Oracle purchased Secerno 14 months ago. It was advertised as a database firewall to block malicious queries and certain types of attacks. What they have presented looks like a plausible method of protecting databases once an attack is known but before the patch is applied. And as we know many Oracle shops don’t apply security (or any) patches on a quarterly basis. They may patch on a yearly basis. Secerno looks like a temporary fix to help these companies.
Last week Oracle released a new Critical Patch Update for July 2011. At least one of the defects it addresses is a remote exploit that allows an attacker to take over the secure backup facility without credentials, and another allows for a complete compromise of JRockit middleware – a serious problem. Both rank ‘10’ on Oracle’s badness meter. In case that wasn’t enough, the CPU also patches couple core remotely exploitable (although admittedly difficult to hit) RDBMS issues. So I strongly suggest you patch your databases ASAP. But that’s not the reason for this post.
I’m concerned because I see no indication Secerno has distributed attack signatures for this Oracle CPU to its users. For remote exploits I would expect these to be published, but I have not found them.
So my question is this: Are any Secerno users using the product to block the current threats? Have you received updated signatures to address the CPU patches?
If so, please shoot me an email (it’s alane at Securosis with the dot com at the end). I’d like to know how this is working for you. If you are using any DAM products for blocking, I welcome your input.