Only Ho-Hum Security Holes Ahead For In-Memory DB

  /     /     /  
Publicated : 22/11/2024   Category : security


Only Ho-Hum Security Holes Ahead For In-Memory DB


Oracles new performance features shouldnt pose any unique risks, experts say



Coming out of its annual conference last week, Oracle made it clear that its moving to stave off big data vendors plays for its core database business. Part of that strategy was a visible launch of an in-memory database processing option that Larry Ellison said speeds query processing by orders of magnitude and doubles transaction processing rates. But what of security? Often big performance gains can bring with them equally big headaches, but at this point many database security experts say that in-memory functionality wont add too many unique security threats to the enterprise environment.
I do not foresee any new attack vectors on in-memory databases, says Adrian Lane, analyst and CTO for Securosis. I believe the motivation is to counter some of the loss of business to customers that are adopting in-memory flavors of big data.
[Your organizations been breached. Now what? See
Establishing The New Normal After A Breach
.]
In some ways, Oracles strategy could actually help organizations minimize risk while still reaping comparable performance to big data storage models that may not be as much of a known commodity as the traditional relational database management system. According to an
InformationWeek Reports analysis written by Lane earlier this year
, big data security is very much different than relational database security due to the distributed architecture that poses a unique challenge.
According to Josh Shaul, CTO of database security vendor Application Security Inc., the added option of in-memory caching shouldnt change the database model enough to shift any security paradigms.
Im speculating that the in-memory 12c database wont have much of a different security profile than your typical disk-based system, Shaul says.
A vocal critic of Oracles security missteps in the past, Shaul says that Oracle did a lot of good work in developing additional security features to Oracle Database 12c.
Hopefully all of those security features will be present when you run 12c in-memory, he says. The performance numbers Oracle is touting will be very attractive to many of their clients that struggle to work with massive quantities of data -- itd be great to see those performance problems solved in a secure environment.
While it is still too early to know where exactly security researchers might set their sights to pick apart the new option, Imperva CTO Amichai Shulman says that beyond the usual number of bugs that can be found in complex software like 12c, the new in-memory functionality could potentially pile on additional risk of denial-of-service (DoS).
I think that from a security perspective, the added risk introduced by such an offering is of DoS due to fast, uncontrolled memory consumption, Shulman says.
But enterprises should remember not to be complacent about those usual bugs -- theyre probably lurking there in this first iteration of the new feature, says Slavik Markovich, vice president and CTO of database security for McAfee.
Whenever a company introduces a big new something, they introduce also a lot of security issues with it, says Markovich, explaining that security always comes second to functionality. Just as recently as the release of Oracle 12c, they introduced a lot of features, and while introducing these great features, they also introduce security issues. Ive already personally seen 10 new zero-day vulnerabilities that could really compromise your database that are being reported to Oracle now.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Only Ho-Hum Security Holes Ahead For In-Memory DB