MILLER 222-34-1345 40,000 • Deploy secure test system by masking sensitive data • Sensitive data never leaves the database • Extensible template library and policies for automation • Sophisticated masking: Condition-based, compound, deterministic • Integrated masking and cloning • Leverage masking templates for common data types
  • 9. Data Masking using Oracle Enterprise Manager Centrally controlled. Globally managed. • Monitoring • Performance Diagnostics • Patching & Provisioning • Configuration Management • Data Masking 9
  • 10. Data Masking Methodology Production Non-Production LAST_NAME SSN SALARY LAST_NAME SSN SALARY AGUILAR 203-33-3234 40,000 SMITH 111—23-1111 40,000 BENSON 323-22-2943 60,000 JOHNSON 222-34-1345 60,000 • Find: Catalog and identify sensitive data across enterprise databases • Assess: Define the optimal data masking techniques • Secure: Automate non-production systems through data masking • Test: Ensure the integrity of applications through testing 10
  • 11. FIND: Catalog and identify sensitive data across enterprise databases ASSESS SECURE TEST 11
  • 12. Catalog Sensitive Data in Your Enterprise Databases Person Name Bank Account Number Maiden Name Card Number (Credit or Debit Card Number) Business Address Tax Registration Number or National Tax ID • Business-driven Business Telephone Number Person Identification Number Business Email Address Welfare Pension Insurance Number • Criteria: Custom Name Unemployment Insurance Number Employee Number Government Affiliation ID – Violate government User Global Identifier Military Service ID regulations Party Number or Customer Number Social Insurance Number Account Name Pension ID Number – Violate business Mail Stop Article Number regulations GPS Location Civil Identifier Number Student Exam Hall Ticket Number Hafiza Number – Damage shareholder Club Membership ID Library Card Number Social Security Number Trade Union Membership Number value through loss of Identity Card Number Pension Registration Number • Market capital Instant Messaging Address National Insurance Number • Valuation Web site Health Insurance Number National Identifier Personal Public Service Number • Reputation Passport Number Electronic Taxpayer Identification Number • Customers Driver’s License Number Biometrics Data • Lawsuits Personal Address Digital ID Personal Telephone Number Citizenship Number • Business-driven Personal Email Address Voter Identification Number Visa Number or Work Permit Residency Number (Green Card) 12
  • 13. FIND ASSESS: Define the optimal data masking techniques SECURE TEST 13
  • 14. Comprehensive Mask Formats Mask Primitives and User-extensible Mask Formats • Mask primitives – Simple mask formats • ALPHA • NUMERIC • DATE – Simple mask techniques • SHUFFLE • RANDOMIZE • LOOKUP TABLE Mask formats for common sensitive data Accelerates solution deployment of masking Extensible mask routines Enables customization of business rules Define once, apply everywhere Ensures consistent enforcement of policies 14
  • 15. Mask Definition Associate Mask Formats with Identified Sensitive Columns • Automatic discovery and enforcement of referential integrity • Registration and enforcement of referential integrity when entered as related columns – Application-enforced referential integrity – Business-process based data relationships – Non-Oracle database based referential integrity • Imported via XML generated via SQL against meta data 15
  • 16. FIND ASSESS SECURE: Automate non- production systems through data masking TEST 16
  • 17. Test System Setup for Oracle Databases Creating Test Databases from Production Business T1 BusinessT1 T2 T3 T2 T3 data data T4 T5 T4 T5 Clone App Meta data App Meta data DB dictionary data DB dictionary data Production DB Test DB • Enterprise Manager out-of-the-box workflows • RMAN-based clone-and-masking (Recommended) • Export-Import • Backup and Restore • Transportable Tablespace
  • 18. Test System Setup for non-Oracle Databases Creating Test Databases from Production using Oracle Gateways Business T1 1 BusinessT1 T2 T3 T2 T3 data Clone data T4 T5 T4 T5 Production DB App Meta data App Meta data Test DB DB dictionary data DB dictionary data 2 Database 4 gateway Masking Process 1. Production data copied to Test 2. Sensitive data copied to Staging 3. Sensitive data masked in Staging BusinessT1 3 4. Masked data copied from Staging to Test T2 T3 data 5. Truncate Data in Stage Database T4 T5 Staging DB
