KuppingerCole just released a Snapshot report on Oracle Audit Vault and Database Firewall.  It provides a good overview of this product, which recently merged into one combined product, encompassing the functionality previously in two products.  Can you guess their names?  Yep – Oracle Audit Vault and Oracle Database Firewall.

With the new product, Oracle combines these offerings. Notably this is about integration, not just about a suite of two different products.

For example:

The new offering has a single administrator console and fully integrates the two products.  Events generated by the database firewall component are automatically provided to the audit vault component.

Primary features include:

1. Database firewall: detecting and blocking database attacks, including SQL injection attacks, the most common web application threat.
2. Database and “stack” auditing: auditing across the stack, including operating system events, file system events (Oracle ACFS), the databases themselves, and custom audit logs.
3. Separation of duties: segregation between administrators and auditors to avoid fraud on collected audit data; supported by a fine-grain security model.
4. Alerting: flexible configuration of complex alerting conditions, including multi-event alerts with thresholds and group-by.
5. Flexible deployment models: support for a wide range of deployment models, from out-of-band monitoring to full in-line high availability mode.
6. Single administration console: unified administration console to manage all features and policies through a single interface.
7. Compliance reporting: dozens of out of the box reports that can be easily customized through the user interface.

The databases currently supported are Oracle Database, MySQL, SAP Sybase, IBM DB2, and Microsoft SQL Server

 

Mandiant, an American cyber security firm, recently released a 74 page report documenting evidence of cyber attacks by the People’s Liberation Army of the Republic of China:

Since 2004, Mandiant has investigated computer security breaches at hundreds of organizations around the world. The majority of these security breaches are attributed to advanced threat actors referred to as the “Advanced Persistent Threat” (APT). … this report is focused on the most prolific of these groups. We refer to this group as “APT1” and it is one of more than 20 APT groups with origins in China. APT1 is a single organization of operators that has conducted a cyber espionage campaign against a broad range of victims since at least 2006. From our observations, it is one of the most prolific cyber espionage groups in terms of the sheer quantity of information stolen. …

APt1 has systematically stolen hundreds of terabytes of data from at least 141 organizations, and has demonstrated the capability and intent to steal from dozens of organizations simultaneously. APT1 has a well-defined attack methodology, honed over years and designed to steal large volumes of valuable intellectual property. Once APT1 has established access, they periodically revisit the victim’s network over several months or years and steal broad categories of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from victim organizations’ leadership.

This detailed report includes a map showing observed APT1 activity …

 

… and a timeline of observed compromises by industry sector:

 

The report includes a detailed analysis of the APT attack lifecycle and methods for compromising the systems in the targets they attacked:

Detailed background about  the infrastructure used in the attacks and some of the people involved in this work are also included.

The report concludes:

In a State that rigorously monitors Internet use, it is highly unlikely that the Chinese Government is unaware of an attack group that operates from the Pudong New Area of Shanghai. The detection and awareness of APT1 is made even more probable by the sheer scale and sustainment of attacks that we have observed and documented in this report. Therefore the most probable conclusion is that APT1 is able to wage such a long-running and extensive cyber espionage campaign because it is acting with the full knowledge and cooperation of the government. Given the mission, resourcing, and location of PLA Unit 61398, we conclude that PLA Unit 61398 is APT1.

Perhaps this statement from Sun Tzu, in his book, The Art of War, is particularly appropriate in this case:

If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.

Yesterday’s storm toppled a big eucalyptus tree across the backyard fence.

Can you guess what we get to do today?

Last night, I was experimenting with IFTTT to see if it would automatically announce my blog posts on Twitter and LinkedIn.  Last night, it worked on LinkedIn, but not Twitter.  Apparently there was a problem with authentication to my Twitter account. That fixed, it seemed to work just fine this morning … albeit not very quickly.

Much has been written and said recently about using data analytics to mine data for existing or probable security breaches. This morning, thanks to a tweet by @RohanPinto, I learned about a small, but practical application of this science … hunting Zebras.

In a Dark Reading article entitled, “Five Ways To Better Hunt The Zebras In Your Network,” Robert Lemos talked about zebras:

… Not the kind on that roam the African savannah, but the kind that sit at computers behind the corporate firewall.

