MY TAKE: Oracle aims to topple Amazon in cloud services — by going database-deep with security

Ahoy, Jeff Bezos and Amazon. Watch out! Larry Ellison and Oracle are coming after you.

The ever feisty Ellison, 73, founder of Oracle and an America’s Cup sailing champion, recently tacted the good ship Oracle onto a new course. Last October, Ellison announced the launch of a pioneering set of automated cloud services, and boasted that these new tools will help Oracle overtake Amazon as a leading cloud services provider.

Related article: Companies need a compliance strategy

Notably, a linchpin to Oracle’s new cloud strategy is cybersecurity. Specifically, the company has come up with technology the directs machine learning anomaly detection capabilities much deeper than any other security vendor has gone heretofore – into the database layer of company networks.

I recently had a chance to sit down with Sridhar Karnam, senior director of product marketing for Oracle’s cybersecurity practice. We discussed how machine learning is increasingly being brought to bear defending networks, and Karnam dissected the innovation Oracle is introducing. For a drill down on Last Watchdog’s interview, please listen to the accompanying podcast. Here are the big takeaways:

ML shifts to security

Machine learning, or ML, refers to giving computers access to mountains of data, along with a set of analysis criteria crafted by humans. The computers can then run calculations, at machine scale, and thus incrementally deliver better and better results the deeper they get into the dataset.

Meanwhile, humans – freed from the tedium of making base-level calculations —  can stand by to observe the results and tweak the criteria to help the machines improve how well they learn. Commercial application of ML has been honed and perfected by the likes of Google in its search engine, Amazon with its product recommendations and Facebook with its news feed.

By amassing mountains of data and applying behavioral analytics to data collected from hundreds of millions of users, the tech titans generated untold billions in profit. To do something similar, in terms of applying machine-learning based behavior analytics to help secure business networks, makes eminent sense. The typical corporate network is a sprawling amoeba generating large datasets, minute-by-minute, day-by-day, from dozens of disparate systems. Hidden in this tumult of network logs are the fingerprints of threat actors actively stealing and disrupting – or getting into position to do so.

“Machine learning has been in existence for a long time for various use cases,” observed Karnam. “Then when cybersecurity became a big problem, and when we started seeing that this was actually just posing big data problems, machine learning was an obvious choice to fix some of these problems.”

Intelligence recipe

There are two types of ML, supervised and unsupervised. With supervised learning, humans tell the machines which behaviors are good and bad, and then the machines crunch through the giant datasets to identify commonalities and develop signatures.

Most machine learning in the commercial arena is supervised. Unsupervised learning has more of a science-fiction flare. The machines themselves develop the algorithms – by analyzing clusters and establishing what’s normal versus what’s an anomaly.  Either technique can be applied across a diverse set of data sources, absorbing more data, and subsequently generating more relevant data, thus gaining intelligence.

No one is yet advocating that ML systems should replace legacy systems. The billions of dollars of antivirus, firewall, intrusion detection and other legacy perimeter defenses companies now have in place are still effective and necessary. Most have even begun integrating ML and behavior analytics techniques. Yet, given the steadily rising volume of network traffic attendant to our ever-expanding  reliance on digital systems, it is clear to me that ML-centric security systems must come to play a much bigger role, going forward.

“Larry Ellison has said we are losing the cyberwar because the battle can’t be between the attackers’ machines versus our humans, because that’s a battle we’re never going to win,” Karnam said. “We really need to up our game, and make sure that the battleground is set: machines versus machines.”

Oracle’s perch

As I’ve noted, legacy antivirus, firewall and intrusion detection systems have come a long way, and many now leverage ML and behavioral analysis techniques to one degree or another. Yet that still leaves a gaping security hole with respect to the all-to-common scenario whereby a threat actor obtains the logon credentials – and access privileges – of a database administrator, or DBA.

Gaining network access and elevated privileges has become an art form. All the attacker has to do is phish a DBA’s logon credentials to access information stored in databases, so-called structured data.

And then there’s the challenge of protecting unstructured data, essentially all of the data that we are generating on our laptops and mobile devices, storing in cloud services, transferring in email and text messages, and pitching into social media sites. Many companies are just starting to come to grips with the complex challenge of figuring out how to categorize and manage this deluge of unstructured data.

Enter Oracle, which counts many of the world’s largest enterprises and top government entities among its 400,000 customers. Suffice it to say, Oracle has deep expertise regarding how structured and unstructured data flows during a typical day in any given industry or with any of its customers. “Oracle is in a unique position to go data-deep when it comes to the machine learning,” Karnam observed.

Oracle’s new cybersecurity applies ML to structured data residing in traditional databases, as well as unstructured data circulating and being stored everywhere else. “We can analyze the access level for both structured and unstructured data,” Karnam said. “We can look at various factors: the time, the location, the behavior, which applications were accessed first, which were done later . . . we’re able to see if the behavior was normal or not.”

Oracle’s system can also cross reference information, such as whether the firewall was breached, or if the DBA tried to access a Box account or Office 365. If something isn’t right, the machines can be tuned to require multi-factor authentication or instantly terminate access and privileges. “It’s a very powerful way to manage the security of your data,” Karnam said.

It will be fascinating to see if Oracle can make good on Larry Ellison’s boast to overtake Amazon in cloud services – while using deep ML security as a key selling point. As we continue to intensify our reliance on digital systems, it’s clear next-gen ML-centric security systems are destined to become de rigueur.  The sooner the better.

(Editor’s note: LastWatchdog has provided consulting services to Oracle.)

*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: