eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
Asserting that a new approach is needed to combat cyber-crime, Oracle chairman Larry Ellison introduced two new cloud security suites at Oracle OpenWorld that rely primarily on machine learning to automatically detect and resolve threats rather than rely on human intervention.
“Companies are losing the cyber war every year and it’s getting worse,” said Ellison. That’s because, in Ellison’s view, companies are relying too heavily on humans to protect their computer systems, which are under attack by highly sophisticated computer-generated threats.
“We have to re-prioritize and think about how we defend our systems, because if it’s our people versus their computers, we’re going to lose that war. It has to be our computers against theirs,” Ellison said.
In his initial OpenWorld keynote on Oct. 1, Ellison detailed the Oracle Autonomous Database set for release in December with multiple built-in security features. For example, it configures and applies security patches automatically rather than requiring IT administrators to implement patches manually during scheduled downtime.
The recent cyber-attack that led to the theft of credit card and personal information of 145.5 million Americans held by the Equifax credit reporting company was caused by a failure to apply an available security patch to Apache Struts, Equifax has confirmed.
But Ellison said the Autonomous Database is only part of a complete security solution. The two new cloud suites, Oracle Identity Security Operations Center and the Oracle Management Cloud, use machine learning to identify anomalies throughout a company’s IT on premises and cloud data infrastructure to remediate security threats.
“We are using the same technology, machine learning, that is the foundation of self-driving cars and facial recognition and applying it to new areas—autonomous dataset recognition and our highly automated security and compliance cloud,” he said.
“I’m not saying it’s never going to make a mistake,” Ellison added later. “But it’s much less likely than a team of humans managing security.”
The Oracle Security Monitoring and Analytics Cloud Service has security incident and event management (SIEM), as well as user and entity behavioral analytics (UEBA). These features are powered by cloud activity monitoring and threat detection from the Oracle Cloud Access Security Broker service, identity context from Oracle Identity Cloud Service and operational telemetry and logs from Oracle Management Cloud.
Oracle said all of this security and operational telemetry is accessible from the proverbial “single pane of glass” or dashboard showing results across both public and hybrid cloud environments.
“It’s all of your assets, all your users, all the data, everything,” said Ellison. “The system will direct the database to patch itself, or if it’s a different kind of asset, to run a script to remediate an asset that cannot protect itself.”
Ellison was also careful to note that customers can choose to implement the automated security features selectively. So, for example, if a customer wants security personnel to be alerted when an employee visits a suspicious IP address, it can be set up that way. Under the automated system, one option is to have that user’s password automatically reset or require multi-factor authentication.
As is usually the case with Ellison speeches, he had to pick on at least one competing vendor. In this case it was Splunk which he credited with inventing the category of log analytics and being the best at doing it.
“But the log data analytics are left in separate silos and it’s hard to analyze them or you have to use third party tools to do an analysis,” said Ellison.
More importantly, he noted Splunk doesn’t offer automatic remediation of the anomalies it finds, such as someone using hacker tools to try and uncover a user’s password. You need a separate system to address such security issues.
By contrast, he said Oracle offers a single integrated system that keeps track of all a company’s software, data and user behaviors to distinguish normal or abnormal activity. “And most importantly, it remediates those problems,” he said.