F5 Networks Adds To Oracle Database
Download as PPTX, PDF0 likes1,691 views
F5 has added new solutions that combine its BIG-IP Application Security Manager with Oracle Database Firewall to provide stronger protection against SQL injection attacks. The integrated solution monitors and blocks traffic at the web and database layers, tracking application sessions from client to database. When anomalies are detected by the Application Security Manager, they are logged by both the Application Security Manager and Oracle Database Firewall, providing complete visibility of attacks from source to SQL transaction. This ensures administrators have consistent, correlated application monitoring data and web tier attacks are blocked while undetected attacks reaching the database are blocked by the Database Firewall.
F5 Networks Adds To Oracle Database
- 1. F5 Adds Solutions for Oracle Database
- 2. Announcement Highlights, February 14F5 adds to its portfolio of solutions for Oracle DatabaseNew solution combines F5 BIG-IP Application Security Manager with Oracle Database FirewallSolution provides:Strong protection against SQL injection attacks around the web application and databaseAudit data to correlate security events reported by the web application firewall and database firewallLogs user information for attacks and out-of-policy behavior
- 3. Application Trends and Drivers “Webification” of applicationsIntelligent browsers and applicationsIncreasing regulatory requirements (PCI)Untargeted attacks – BOTsTargeted attacks – (D)DoSPublic awareness of breach attempts and data securityTough economy = constrained resources and budgets cuts increased security risks; reduced compliance
- 4. Web applications are at risk SANS reportFocused on patching Operating Systems80% of vulnerabilities are in web apps60% of the attack vectors are web basedReports from 7Safe and Web Hacking Incidents Database stat that 60% of all breach incidents examined involved SQL injection
- 5. F5 and Oracle Solutionsare Engineered to WorkTogether
- 6. F5 and Oracle Solutions areEngineered to Work Together
- 7. F5 BIG-IP Application Security ManagerProvides comprehensive protection of all web application vulnerabilitiesLogs and reports all application traffic and attacksEnables Layer 2 through Layer 7 protectionLearning and Blocking ModesWeb attack typesSQL Injection
- 8. Oracle Database FirewallReal-time database activity monitoring and blockingResponds to each type of threat via either logging, monitoring, alerting, blocking, or substitutingDeployed out-of-band or in-band with heterogeneous database environmentsAvailable as a virtual appliance
- 9. F5 and Oracle Integrated SolutionMonitor and block traffic at the web and database layersApplication sessions tracked from client, to web, to database, and backWhen anomalies are detected by ASM, they are logged by both ASM and Oracle DBFWASM provides user and web context of the attack enabling complete visibility of attack from source IP address, through HTTP page and session to SQL transaction.DBFW can analyze the full SQL transaction to see if the query is out of policy, rather than just a fragment.Ensures that administrators are always able to get consistent, correlated application monitoring dataWeb tier attacks are blocked by ASMUndetected attacks that get to the database are blocked by DBFW
- 10. www.acme.com?id=%27+OR+1%3D1+-How Does it Work?ASM EventUser IdentityExternal UsersAdministratorsAPPLICATIONSInternalUsersNETWORKDATABASESIntegrated LogDBFW Management Server Correlated Syslog EventSIEMWeb Application traffic is secured with ASM,Database traffic is secured with Database Firewall
- 11. Example Report
- 12. Case Study: Large Financial in the UK
- 13. F5 Networks and OracleDeliver application and database security event correlationUnity security information managementMonitor security more easilyProtect applications and databases from unauthorized accessDriving joint customer engagementsAvailable now
Editor's Notes
- #11: User logs into a web applicationF5 identifies possible SQL injection eventSecurity event containint use and web app info is sent from ASM to DBFW via an iRuleDBFW correlates the ASM event with the database traffic logDBFW take an appropriate action (block, alert, pass)Correlated even data is sent to SIEM logEnriched data is available for reporting and forensic analysisIntegrated report is available for distributionIntegrated log entry is generated and stored in DBFW