Customers include Levi Strauss & Company, cyber risk and consulting company Edgile, video firm Ooyala, and software providers Nomis Solutions and Pragmatyxs.
The announcement comes at a time when breaches like last week s WannaCry ransomware attack are increasing demand for security services. It also positions Oracle as a player in the core security vendor market, said Andy Smith, senior director of product development for Oracle s security portfolio.
Oracle has been in the security space for a long time, but in what I would call niche segments of the space, Smith said. We re the 800-pound gorilla in the identity management space. We re also clearly the leader in the database security space. But we really haven t had a basket of security services you would sell to the chief security officer. Oracle s in this space now. This is new for us. Oracle cloud security services the company calls the portfolio its Security Operations Center (SOC) combines four products: Cloud Access Security Broker (CASB) Service, Identity Cloud Service, Configuration and Compliance Cloud Service, and Security and Monitoring Analytics Cloud Service. The first two are generally available, and the second two are both currently being evaluated by select customers. Oracle says the four cloud services provide an integrated approach to security monitoring, threat detection, analytics, and remediation. The portfolio is built on Oracle s public cloud platform. It also works across other public, private, and hybrid clouds, as well as on-site data centers.
The strong adoption Oracle is experiencing with their Security Operations Center (SOC) services portfolio makes perfect sense, said ESG analyst Doug Cahill in an email. Organizations look to such services to close the cybersecurity skill services gap via services and also require a reference architecture to unify disparate security controls. SOCs which employ a security operations and analytics platform architecture such as Oracle s realize both greater threat detection efficacy and operational efficiency.
IDC analyst Robert Westervelt said the new SOC services look to be a good move for Oracle. He said enterprise clients are looking for security products with these components for a variety of reasons. Monitoring user access, extending data governance policies to data located in Software-as-a-service (SaaS) environments, and automating hybrid IT environments top the list.
Oracle has always had a strong identity management offering, and the latest offering appears to be pushing it into adjacent security areas, which is a good move and should appeal to the existing customer base, Westervelt said in an email.
This is a push that appears to strike at CA, which has been investing in building out its strong SaaS identity and secure cloud offerings, he added. Oracle is also striking at a time when RSA which acquired Aveksa for SaaS identity a while back, is now under the Dell umbrella, and a lot of attention is on how Dell manages the acquisition of all of the RSA security product offerings and services. Many customers are dealing with cloud adoption and data flowing in SaaS repositories with investments in security products that may not be easily extended to support policy enforcement and visibility into these distributed environments. But, Westervelt warned, Oracle is entering a crowded environment.
Enterprise IT security buyers have a variety of options to evaluate, and they are going to want to identify products that can integrate seamlessly with the existing security investments they have already made, he said. They are also looking to technology providers like Oracle that have a strong technology partner ecosystem an especially important area to buyers as they move more parts of their IT architecture to the cloud.
SOC Security Framework
Oracle calls its cloud security portfolio the world s first identity SOC security framework.
What makes us different is that we re bringing each of these solutions together into a holistic, integrated portfolio, with all of these pieces working together, under the concept of an identity Security Operations Center, Smith said. Customers can purchase each of the four services separately. They also work with competitors security software.
We re not saying, hey, you have to buy all four of these at once. Our identity cloud service will work with Splunk. Our CASB will work with Okta. Each is designed to work with each of the other competitors in the space and compete individually. Oracle decided to integrate and offer these cloud security services because it saw the market shifting toward hybrid cloud environments. It also comes at a time when Oracle is aggressively buying up cloud-service startups and beefing up its cloud offerings.
All of our customers are making this shift from purely on-premises to SaaS, IaaS, basically shifting to the cloud, which is causing disruption in the security community, Smith said. At the same time, Oracle s focusing on our own cloud strategy and our own public cloud we need many of these same security tools for our own cloud and our own customers.
The security services use machine learning to provide an identity-centric, context aware intelligence service that can be used across industries including manufacturing, banking and finance, utilities, technology, retail, government, and healthcare.
Context-aware detection is important because it helps reduce false positives and more rapidly identify abnormal activity. Also, you can create policies around this, Smith said. I might allow access normally from this device and if they are in this location, but if they are in a unique location or coming from a mobile I might restrict access. The context around it really helps.
Fishtech To Build New Cloud Security Operations Center, The Next Step In A Managed Security Evolution
As more companies move to the cloud, current methods of managed security just aren’t good enough. That’s what the Fishtech Group believes, and the Kansas City, Mo.-based security solution provider is ready to help as it announced on Thursday that it would launch a new Cloud Security Operations Center (CSOC).
“Our vision is that you have to think differently,” CEO Gary Fish said in an interview with CRN. “We think traditional MSPs and security providers will have a tough time transitioning their business to both [cloud and traditional security]. We think there is an opportunity here for people like us that have the security DNA to completely specialize and solve hybrid cloud security.”
Fish founded Fishtech last year to be a solution provider focused on cloud security. Fish is a well-known entrepreneur in the security solution provider space, founding FishNet Security (now Optiv Security after its merger with Accuvant), as well as being the founder and CEO of FireMon, a network security policy management vendor. As Fishtech built out its cloud security business, Fish said the company saw an opportunity to fill a gap left open by traditional managed service providers around managed security services specifically tailored to the cloud. He said traditional MSPs have struggled to address this market, as it requires a transition to a new sales compensation structure, sales mindset, and culture. However, change is needed, he said, as more companies adopt cloud solutions that sit outside of the perimeter defenses that traditional MSPs manage.