  • 19. FIND ASSESS SECURE TEST: Ensure the integrity of applications through testing
  • 20. Auditing your Database Information Sybase Oracle ASE IBM Database Microsoft DB2 SQL Server
  • 21. Why Audit? • Its all about protecting sensitive data, maintaining customer trust, and protecting the business • Trust-but-verify that your employees are only performing operations required by the business • Detective controls to monitor what is really going on • Reduce the curiosity seekers from looking at data • Compliance demands that privileged users be monitored • Know what is going on before others tell you • Cost of compliance • Eliminate costly and complex scripts for reporting • Reduce reporting costs for specific compliance audits • SOX, PCI, HIPAA, SAS 70, STIG 22
  • 22. Database Auditing and Applications Why Auditors Want to Audit Databases • Monitor privileged application user accounts for non- compliant activity • Audit non-application access to sensitive data (credit card, financial data, personal identifiable information, etc) • Verify that no one is trying to bypass the application controls/security • PO line items are changed so it does not require more approvals • Verify shared accounts are not be abused by non- privileged users • Application bypass - Use of application accounts to view application data 23
  • 23. What Do You Need To Audit? Database PCI HIPAA/ SOX Basel II FISMA GLBA Audit Requirements DSS HITECH Accounts, Roles & GRANT changes ● ● ● ● ● ● Failed Logins and other Exceptions ● ● ● ● ● ● Privileged User Activity ● ● ● ● ● ● Access to Sensitive Data (SELECTs…) ● ● ● ● ● Data Changes (INSERT, UPDATE, …) ● ● Schema Changes (DROP, ALTER…) ● ● ● ● ● ● 24
  • 24. Oracle Audit Vault Trust-but-Verify Consolidate and Secure Audit Data Out-of-the Box Compliance Reports Alert on Security Threats Sybase ASE Lower IT Costs With Entitlements & Audit Policies IBM Oracle DB2 Database Microsoft SQL Server 25
  • 25. Oracle Audit Vault Oracle Database Audit Support • Database Audit Tables • Collect audit data for standard and fine-grained auditing • Oracle audit trail from OS files • Collect audit records written in XML or standard text file • Operating system Windows Event Viewer & SYSLOG • Collect Oracle database audit records • Redo log • Extract before/after values and DDL changes to table • Database Vault specific audit records 27
  • 26. 28
  • 27. The Access Reports filter the audit content based on event and categories, such as Data Access: select, insert, update, delete.., and User Sessions: login, logout, etc. The Oracle Audit Vault Auditor’s Guide list the events that are collected and mapped to the categories. 29
  • 28. The Entitlement Reports can be used for internal/external auditors to view Oracle database users and their privileges. You can view all Oracle databases and their users or filter by an individual database to view the privileges. The compare capability provides a report on changes to user privileges from one snapshot time to another. 30
  • 29. The Alerts Report content can be accessed from the Dashboard or you can view all alerts that have been generated at one Alerts can be defined for time. The critical and warning •Directly viewing sensitive columns alert reports track •Creating users on sensitive systems critical and warning •Role grants on sensitive systems alerts. An alert is raised •“DBA” grants on all systems when data in a single •Failed logins for application user audit record matches a predefined alert rule condition. 31
  • 30. Oracle Audit Vault Audit Trail Clean-Up: DBMS_AUDIT_MGMT • Automatically deletes Oracle audit trails from target after they are securely inserted into Audit Vault • Reduces DBA manageability challenges with audit trails Database 1) Transfer audit trail data 3) Delete older 2) Update last inserted record audit records 32
  • 31. Setting Client Identifier with Applications • Any application running on Oracle database can set the client identifier Application sets client_info to User A User A connects Oracle Audit Record Application uses Server client_identifier Application resets client_info to User B Oracle User B Database connects 33
  • 32. Protecting access to your Databases
  • 33.
