2. Announcement Highlights, February 14 F5 adds to its portfolio of solutions for Oracle Database New solution combines F5 BIG-IP Application Security Manager with Oracle Database Firewall Solution provides: Strong protection against SQL injection attacks around the web application and database Audit data to correlate security events reported by the web application firewall and database firewall Logs user information for attacks and out-of-policy behavior
3. Application Trends and Drivers “Webification” of applications Intelligent browsers and applications Increasing regulatory requirements (PCI) Untargeted attacks – BOTs Targeted attacks – (D)DoS Public awareness of breach attempts and data security Tough economy = constrained resources and budgets cuts increased security risks; reduced compliance
4. Web applications are at risk SANS report Focused on patching Operating Systems 80% of vulnerabilities are in web apps 60% of the attack vectors are web based Reports from 7Safe and Web Hacking Incidents Database stat that 60% of all breach incidents examined involved SQL injection
5. F5 and Oracle Solutionsare Engineered to WorkTogether
6. F5 and Oracle Solutions areEngineered to Work Together
7. F5 BIG-IP Application Security Manager Provides comprehensive protection of all web application vulnerabilities Logs and reports all application traffic and attacks Enables Layer 2 through Layer 7 protection Learning and Blocking Modes Web attack types SQL Injection
8. Oracle Database Firewall Real-time database activity monitoring and blocking Responds to each type of threat via either logging, monitoring, alerting, blocking, or substituting Deployed out-of-band or in-band with heterogeneous database environments Available as a virtual appliance
9. F5 and Oracle Integrated Solution Monitor and block traffic at the web and database layers Application sessions tracked from client, to web, to database, and back When anomalies are detected by ASM, they are logged by both ASM and Oracle DBFW ASM provides user and web context of the attack enabling complete visibility of attack from source IP address, through HTTP page and session to SQL transaction. DBFW can analyze the full SQL transaction to see if the query is out of policy, rather than just a fragment. Ensures that administrators are always able to get consistent, correlated application monitoring data Web tier attacks are blocked by ASM Undetected attacks that get to the database are blocked by DBFW
10. www.acme.com?id=%27+OR+1%3D1+- How Does it Work? ASM Event User Identity External Users Administrators APPLICATIONS Internal Users NETWORK DATABASES Integrated Log DBFW Management Server Correlated Syslog Event SIEM Web Application traffic is secured with ASM, Database traffic is secured with Database Firewall
13. F5 Networks and Oracle Deliver application and database security event correlation Unity security information management Monitor security more easily Protect applications and databases from unauthorized access Driving joint customer engagements Available now
Editor's Notes
User logs into a web applicationF5 identifies possible SQL injection eventSecurity event containint use and web app info is sent from ASM to DBFW via an iRuleDBFW correlates the ASM event with the database traffic logDBFW take an appropriate action (block, alert, pass)Correlated even data is sent to SIEM logEnriched data is available for reporting and forensic analysisIntegrated report is available for distributionIntegrated log entry is generated and stored in DBFW