News by Professionals 4 Professionals

automation

Oracle Cloud Security Services Pass the 1-Million-Customers Mark

Oracle Cloud Security Services Pass The 1-Million-Customers Mark Oracle Cloud Security Services Pass The 1-Million-Customers Mark

Oracle[1] cloud[2] security[3] services now has more than 1 million customers, six months after launching[4] the new portfolio.

Customers include Levi Strauss & Company, cyber risk and consulting company Edgile, video firm Ooyala, and software providers Nomis Solutions and Pragmatyxs.

Related Articles

The announcement comes at a time when breaches like last week s WannaCry ransomware attack are increasing demand for security services. It also positions Oracle as a player in the core security vendor market, said Andy Smith, senior director of product development for Oracle s security portfolio.

Oracle has been in the security space for a long time, but in what I would call niche segments of the space, Smith said. We re the 800-pound gorilla in the identity management space. We re also clearly the leader in the database security space. But we really haven t had a basket of security services you would sell to the chief security officer. Oracle s in this space now. This is new for us. Oracle cloud security services the company calls the portfolio its Security Operations Center (SOC) combines four products: Cloud Access Security Broker (CASB) Service, Identity Cloud Service, Configuration and Compliance Cloud Service, and Security and Monitoring Analytics Cloud Service. The first two are generally available, and the second two are both currently being evaluated by select customers. Oracle says the four cloud services provide an integrated approach to security monitoring, threat detection, analytics, and remediation. The portfolio is built on Oracle s public cloud platform. It also works across other public, private, and hybrid clouds, as well as on-site data centers.

Analyst Perspectives

The strong adoption Oracle is experiencing with their Security Operations Center (SOC) services portfolio makes perfect sense, said ESG analyst Doug Cahill in an email. Organizations look to such services to close the cybersecurity skill services gap via services and also require a reference architecture to unify disparate security controls. SOCs which employ a security operations and analytics platform architecture such as Oracle s realize both greater threat detection efficacy and operational efficiency.

IDC analyst Robert Westervelt said the new SOC services look to be a good move for Oracle. He said enterprise clients are looking for security products with these components for a variety of reasons. Monitoring user access, extending data governance policies to data located in Software-as-a-service (SaaS) environments, and automating hybrid IT environments top the list.

Oracle has always had a strong identity management offering, and the latest offering appears to be pushing it into adjacent security areas, which is a good move and should appeal to the existing customer base, Westervelt said in an email.

This is a push that appears to strike at CA, which has been investing in building out its strong SaaS identity and secure cloud offerings, he added. Oracle is also striking at a time when RSA which acquired Aveksa for SaaS identity a while back, is now under the Dell umbrella, and a lot of attention is on how Dell manages the acquisition of all of the RSA security product offerings and services. Many customers are dealing with cloud adoption and data flowing in SaaS repositories with investments in security products that may not be easily extended to support policy enforcement and visibility into these distributed environments. But, Westervelt warned, Oracle is entering a crowded environment.

Enterprise IT security buyers have a variety of options to evaluate, and they are going to want to identify products that can integrate seamlessly with the existing security investments they have already made, he said. They are also looking to technology providers like Oracle that have a strong technology partner ecosystem an especially important area to buyers as they move more parts of their IT architecture to the cloud.

SOC Security Framework

Oracle calls its cloud security portfolio the world s first identity SOC security framework.

What makes us different is that we re bringing each of these solutions together into a holistic, integrated portfolio, with all of these pieces working together, under the concept of an identity Security Operations Center, Smith said. Customers can purchase each of the four services separately. They also work with competitors security software.

We re not saying, hey, you have to buy all four of these at once. Our identity cloud service will work with Splunk[5]. Our CASB will work with Okta. Each is designed to work with each of the other competitors in the space and compete individually. Oracle decided to integrate and offer these cloud security services because it saw the market shifting toward hybrid cloud environments. It also comes at a time when Oracle is aggressively buying up cloud-service startups and beefing up its cloud offerings[6].

All of our customers are making this shift from purely on-premises to SaaS, IaaS, basically shifting to the cloud, which is causing disruption in the security community, Smith said. At the same time, Oracle s focusing on our own cloud strategy and our own public cloud we need many of these same security tools for our own cloud and our own customers.

Context-Aware Detection

The security services use machine learning to provide an identity-centric, context aware intelligence service that can be used across industries including manufacturing, banking and finance, utilities, technology, retail, government, and healthcare.

Context-aware detection is important because it helps reduce false positives and more rapidly identify abnormal activity. Also, you can create policies around this, Smith said. I might allow access normally from this device and if they are in this location, but if they are in a unique location or coming from a mobile I might restrict access. The context around it really helps.

References

  1. ^ Oracle (www.sdxcentral.com)
  2. ^ Cloud Resources (www.sdxcentral.com)
  3. ^ Security Resources (www.sdxcentral.com)
  4. ^ six months after launching (blogs.oracle.com)
  5. ^ Splunk (www.sdxcentral.com)
  6. ^ beefing up its cloud offerings (www.sdxcentral.com)

Firm Launches Free Online ‘WannaCry’ Course

An online learning company is offering a free course[1] to teach people about the WannaCry computer virus used in this month s worldwide campaign that resulted in more than 200,000 ransomware attacks in 150 countries. Cybercriminals conducting the ransomware attack[2] leveraged an exploit of Windows believed stolen from the U.S. National Security Agency to lock computer files until owners paid $300 in bitcoin digital currency. The hacker group is suspected of having collected tens of thousands of dollars in ransoms.