Zebras are the employees, and their computers, who are doing something odd. Defenders are right to want to protect the zebras in their network, but defenders should occasionally “radio tag” and follow their zebras to see where they go.

He then proposed five steps to fight the zebras who might do you harm

1. Know the network
2. Collect all the data
3. Find the foolish zebras
4. Combine with threat intelligence
5. Check back on your foolish zebras

It is worth the time to read the details of each step.

Happy Hunting!

This morning, I stumbled across a feature of Twitter that allowed me to download an archive of my tweets – all 11,651 of them, dating back to May 2007 when I first got on this crazy ride.  Here is my first, ever so profound tweet …

… and a graphic navigator showing the relative number of tweets I posted each each month.

I am testing a new recipe on IFTTT.com.  If an announcement of this post automatically appears on Twitter, it works.

 

If it works, it will save me a few keystrokes each time I blog, but perhaps more importantly, will demonstrate a simple form of cloud based programming.

In a recent twitter conversation with Andre Koot, he suggested that we needed innovation in both Identity Management and Access Management.  He referred me to his blog, entitled “Let’s Kill the IAM Acroynm.”  Andre suggested:

Identity Management is a process for managing the lifecycle of identities … Access Control is a whole different ballgame …

After reading his blog, it occurred to me that he and I defined those two terms a bit differently.  I promised Andre that I would blog about it.

The diagram below shows how we at Oracle talk about the broad area of Identity and Access Management – encompassing three general areas:

1. Identity Governance is about making sure the right people are granted the right access rights and making sure the wrong ones aren’t
2. Access Management is about enforcing those access rights, within specified policy, when users attempt to access a desire application or system
3. Directory Services provides ways to control where identity information about users and accessed rights are stored.

Does this provide the right demarcation between the various functional areas?  It seems to resonate well with our customers, and provides a valuable model to aid communications.  I’d be happy to hear any feedback you have.

By the way, this diagram is more effective as a PowerPoint build slide.  Let me know and I’d be happy to send you a copy.

On the whiteboard in my office is a statement, “Abundance is born of shared ideas,” which I wrote down when first introduced to the book, “The Emergence of the Relationship Economy.”  We don’t have to look very far to find many examples of how innovation sprang from ideas shared among creative, energetic people, leading to a rich abundance and growth of health, happiness or monetary wealth.  This type of expansive thinking and action results when people look outside their situation in life, whatever it may be, and concentrate on what can be, rather than what is.  This is an Abundance Mentality.

In contrast, a Scarcity Mentality prompts people to look inwardly, concentrating on the supposed constraints of a situation or condition in life.  Perhaps this is no better illustrated that in a video being shared widely on Facebook. “9 Out Of 10 Americans Are Completely Wrong About This Mind-Blowing Fact.”

This video cleverly compares the wealth of the 1% richest people in the US with the rest of us 99 percenters. The graphics are well done, the narration and music are professional.  However, there are at least five glaring errors in the supporting logic:

1. By focusing on relative percentages rather than absolute values of personal wealth, the video infers that somehow the wealth of the 1% automatically diminishes the wealth of everyone else.  After all, the stack of money for a guy on the left side of the chart sure looks smaller than the stack on the right side.
    
2. The video assumes scarcity, rather than abundance – that the sum of all society wealth or individual wealth is constrained to a fixed amount, that individuals are somehow limited in opportunity for growth because the 1% are insanely wealthy.
    
3. The video assumes that “fairness” is defined by a more even distribution of wealth.
    
4. The video infers that if some magic would occur to take the wealth of the 1% and spread it in some more equitable fashion across the rest of us, that we would all be more happy and the world would be a better place.
    
5. The video assumes that monetary wealth is the ultimate measure of success or happiness.  After all, how can I be happy when someone else has more money than I do?
    

 

Please join me and other interested identerati on a live Tweet Chat  about Mobile Identity Management trends and security challenges.

Amit Jasuja, Senior Vice President, Development - Identity Management and Security Products, will host the chat via @OracleIDM.

When?  Tomorrow, March 7th, at 9:00am PST

Please use hashtag #mobileidm in your tweets.

Our last Tweet Chat  (or was it Tweet Jam?) was a great success.  Let’s make this one even better.