Oracle Doubles Down on Cloud Security With CASB, WAF, DDoS Protection

At OpenWorld 2018, Oracle announces a series of new security capabilities to help protect its cloud customers.

Oracle Cloud WAF

At OpenWorld 2018 on Oct. 23, Oracle announced a series of new cloud security technologies, providing organizations with enhanced capabilities to defend against attacks.

Among the new security capabilities is a Web Application Firewall (WAF) to help protect Oracle Cloud Infrastructure customers from web application attacks. Oracle is also adding distributed denial-of-service (DDoS) protection to defend against high-volume bandwidth attacks. Additionally, the Oracle Cloud Access Security Broker (CASB) is being integrated, providing policy control for cloud users. Finally, Oracle is launching a Key Management Service for its cloud users.

"We're not thinking about security as a market in and of itself, but rather as a fully integrated, core principle of everything that we do in our cloud," Kyle York, vice president of product strategy and general manager of Oracle's Dyn business unit, told eWEEK. "So from the core of the decisions we make and building data centers, to how we allow access to those data centers, to how we build our compute, network and storage architectures, everything we do has security as the No. 1 de facto point we need to solve."

York joined Oracle via the acquisition of DNS services vendor Dyn in 2016, a few months after the company was the victim of a massive DDoS attack that crippled many popular online services, including Twitter, Reddit, Spotify, GitHub and Soundcloud, among others. The experience Dyn gained from that attack now helps to inform Oracle on how to properly defend its cloud. Oracle's new cloud security also benefits from cyber-security technology from Zenedge, which is a company that Oracle acquired in April 2018.


The WAF technology is based on technology from Zenedge and provides application layer protection from threats. Laurent Gil, co-founder of Zenedge and currently a security product strategy architect at Oracle Dyn, explained that the new Oracle WAF is able to make use of open-source rules from the ModSecurity WAF project, though the core of the WAF is based on Zenedge's proprietary technology.

"We use a lot of machine learning techniques, and we use a lot of automation, which is probably the key characteristic of the application security platform," Gil told eWEEK.


The DDoS protection feature is an amalgamation of capabilities from Dyn and Zenedge that Oracle has now brought together to help protect Oracle Cloud Infrastructure against globally distributed and volumetric attacks.

"So we sit on about 240 billion data points per day of internet traffic patterns, and we look for anomalous activities and we protect against things based on real-time learning and machine learning," York said. "When you think of the network from a DDoS perspective, we're leveraging a lot of the capability of Dyn and Zenedge, where we operate always-on network operations centers and security operations centers."

The announcement at OpenWorld was all about protecting customers running on Oracle Cloud Infrastructure, though York hinted that in the future the service will expand to protect other types of deployments as well.

"You'll see future announcements on the roadmap from us about actually exposing DDoS protection services for customers to protect any endpoint, whether it's inside Oracle Cloud infrastructure or otherwise," York said. 


The Oracle CASB is based on technology gained via the 2016 acquisition of Palerra, which has been further developed and enhanced by Oracle over the last two years. In December 2017, Oracle announced extended capabilities for the CASB as part of the Oracle Identity Security Operations Center platform.

York said the Oracle CASB technology has now been further developed to be directly integrated with Oracle Cloud Infrastructure.  Looking forward, York said Oracle will continue to invest in integrating its security assets into the cloud.

"You're going to see tremendous investment from us in the general concept of the virtual Security Operations Center," he said. "You're also going to see a further integration of SIEM [Security Information and Event Management] and SOAR [Security Orchestration Automation and Response] capabilities."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.