Post on 18-Nov-2014
description
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 1
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 2
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 3
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 4
Las amenazas están fuera, las vulnerabilidades en el interior
José Manuel Rodríguez de Llano
Sales Manager Seguridad
Oracle Iberia
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 5
This document is for informational purposes. It is not a commitment to
deliver any material, code, or functionality, and should not be relied upon in
making purchasing decisions. The development, release, and timing of any
features or functionality described in this document remains at the sole
discretion of Oracle. This document in any form, software or printed matter,
contains proprietary information that is the exclusive property of
Oracle. This document and information contained herein may not be
disclosed, copied, reproduced or distributed to anyone outside Oracle
without prior written consent of Oracle. This document is not part of your
license agreement nor can it be incorporated into any contractual
agreement with Oracle or its subsidiaries or affiliates.
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 6
SEGURIDAD
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 6
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 7
Evolución
=>
acelerada
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 8
• Recursos constantes
COMPLEJIDAD CRECIENTE
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 9
La Seguridad es una cuestión estratégica El número y complejidad de las amenazas externas aumenta
$1Billón Coste Global del Cibercrimen
$7.2 Millones Coste medio de Fuga de Datos
6M Passwords robadas
12M Tarjetas de crédito robadas
1.3M Cuentas On-line
Sony
SEGA
Ponemon 2011
Security Week Dec 15, 2011
Seven Significant Hacks of 2011 BetaNews
June 6, 2012
McAfee 2010
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 10
El Riesgo amenaza el Negocio Marca, reputación, responsabilidad, valor para el accionista
Sony 3x Reducción del Valor de la Marca
RSA $100M Coste
Societe Generale $7000M Pérdidas
UBS $1000M Pérdidas. Dimisión CEO.
97% Evitables con controles simples
Verizon DBIR 2012 Security Week Dec 15, 2011
Seven Significant Hacks of 2011
Bloomberg June 8 2011
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 11
Las causas están dentro Controles simples en sistemas centrales pueden prevenir la mayoría de fugas
RSA Malware utilizando acceso de
empleado
Societe Generale Trader con permisos excesivos
Sony Tarjetas de Crédito sin cifrar
Linkedin Passwords cifradas ligeramente
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 12
“Most security organizations continue to focus inappropriate attention on network vulnerabilities and reactive network security tools rather than on proactive application security practices”.
La respuesta es..de momento…reactiva
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 13
El Modo Reactivo no funciona Mayor presupuesto de IT dedicado a Seguridad no enfocado en los riesgos
correctos
8.2% Presupuesto IT
2007 14% Presupuesto IT
2010 Endpoint Security
Vulnerability Management
Network Security
Email Security
Other Security
94% contra servidores
66% datos sensibles en
Base de Datos
96% PCI no cumplen
5% Abuso de Privilegios
32% del hacking involucra
credenciales robadas
The Evolution of IT Security 2010 to 2011
Verizon DBIR 2012 & IDC 2011 IDC 2011 :Effective Data Leak Prevention Programs
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 14 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 14
APPLICATIONS
MIDDLEWARE
DATABASE
OPERATING SYSTEM
SERVERS
STORAGE
hacking con credenciales robadas
Registros robados a través de web/app servers
Registros robados de Bases de Datos
Por abuso de privilegios
Ataques contra servidores
Robos de información off-line
Fugas contra servidores de ficheros
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 15 15
Oracle: Seguridad desde el Interior
Datos Aplicaciones Usuarios
BLOG BLOG
Social Social
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 16 16
Oracle: Seguridad desde el Interior
Datos Aplicaciones Usuarios
BLOG BLOG
Social Social
GESTION DE IDENTIDADES
Y ACCESOS
SEGURIDAD
BASE DE DATOS
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 17
Oracle Identity Management 11gR2 Completo, Innovador, Integrado
Gobierno de Identidades
• Gestión de Passwords
• Petición/Aprobación Self-Service
• Provisión basada en Roles
• Monitorización de Políticas
• Certificación de Accesos basada
en riesgo
• Gestión de Usuarios Privilegiados
Gestión de Accesos
• Single Sign-On & Federación
• Seguridad en Web Services
• Autenticación & Prevención del
Fraude
• Autorización
• Acceso desde Dispositivos
Móviles
Directory Services
• Almacenamiento LDAP
• Virtualización de Directorios
• Sincronización LDAP
• Directorio Unificado
...
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 18
Seguridad Oracle para Bases de datos Resumen de Soluciones
• Oracle Advanced Security
• Oracle Database Vault
• Oracle Audit Vault
• Oracle Total Recall
• Oracle Database Firewall
• Oracle Data Masking
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 19
SECURITY UNLOCKS OPPORTUNITY
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 11 19 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 19
Acceso Ubicuo y Móvil.
Seguridad del Centro de
Datos
Peticion de Accesos Agil
Certificación de
“Compliance”
Seguridad en Servicios Web
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 20
90% de las compañias proveerán aplicaciones móviles en 2014
62% de las compañias utilizarán
redes sociales para conectar
con clientes
Guardan credenciales
76% guardan passwords como
texto
10%
58% Construyendo
app stores
corporativas
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 21
Seguridad del
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 22
3
AREAS
DE FOCO
• Pérdida, acceso inapropiado a
• en
operacion y administración
• . Normativas de
proteccion de datos
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 23
Access
Request
Certification
Review
Help Desk
Tickets Access
Control
Off
Boarding
User
Provisioning
y
On-boarding
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 24
CERTIFICACION DE &
Auditoría Certificación Segregación
de Funciones
Control de
Procesos y
Transacciones
Detección
de Fraude
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 24
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 25
PATIENT RECORD
getPatient
PATIENT RECORD
PATIENT RECORD xxxx xx xxx-xx
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 26
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 27