What you need to know about the WannaCry Virus, Trojan Horses and Ransomware; was launched this week by Alison[3], a free online learning platform.

This free online course teaches you how to avoid the virus, but more importantly explains the concepts behind these attacks, states an abstract for the course.

It is believed by industry experts that these types of computer virus attacks are going to become more frequent, the abstract continues. Whether you are an individual learner, or an employer or manager with an organisation of team of staff to protect, this free course will be of help to you in spreading awareness on how to protect against this malicious threat.

The vulnerability has been known since February, when Microsoft cancelled its monthly Patch Tuesday deployment to address the problem. That fix was released in March but as with all patches a significant number of Windows systems had not yet been updated. A Kaspersky Lab blog on Friday described the attack as follows:

Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world, the security firm said in its Securelist publication. In these attacks, data is encrypted with the extension .WCRY added to the filenames.

Our analysis indicates the attack, dubbed WannaCry, is initiated through an SMBv2 remote code execution in Microsoft Windows, the piece continues. This exploit (codenamed EternalBlue ) has been made available on the Internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft[4] on March 14.

The one- to two-hour Alison course aims to demystify the attack and help participants to harden their defenses.

This free course will be of great interest to those who would like to gain a better understanding of the latest WannaCry ransomware attack, and to those wishing to protect against it as it outlines what steps to avoid the virus and steps that can be taken if your computer has become infected, the abstract states.

Visit Alison to participate in the course[5].

Send tips and news to .[6]

References

  1. ^ free course (alison.com)
  2. ^ ransomware attack (mspmentor.net)
  3. ^ Alison (alison.com)
  4. ^ patched by Microsoft (technet.microsoft.com)
  5. ^ participate in the course (alison.com)
  6. ^

Worldwide Ransomware Attack Underway Using Stolen NSA Tools

A worldwide ransomware campaign using a stolen NSA hacking tool is currently underway, consisting of more than 45,000 attacks in 74 countries, including the crippling of Britain s main healthcare system, Spain s Telefonica and Russia s MegaFon, according to global media reports and Kaspersky Lab[1]. The unknown attackers are demanding $300 in bitcoin currency to unlock encrypted files. Perhaps the most significant target thus far has been Britain s National Health Service, that nation s main healthcare apparatus.

Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world, Kaspersky Lab said in its Securelist blog. In these attacks, data is encrypted with the extension .WCRY added to the filenames.

Our analysis indicates the attack, dubbed WannaCry, is initiated through an SMBv2 remote code execution in Microsoft Windows, the piece continues. This exploit (codenamed EternalBlue ) has been made available on the Internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft[2] on March 14.

Unfortunately, Kaspersky points out, many organizations have not yet installed the Microsoft patch. Shadowbrokers is a hacking group blamed for a hack last summer of the U.S. National Security Agency (NSA), which exposed that secretive agency s hacking tools, including several Zero Day exploits. Cybersecurity experts differ on particular assumptions about the attack, but all agreed the campaign appears massive and possibly unprecedented in scope.

So far it s not yet clear when exactly the infected machines were compromised, but quite probably it s a very recent large-scale phishing attack targeting hospitals with ransomware, Ilia Kolochenko, CEO of web security firm High-Tech Bridge, said in a statement. But we cannot exclude a well-thought out attack, planned and prepared for months, which continuously infected more and more NHS victims, preparing to demand ransom at once and cause panic.

Without further technical investigation it s impossible to say who is behind the attack, but it can be virtually anyone from a small group of Black Hats seeking profit, to a state-sponsored hacking group, the statement continued. In any case – this incident clearly demonstrates how our everyday life depends on technology and how vulnerable we are.

Finding the perpetrators will rely on the hope that the hackers made a technical mistake while preparing the attack, Kolochenko said.

Otherwise, such an attack can be technically un-investigable, the statement said. IT companies maintaining hospital networks can also be found negligent or at least careless, as usually a properly maintained and duly updated system is immune to the vast majority of ransomware. It s frustrating that attacks like this continue to victimize unprepared systems, said Ron Culler, CTO of managed security services provider, Secure Designs Inc[3].

Microsoft released a patch for the vulnerability in March, so those systems should have been patched, he said. Also, as with almost all of these types of infections, if you don t click on it, you don t get infected.

It starts with a solid and enforced policy, training, and patch management, Culler went on. When one or all of these are either not in place or enforced, you end up leaving the doors open to these types of attacks. The real story, he said, would emerge in the coming days and weeks, following thorough analysis of what happened.

I just hope they (the victims) have a good backup of those systems, Culler said. My guess is probably not, considering they were not patched.

Send tips and news to .[4]

References

  1. ^ Kaspersky Lab (usa.kaspersky.com)
  2. ^ patched by Microsoft (technet.microsoft.com)
  3. ^ Secure Designs Inc (www.securedesigns.com)
  4. ^

1 2 3 9