Intro Securitday Bilbao

27
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 1

description

 

Transcript of Intro Securitday Bilbao

Page 1: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 1

Page 2: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 2

Page 3: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 3

Page 4: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 4

Las amenazas están fuera, las vulnerabilidades en el interior

José Manuel Rodríguez de Llano

Sales Manager Seguridad

Oracle Iberia

Page 5: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 5

This document is for informational purposes. It is not a commitment to

deliver any material, code, or functionality, and should not be relied upon in

making purchasing decisions. The development, release, and timing of any

features or functionality described in this document remains at the sole

discretion of Oracle. This document in any form, software or printed matter,

contains proprietary information that is the exclusive property of

Oracle. This document and information contained herein may not be

disclosed, copied, reproduced or distributed to anyone outside Oracle

without prior written consent of Oracle. This document is not part of your

license agreement nor can it be incorporated into any contractual

agreement with Oracle or its subsidiaries or affiliates.

Page 6: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 6

SEGURIDAD

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 6

Page 7: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 7

Evolución

=>

acelerada

Page 8: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 8

• Recursos constantes

COMPLEJIDAD CRECIENTE

Page 9: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 9

La Seguridad es una cuestión estratégica El número y complejidad de las amenazas externas aumenta

$1Billón Coste Global del Cibercrimen

$7.2 Millones Coste medio de Fuga de Datos

6M Passwords robadas

12M Tarjetas de crédito robadas

1.3M Cuentas On-line

Linkedin

Sony

SEGA

Ponemon 2011

Security Week Dec 15, 2011

Seven Significant Hacks of 2011 BetaNews

June 6, 2012

McAfee 2010

Page 10: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 10

El Riesgo amenaza el Negocio Marca, reputación, responsabilidad, valor para el accionista

Sony 3x Reducción del Valor de la Marca

RSA $100M Coste

Societe Generale $7000M Pérdidas

UBS $1000M Pérdidas. Dimisión CEO.

97% Evitables con controles simples

Verizon DBIR 2012 Security Week Dec 15, 2011

Seven Significant Hacks of 2011

Bloomberg June 8 2011

Page 11: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 11

Las causas están dentro Controles simples en sistemas centrales pueden prevenir la mayoría de fugas

RSA Malware utilizando acceso de

empleado

Societe Generale Trader con permisos excesivos

Sony Tarjetas de Crédito sin cifrar

Linkedin Passwords cifradas ligeramente

Page 12: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 12

“Most security organizations continue to focus inappropriate attention on network vulnerabilities and reactive network security tools rather than on proactive application security practices”.

La respuesta es..de momento…reactiva

Page 13: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 13

El Modo Reactivo no funciona Mayor presupuesto de IT dedicado a Seguridad no enfocado en los riesgos

correctos

8.2% Presupuesto IT

2007 14% Presupuesto IT

2010 Endpoint Security

Vulnerability Management

Network Security

Email Security

Other Security

94% contra servidores

66% datos sensibles en

Base de Datos

96% PCI no cumplen

5% Abuso de Privilegios

32% del hacking involucra

credenciales robadas

The Evolution of IT Security 2010 to 2011

Verizon DBIR 2012 & IDC 2011 IDC 2011 :Effective Data Leak Prevention Programs

Page 14: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 14 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 14

APPLICATIONS

MIDDLEWARE

DATABASE

OPERATING SYSTEM

SERVERS

STORAGE

hacking con credenciales robadas

Registros robados a través de web/app servers

Registros robados de Bases de Datos

Por abuso de privilegios

Ataques contra servidores

Robos de información off-line

Fugas contra servidores de ficheros

Page 15: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 15 15

Oracle: Seguridad desde el Interior

Datos Aplicaciones Usuarios

BLOG BLOG

Social Social

Page 16: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 16 16

Oracle: Seguridad desde el Interior

Datos Aplicaciones Usuarios

BLOG BLOG

Social Social

GESTION DE IDENTIDADES

Y ACCESOS

SEGURIDAD

BASE DE DATOS

Page 17: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 17

Oracle Identity Management 11gR2 Completo, Innovador, Integrado

Gobierno de Identidades

• Gestión de Passwords

• Petición/Aprobación Self-Service

• Provisión basada en Roles

• Monitorización de Políticas

• Certificación de Accesos basada

en riesgo

• Gestión de Usuarios Privilegiados

Gestión de Accesos

• Single Sign-On & Federación

• Seguridad en Web Services

• Autenticación & Prevención del

Fraude

• Autorización

• Acceso desde Dispositivos

Móviles

Directory Services

• Almacenamiento LDAP

• Virtualización de Directorios

• Sincronización LDAP

• Directorio Unificado

...

Page 18: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 18

Seguridad Oracle para Bases de datos Resumen de Soluciones

• Oracle Advanced Security

• Oracle Database Vault

• Oracle Audit Vault

• Oracle Total Recall

• Oracle Database Firewall

• Oracle Data Masking

Page 19: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 19

SECURITY UNLOCKS OPPORTUNITY

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 11 19 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 19

Acceso Ubicuo y Móvil.

Seguridad del Centro de

Datos

Peticion de Accesos Agil

Certificación de

“Compliance”

Seguridad en Servicios Web

Page 20: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 20

90% de las compañias proveerán aplicaciones móviles en 2014

62% de las compañias utilizarán

redes sociales para conectar

con clientes

Guardan credenciales

76% guardan passwords como

texto

10%

58% Construyendo

app stores

corporativas

Page 21: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 21

Seguridad del

Page 22: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 22

3

AREAS

DE FOCO

• Pérdida, acceso inapropiado a

• en

operacion y administración

• . Normativas de

proteccion de datos

Page 23: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 23

Access

Request

Certification

Review

Help Desk

Tickets Access

Control

Off

Boarding

User

Provisioning

y

On-boarding

Page 24: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 24

CERTIFICACION DE &

Auditoría Certificación Segregación

de Funciones

Control de

Procesos y

Transacciones

Detección

de Fraude

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 24

Page 25: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 25

PATIENT RECORD

getPatient

PATIENT RECORD

PATIENT RECORD xxxx xx xxx-xx

Page 26: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 26

Page 27: Intro Securitday Bilbao

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 27


Bilbao photo gallery

Bilbao photo gallery

BILBAO - UACES€¦ · BILBAO RESEARCH PROGRAMME 2 0 1 5. Bilbao 2015 #UACES2015. Bilbao 2015 #UACES2015 3 Research Session 1: Monday 7 September, 11:00-12:30 101: EU-China Relations:

BILBAO - UACES€¦ · BILBAO RESEARCH PROGRAMME 2 0 1 5. Bilbao 2015 #UACES2015. Bilbao 2015 #UACES2015 3 Research Session 1: Monday 7 September, 11:00-12:30 101: EU-China Relations:

Bilbao Arte

Bilbao Arte

Metro Bilbao

Metro Bilbao

Chas spradbery wgk bilbao

Chas spradbery wgk bilbao

Bilbao 2016

Bilbao 2016

PUERTO DE DECEMBER BILBAO NEWS The city of Bilbao gains ...€¦ · The city of Bilbao gains 100,000 square meters in . Zorroza 2020 in sight. The Port Authority of . Bilbao has transferred

PUERTO DE DECEMBER BILBAO NEWS The city of Bilbao gains ...€¦ · The city of Bilbao gains 100,000 square meters in . Zorroza 2020 in sight. The Port Authority of . Bilbao has transferred

Space Invaders Bilbao

Space Invaders Bilbao

Bilbao Training

Bilbao Training

Bilbao Crystallographic Server

Bilbao Crystallographic Server

Port of Bilbao: Annual Report 2015 Bilan 2015 du Port de Bilbao · 2016-06-09 · 09 REPORT PORT OF BILBAO BILAN DU PORT DE BILBAO 2015 * In absolute terms En termes absolus 2014

Port of Bilbao: Annual Report 2015 Bilan 2015 du Port de Bilbao · 2016-06-09 · 09 REPORT PORT OF BILBAO BILAN DU PORT DE BILBAO 2015 * In absolute terms En termes absolus 2014

SENSACIONES DE BILBAO

SENSACIONES DE BILBAO

Bilbao 2014

Bilbao 2014

Invest In Bilbao

Invest In Bilbao

Bilbao´s History.pptx

Bilbao´s History.pptx

BANCO BILBAO VIZCAYA ARGENTARIA, S.A. BANK BILBAO … · 4/6/2017  · BANCO BILBAO VIZCAYA ARGENTARIA, S.A. (Exact name of Registrant as specified in its charter) BANK BILBAO VIZCAYA

BANCO BILBAO VIZCAYA ARGENTARIA, S.A. BANK BILBAO … · 4/6/2017  · BANCO BILBAO VIZCAYA ARGENTARIA, S.A. (Exact name of Registrant as specified in its charter) BANK BILBAO VIZCAYA

BILBAO, LA RÍA

BILBAO, LA RÍA

Bilbao - Cultures of football

Bilbao - Cultures of football

MODEL ARCTIC COUNCIL BILBAO · 2019-11-30 · MAC Bilbao 2020 Delegate Guide 1 1. Overview Model Arctic Council Bilbao (MAC Bilbao) is a simulation of the real-world Arctic Council.

MODEL ARCTIC COUNCIL BILBAO · 2019-11-30 · MAC Bilbao 2020 Delegate Guide 1 1. Overview Model Arctic Council Bilbao (MAC Bilbao) is a simulation of the real-world Arctic Council.

Bilbao La Vieja

Bilbao La Vieja