“As the border of the network has extended out to multiple clouds and data centers, we have to think about security a little bit differently,” Fish said. “We’re in a unique position to take [security] from the network out and provide a solution.”
Fishtech plans to build the CSOC on 12 acres of land near the company’s headquarters in Kansas City, starting this summer. Fish said Fishtech plans to launch a cloud managed security services offering in the fall out of the company’s current facilities, with the CSOC facilities expected to be completed next summer. He said Fishtech is close to hiring a leader for the CSOC and ultimately plans to hire between 40 and 50 people to operate it.
The CSOC itself, purpose-built for cloud security, will include security services around Office 365, AWS, Azure and Endpoint Security-as-a-Service. The solutions will include multiple vendor solutions, including offerings from companies that Fishtech has invested in through Fishtech Ventures. These include MSSP Foresite and big data and analytics platform Haystax. Fishtech will look to use the data from the CSOC for additional analytics and artificial intelligence capabilities, Fish said, hiring data scientists and other similar positions. The CSOC will also include services such as threat monitoring, threat hunting, and incident response, he said.
“We’re taking a lot of technology and putting it together to build out our own special sauce. We’re not just using other people’s technology to start solving the problem, we’re solving it with our own technology as well,” Fish said.
It was a typical Monday morning at the Chase Bank on Marion and Madison Street. Cars drove by as customers went in and out of the bank to deposit checks, withdraw money, refinance loans It wasn t until Kiran Oommen showed up with a group of Seattle University students in tow that this harmony was disrupted.
NICK TURNER THE SPECTATOR
Sierra Ganellen (right) holds a sign protesting Chase Bank s funding of the Keystone Pipeline.
These students were part of Seattle U s unofficial Anarchists Club, and they were there to protest Chase Bank s funding of the Keystone Pipeline, an oil system that will transport crude oil from the Western Canadian Sedimentary Basin in Alberta, Canada to refineries in Illinois and Texas once completed. At the same time, environmental activists across Seattle occupied and closed 12 different Chase Bank locations in Fremont, Wedgwood, Northgate, the U District, Queen Anne, the Central District, downtown and Capitol Hill to protest the Keystone XL pipeline. The Seattle Police Department reported 26 arrests, including a candidate for city council. A climate justice group called 350 Seattle organized the citywide effort.
It was a quarter past eleven o clock when the students showed up at the bank just up the hill from campus. They were all holding flyers, signs and hand drawn posters. Sierra Ganellen, a second-year sociology major at Seattle U, was the first to arrive. They marched through the front door and demanded that their funds be withdrawn immediately from the bank, but they were denied this request and was promptly guided outside by a security guard who then locked the door and lowered the security barrier.
NICK TURNER THE SPECTATOR
Sophomore Sierra Ganellen hold the sign they carried at the protest.
The bank employees, ever present and ready to provide service a minute ago, were nowhere to be seen. The bank was deserted. Unperturbed, the students hunkered down outside and began to unfurl their posters and hand out pamphlets to people walking by. To show them that I don t stand for this, that they will lose customers and that this is a potential consequence for their investment in fossil fuels, Ganellen said, explaining why they asked to withdraw their funds. I want to scare them.
In 2015, former president Barack Obama rejected the fourth phase of the plan, known as Keystone XL, which would allow the pipeline to pass through Montana, South Dakota, Nebraska and parts of Kansas. On January 24, 2017, President Donald Trump signed presidential memoranda meant to revive Keystone XL and the Dakota Access pipeline in addition to expediting the environmental review process. The pipeline, which was commissioned in 2010, is owned solely by the TransCanada Corporation and quickly became a symbol of the growing environmental movement and fight against climate change and the fossil fuel industry.
The students had many interactions with pedestrians, drivers and other passersby while they occupied the space in front of the bank. Some onlookers stopped and shook their hands, others shrugged them off. Some honked in support, others in annoyance. In either case, Oommen said, the point was to demand the bank s divestment from the fossil fuel industry. Oommen explained, standing just a few feet away from the entrance to the bank, that anarchism has a bad rep. His developing club, the Anarchists of Seattle U, is a direct- action team made up of students from an array of different political beliefs, not all of which strictly prescribe to the principles of anarchism. Direct action is rooted in anarchy, Oommen explained, and he hopes that his efforts will override the negative stereotype forced upon members of his club to demonstrate, ultimately, that people can take care of themselves and look out for each other.
[We are] standing in solidarity with the indigenous and low income communities that are going to be directly affected by the pipeline, Oommen said. We are reaching out to the bank to appeal to their any sense of dignity.
NICK TURNER THE SPECTATOR
SU students held signs and handed out pamphlets to passersby.
As the students held their ground chanting their chants and singing their songs a group of four suited men walked by. One of the students offered them a pamphlet, asking whether they knew about the relationship between Chase Bank and the Keystone pipeline.
I m totally in favor of the pipeline, the suited man said in response. His colleagues chuckled as they walked away. Minutes later a woman started a conversation with the students, asking with a clear, energetic voice, How can I help?
Oommen and the others were delighted. They asked the woman if she has a bank account with Chase, to which she replied, Hell no!
On the smallest level, I hope that people start to think about it and eventually do some of their own research, Ganellen said, explaining what they hoped people would take away from their demonstration. A little listening would be nice.
Nick may be reached at