Back to the main page
New Tools Help Agencies Defend Against Today's Most Sophisticated Hackers
Government agencies have long been a favorite target for cybercriminals seeking financial gain and nation-states attempting to steal sensitive information through stealthy, advanced, ongoing attacks. As these exploits become more common and sophisticated, IT managers at federal, regional, and local agencies need new strategies to protect themselves.
Paul Laurent, Oracle public sector director of cybersecurity strategy, says, "Given the resources nation-states and criminal hackers have today, it's not enough to try to keep hackers out. There's a good possibility that an organization's internal IT systems will be breached, so agencies must also be able to detect, respond, and recover from these attacks."
Q: What new security risks should agencies be concerned with?
A: The threats to government agencies from nation-states and cybercriminals has been growing recently. In the past, these hackers focused on the private sector primarily to steal credit card data for financial fraud. But now, hackers are looking for new types of exploits, and they're targeting citizen data to use for financial gain. For example, they may want information held by agencies to take out a second line of credit on someone's house or steal medical information to get access to someone's prescription pain medication to sell illegally.
Q: How can agencies better defend themselves?
A: The National Institute of Standards and Technology (NIST) employs the best and brightest minds when it comes to developing security standards. NIST's Special Publication 800-53 provides a comprehensive set of controls for protecting against the threats to government services, citizen data, and national infrastructure such as power grids and water supplies.
Q: How does Oracle help agencies address security challenges?
A: We design our technology stack with applicable NIST standards in mind, in many cases working with NIST to certify security tools to applicable standards. For Oracle's engineered systems, that design focus gives IT managers greater visibility throughout the entire stack to detect anomalous activity. Management tools within engineered systems, such as Oracle Enterprise Manager, offer visibility into performance that can help IT managers spot problems.
Q: What other areas are important for security strategies?
A: Agencies face new security challenges from the greater use of mobile applications. Oracle Mobile Security Suite gives IT managers a way to create secure containers to protect sensitive information on mobile devices. The data doesn't reside on the device itself, but is presented and accessed in a secure, temporary session. There's no risk of the session information falling into the wrong hands if the hardware is lost or stolen. Also, the technology relies on open standards, allowing agencies the greatest flexibility in their mobile strategy and device support planning.
Another area to focus on is the valuable security information enterprises routinely collect in audit logs. Oracle Audit Vault and Database Firewall enables IT managers to perform detailed audits to help identify risks. For example, if someone attempts and fails multiple times to log into a database, the solution sends off a proactive alert. It also protects audit logs against being tampered with.
Watch a webcast featuring Paul Laurent, "Next-Generation Security to Protect Government Cyberspace."
Learn more about Oracle security solutions for the public sector.
Learn more about the full breadth of Oracle security solutions.
Learn more about Oracle solutions for mobile security.
To regularly receive more information about Oracle security and identity management solutions, subscribe to the free Oracle Security Inside Out newsletter.