Welcome!

If everyone is thinking the same, someone isn't thinking

Lori MacVittie

Subscribe to Lori MacVittie: eMailAlertsEmail Alerts
Get Lori MacVittie via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Blog Feed Post

F5 Friday: Two Heads are Better Than One
By Lori MacVittie
Article Rating:
February 18, 2011 06:03 AM EST
Reads:
 486

Detecting attacks is good, being able to do something about it is better. F5 and Oracle take their collaborative relationship even further into the data center, integrating web application and database firewall solutions to improve protection against web and database-focused attacks.

f5friday

It is often the case that organizations heavily invested in security solutions designed to protect critical application infrastructure, such as the database, are unwilling to replace those solutions in favor of yet another solution. This is not necessarily a matter of functionality or trust, but a decision based on reliance on existing auditing and management solutions that are a part of the existing deployment. More information is good, but not if it simply becomes an entry in a log somewhere that is disconnected and not integrated into existing operational security processes.

Organizations already heavily invested in Oracle technologies are likely to consider deploying the Oracle Database Firewall to protect their critical business information residing in their Oracle database. As enterprise customers deploy more web-based database applications, IT continues to face the challenge of securing both application and database environments from threats such as SQL injection and cross-site scripting attacks. By using F5 and Oracle solutions together, customers can now benefit from enhanced protection for web-based database applications without unnecessarily increasing the auditing burden imposed by additional logging.

quote-badge “70% of the top 100 most popular Web sites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites.” (Websense, 2009)

-- WhiteHat/F5, “Strategically Blocking Cross-Site Scripting and SQL Injection Attacks” pdf-icon


This collaborative solution pairs F5 BIG-IP® Application Security Manager (ASM) and Oracle Database Firewall to provide comprehensive database security from the application layer down to the database. Oracle Database Firewall monitors traffic between applications and the database to detect and prevent SQL injection, privilege or role escalation attacks, and others. Because its target is the database, it uses an innovative SQL grammar analysis approach that is highly accurate and scalable. Unlike web application firewalls, it analyzes the intent of the SQL statements sent to the database. It is not dependent on recognizing the syntax of known security threats, and can therefore block previously unseen attacks, including those targeted against an organization. ASM, on oracle bigip db securitythe other hand, focuses on the detection and prevention of attacks at the application layer – including SQL injection – and through integration with Oracle Database Firewall ASM can notify the database firewall of the incoming threat. Such notification includes the context of the request – including user identity, session, IP address and time – that is subsequently logged and acted upon according to Oracle Database Firewall policies, enabling a more comprehensive report of attacks.

Because this integration allows operators and administrators to correlate attacks with users, it can better enable the identification of attacks originating from inside the organization – such as from compromised desktops or servers – which can then be leveraged as a means to eradicate potential internal attack vectors such as bots and other trojans proliferating of late throughout the enterprise. That’s important, because a study conducted last year by Microsoft found that over 2.2 million PCs in the U.S. were part of botnets, and that the U.S. is the “number one country consumed with botnet PCs.” With so many potential avenues of attack both internal and external to the organization, there simply can’t be something as too much protection.

This F5 component of the solution is included with BIG-IP Application Security Manager at no additional fee. Customers can contact their Oracle representative for pricing on Oracle Database Firewall. For more information on Oracle Database Firewall, please visit www.oracle.com/technetwork/database/database-firewall/index.html.

Connect with Lori: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1] rss[8]

AddThis Feed Button Bookmark and Share

Related Resources:

<

Read the original blog entry...

Published February 18, 2011 – Reads 486
Copyright © 2011 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

More Stories By Lori MacVittie

Lori MacVittie is responsible for education and evangelism of application services available across F5’s entire product suite. Her role includes authorship of technical materials and participation in a number of community-based forums and industry standards organizations, among other efforts. MacVittie has extensive programming experience as an application architect, as well as network and systems development and administration expertise. Prior to joining F5, MacVittie was an award-winning Senior Technology Editor at Network Computing Magazine, where she conducted product research and evaluation focused on integration with application and network architectures, and authored articles on a variety of topics aimed at IT professionals. Her most recent area of focus included SOA-related products and architectures. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University.