Oracle no longer a 'bastion of security': Gartner

Oracle no longer a 'bastion of security': Gartner

Summary: Oracle no longer a "bastion of security": Gartner

Analyst group Gartner has warned administrators to be "more aggressive" when protecting their Oracle applications because they are not getting enough help from the database giant.

Gartner published an advisory on its Web site just days after Oracle's latest quarterly patch cycle, which included a total of 103 fixes with 37 related to flaws in the company's database products. Some of the flaws carry Oracle's most serious rating, which means they're easy to exploit and an attack can have a wide impact.

According to the advisory, which was posted by Gartner analyst Rich Mogull on Monday, "the range and seriousness of the vulnerabilities patched in this update cause us great concern.… Oracle has not yet experienced a mass security exploit, but this does not mean that one will never occur."

Mogull said that because Oracle has historically been seen as having very strong security and many of Oracle's products are located "deep within the enterprise", administrators often neglect their patching duties.

"Moreover, patching is sometimes impossible, due to ties to legacy versions that Oracle no longer supports. These practices are no longer acceptable," said Mogull who advises administrators to pay more attention to securing their Oracle applications.

Mogull said administrators should:

• Immediately shield these systems as well as possible, using firewalls, intrusion prevention systems and other technologies.

• Apply available patches as rapidly as possible.

• Use alternative security tools, such as activity-monitoring technologies, to detect unusual activity.

• Pressure Oracle to change its security management practices.

In response to the Oracle patch release, Symantec raised its ThreatCon global threat index to Level 2, which means an outbreak is expected. It typically does that after a patch release because malicious hackers might use the fixes as a blueprint for attacks.

CNET's Joris Evers contributed to this report

Topics: Security, Big Data, Data Management, Oracle

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • Data Security - The Begining and the End

    Whilst we continue to base high level and confidential information on PC Servers we will never get away from the potential threat of Virus and Spyware attacks to name a few.

    Whilst we continue to base our distribution of such Databases via insecure comms protocols that we cannot control and are inadequate from the grass roots up- we will never have control.

    Consider a Main Frame. We all remember those. They were capable of 100s and thousands of transactions per second, were imine to Virus and Spyware and we secured their distribution via secure comms.

    Perhaps there is still a role to play for the Mainframe, and whilst I won