  • 34. Existing Security Solutions Not Enough Key Loggers Malware SQL Injection Espionage Spear Phishing Botware Social Engineering Database Application Users Application Database Administrators Data Must Be Protected at the Source
  • 35. SQL Injection Review The biggest danger to cyber security Attacks blocked!!! X Data and/or credential theft SQL command Successful Millions of attack attacks Malware injection App Server Database App Server Database Firewall • Successful attack • Implications Attacks logged • Query database • Lost data • Modify data • Monetary theft • Deliver malware • Steal credentials / deny service
  • 36. Oracle Database Firewall First Line of Defense Allow Log Alert Substitute Applications Block Alerts Built-in Custom Policies Reports Reports • Monitor database activity to prevent unauthorized database access, SQL injections, privilege or role escalation, illegal access to sensitive data, etc. • Highly accurate SQL grammar based analysis without costly false positives • Flexible SQL level enforcement options based on white lists and black lists • Scalable architecture provides enterprise performance in all deployment modes • Built-in and custom compliance reports for SOX, PCI, and other regulations
  • 37. Oracle Database Firewall Positive Security Model White List Allow Block Applications • “Allowed” behavior can be defined for any user or application • Whitelist can take into account built-in factors such as time of day, day of week, network, application, etc. • Automatically generate whitelists for any application • Transactions found not to match the policy instantly rejected • Database will only process data how you want and expect
  • 38. Oracle Database Firewall Negative Security Model Black List Allow Block Applications • Stop specific unwanted SQL commands, user or schema access • Prevent privilege or role escalation and unauthorized access to sensitive data • Blacklist can take into account built-in factors such as time of day, day of week, network, application, etc. • Selectively block any part of transaction in context to your business and security goals
  • 39. Oracle Database Firewall Policy Enforcement Log Allow SELECT * FROM Alert accounts Substitute Applications Becomes Block SELECT * FROM dual where 1=0 • Innovative SQL grammar technology reduces millions of SQL statements into a small number of SQL characteristics or “clusters” • Superior performance and policy scalability • Flexible enforcement at SQL level: block, substitute, alert and pass, log only • SQL substitution foils attackers without disrupting applications • Zero day protection without false positives
  • 40. Reporting Speeding deployment means lower cost • Database Firewall log data consolidated into reporting database • Over 130 built in reports that can be modified/customized • Entitlement report for database attestation • Activity and privileged user reports • Supports demonstrating PCI, SOX, HIPAA, etc. • Write your own reports Unique to Oracle 43
  • 41. Oracle Database Firewall Database Activity Masking • Prevents creating yet another database with sensitive and regulated data • Sensitive and regulated information contained in SQL statements can be masked or redacted in real-time prior to being logged • Flexible masking policies allow masking all data or just specific columns • Critical for organizations who want to monitor and log all database activity
  • 42. Oracle Database Firewall Architecture Local Monitor Database Firewalls HA Mode Database Firewall Policy Analyzer Management Server • Low TCO Oracle Enterprise Linux based “software appliance” • Supports Intel-based hardware platforms for vertical and horizontal scalability • Policy enforcement separated from policy management and reporting for scalability and performance • Optional lightweight agents that reside within the database or the OS • Supports Oracle and non-Oracle Databases, and is application agnostic
  • 43. Oracle Database Firewall Fast and Flexible Deployments Application Servers Users Database Out-of-Band Router Firewall Database Servers In-Line Host Based Agent • In-Line: All database traffic goes through the Oracle Database Firewall • Out-of-Band/Passive: Database Firewall connected to a SPAN port or TAP • Optional Host Based Remote or Local Monitors • Can send network traffic from the database host to the Database Firewall • Can send non-network database activity to the Database Firewall to identify unauthorized use of local console or remote sessions
  • 44. Oracle Security Solutions Complete Defense-in-Depth • Comprehensive – single vendor addresses all your requirements • Transparent – no changes to existing applications or databases • Easy to deploy – point and click interfaces deliver value within hours • Cost Effective – integrated solutions reduce risk and lower TCO • Proven – #1 Database with over 30 years of security innovation! Monitoring Auditing Access Encryption & Blocking Control & Masking • Database • Audit Vault • Database • Data Masking Firewall Vault • Label Security • Identity Management
  • 46. En el booth de Oracle Solution Specialist le podemos brindar información sobre los servicios que ofrecemos y de Nuestras Soluciones

Editor's Notes

  1. Add one slide after on database firewall category