Oracle Information InDepth


Oracle Database 12c
Oracle Database 12c Plug into the Cloud

Stay Connected

Oracle Blog Oracle on Twitter Oracle on Facebook Oracle on Youtube Oracle on LinkedIn

June 2014

Subscribe Subscribe Forward Forward

Back to the main page

Five Lessons Learned from an Advanced Persistent Threat

Advanced persistent threats (APT) are a type of sophisticated cyberattack from well coordinated and funded cybercriminals that penetrate an organization slowly and methodically. Their main goal is to gather sensitive, high-value data in industries including public sector, national defense, and technology. In its latest annual Data Breach Investigations Report, Verizon supports recent findings that a unit of the Chinese military known as APT1 stole sensitive data from 141 corporations over the last seven years.

Following revelations about the APT1 attacks, which were first made public in a report by information security company Mandiant, Oracle Database security expert Troy Kitch, principal director of Oracle security software product marketing, looked into the attack and came up with the following five key lessons learned.

Lesson 1: Break-ins Are Fast and Simple
SQL injection attacks take advantage of poorly written application code that enables attackers to communicate through the application tier, directly to the database. Such attacks are easy to implement, and attackers can get in and out within seconds or minutes. It is no surprise they are widely considered the top database security threat. And yet many organizations still lack a clear picture of what SQL injections are and how dangerous they can be.

Solution: Oracle Audit Vault and Database Firewall accurately detects and blocks unauthorized database activity, including SQL injection attacks, by monitoring traffic to Oracle and non-Oracle databases.

Lesson 2: Excessive Privileges Are Common
Too often, database administrators (DBAs) enable “all privileges” when setting up a database, with the assumption that they can never be sure when they might need them. The problem is, these excessive privileges create gaps in security. Then DBAs get busy and these holes are never closed. If the DBA leaves the company or moves to another group, the list of individuals with excess privileges grows longer and more difficult to manage.

Solution: With Oracle Database Vault, you can proactively protect application data from inappropriate access by privileged database users.

Lesson 3: The Evidence of Attacks Is in Front of Us
Abuse of privileged access is not invisible. It can be clearly detected in the form of failed logins, new account creation, privilege grants, and sensitive data reads and writes. However, many organizations aren’t tracking privileged user activities. For example, according to a recent Independent Oracle Users Group survey, only 39 percent of organizations monitor sensitive writes and only 33 percent monitor sensitive reads.

Solution: With Oracle Audit Vault and Database Firewall, you can get reports on consolidated audit data and logs generated by databases, operating systems, directories, file systems, and custom sources—all in a secure, centralized repository.

Lesson 4: It’s Too Easy to Access Data
Once cybercriminals compromise systems, it’s easy for them to maneuver throughout the IT stack. And if sensitive data in production databases is not transparently encrypted, whether at rest or in motion, it is all too easy for attackers to access it. The same goes for data in nonproduction environments, which often goes unmasked.

Solution: Oracle Advanced Security provides transparent data encryption within Oracle Database, and sensitive data redaction at the application tier. Oracle Data Masking allows production data to be safely used for development, testing, or sharing with outsource or off-shore partners for other nonproduction purposes.

Lesson 5: Misconfigurations Help Attackers
Configuration drift is a great way to give attackers the foothold they need to access critical systems. And unfortunately, many DBAs do not track the location of every database in their environments, nor do they track the exact location of sensitive data within those databases.

Solution: With Oracle Database Lifecycle Management Pack, you can simplify standardization and patching of all Oracle Databases to keep configurations aligned and ensure prompt implementation of the latest security updates.

Learn more about Oracle Database security solutions.

Back to Top

Please send questions or comments to

This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor is it subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

  Hardware and Software, Engineered to Work Together

Contact Us | Legal Notices and Terms of Use | Privacy

Oracle Corporation


Oracle Corporation - Worldwide Headquarters, 500 Oracle Parkway, OPL - E-mail Services, Redwood Shores, CA 94065, United States

Your privacy is important to us. You can login to your account to update your e-mail subscriptions or you can opt-out of all Oracle Marketing e-mails at any time.

Please note that opting-out of Marketing communications does not affect your receipt of important business communications related to your current relationship with Oracle such as Security Updates, Event Registration notices, Account Management and Support/Service communications.