capgemini technology vision oracle database firewall

Oracle Database FirewallJohan Louwers - Global Oracle Architect Office

Technology Vision

2Copyright © Capgemini 2015. All Rights ReservedGlobal Oracle Architect Office

Oracle Database Firewall“Putting things into perspective ”

High level product overviewStandard firewall implementations protecting your database only in a way that they prevent connections on a network layer level while allowing all SQL statements over a allowed network connection. This holds that a traditional network firewall only provides a limited level of security and keeping your database vulnerable for attacks on a SQL level.

• First line of defense: Transparently detect and block SQL injection attacks, privilege escalation, and other threats against Oracle, Microsoft SQL Server, IBM DB2, SAP Sybase, and MySQL databases

• Faster response: Automatically detect unauthorized database activities that violate security policies, and thwart perpetrators from covering their tracks

• Simplified compliance reporting: Easily analyze audit and event data and take action in a timely fashion with out-of-the-box compliance reports

3Copyright © Capgemini 2015. All Rights ReservedGlobal Oracle Architect Office

Oracle Database Firewall“getting a bit technical”

The technical foundationThe Oracle database firewall is a software based “appliance” which will form a “man in the middle” solution to tap into and evaluate SQL statements send to the database. Based upon the implemented rules SQL statements will be send to the database or will be blocked.

• Accurately detects and blocks unauthorized database activity including SQL injection attacks by monitoring traffic to Oracle and non-Oracle databases

• Consolidates audit data and logs generated by databases, operating systems, directories, file systems, and custom sources into a secure centralized repository

• Provides enterprise security intelligence and efficient compliance reporting by combining monitoring and audit data

• Utilizes a unique SQL grammar analysis engine and easy-to-define whitelists and blacklists to ensure high accuracy and performance

• Delivers horizontal and vertical scalability through easy-to-deploy "software appliances

4Copyright © Capgemini 2015. All Rights ReservedGlobal Oracle Architect Office

Oracle Database Firewall“Building an example use case”

Building an example use caseIn this example we have a number of Oracle databases containing sensitive customer data. Applications connected to the database are considered “safe” however the database needs to be protected against the possibility that an attacker gains access to the application server and starts to query the database with the found login credentials.

1) Application server which is in need to connect to the database

2) A network firewall protects the database on a network layer level

3) The Oracle database firewall checks all the SQL statements to verify only allowed SQL statements are passed through to the database

4) The database only receives allowed SQL statements from the application servers as they are filtered by the database firewall

5) All firewall events are logged to the Oracle Audit Vault to ensure they are kept save and can be used during a investigation

6) Auditors and security staff are informed with alerts in case of suspicious traffic. Reports are generated for auditing purposes

1 3 4

56

NetworkFirewall

2

5Copyright © Capgemini 2015. All Rights ReservedGlobal Oracle Architect Office

Capgemini services and solutionsCapgemini provides a wide range of services and solutions for Oracle technology and the required security that should accompany the IT footprint in which Oracle technology is used. Specifically for Oracle database firewall solutions Capgemini provides (among others) the below services

• Architecture servicesCapgemini provides a wide range of architecture services on Oracle Technology also including security architecture services.

• Implementation servicesImplementation of the Oracle Database Firewall and other security features can be provided by the Capgemini Oracle teams

• Maintenance servicesDay to day maintenance of both software and hardware used to operate a Oracle database firewall can be provided by Capgemini.

• Security watch services• 24*7 active monitoring and acting upon security related incidents in line by the

Capgemini international monitoring and operating centre can be provided.

• Hosting and housing servicesHosting and housing of the required infrastructure as well as the maintenance can be done from within one of the global Capgemini datacenters.

Oracle Database Firewall“Working with Capgemini”

6Copyright © Capgemini 2015. All Rights ReservedGlobal Oracle Architect Office

Capgemini Oracle Architect Office – Background Information

7Copyright © Capgemini 2015. All Rights ReservedGlobal Oracle Architect Office

Capgemini - Global Oracle Architect Office“Capgemini OAO key mission”

Technology StandardsCreating and maintaining the global oracle technology standards and implementation roadmaps to ensure customers receive the Oracle & Capgemini best practice based solutions to provide the most optimal business value.

Technology VisionIdentifying, tracking, prototyping and developing new solutions and technologies, using a combination of forward-thinking visionary and practical realism to provide customers a practical future roadmap and a clear direction.

Technology SolutionsEnsuring that the technological solutions created by both Oracle and Capgemini are positioned as a unified solution for our customer and the most optimal technological advantages of the products are used.

Business ValueProviding customers with the most optimal business value with the lowest TCO to support customer is accelerating in their day to day operations and achieving there goals with Oracle technology as an enabler.

TechnologyVision

TechnologyStandards

TechnologySolutions

BusinessValueOAO

8Copyright © Capgemini 2015. All Rights ReservedGlobal Oracle Architect Office

TechnologyVision

TechnologyStandards

TechnologySolutions

BusinessValueOAO

Capgemini - Global Oracle Architect Office“Capgemini OAO core team”

Sunil KrishnanunniSenior Architect – Asia PacificSunil.Krishnanunni@capgemini.com

Del AlbrechtSenior Architect – North AmericaDelwin.Albrecht@capgemini.com

Johan LouwersLead Architect – Global (EMEA)Johan.louwers@capgemini.com

Global Oracle Architect Office contact:GlobalOAO.bnl@capgemini.com

The information contained in this presentation is proprietary.© 2014 Capgemini. All rights reserved.

www.capgemini.com

About CapgeminiWith almost 140,000 people in 40 countries, Capgemini is one of the world’s foremost providers of consulting, technology and outsourcing services. The Group reported 2013 global revenues of EUR 10.1 billion. Together with its clients, Capgemini creates and delivers business and technology solutions that fit their needs and drive the results they want. A deeply multicultural organization, Capgemini has developed its own way of working, the Collaborative Business ExperienceTM, and draws on Rightshore®, its worldwide delivery model.

Rightshore® is a trademark belonging to Capgemini