Specifically, it added new adaptive access capabilities into Oracle Identity Cloud Service (SOC), risk monitoring that uses machine learning engines, and expanded its Cloud Access Security Broker (CASB) service to support its software-as-a-service (SaaS) products with automated threat detection.
The company s adaptive access technology applies dynamic risk context to determine needed access controls for a given level of risk. Adaptive Access will interface with the rest of the Oracle Identity SOC, but also with other third-party CASB and risk engines, said Andy Smith, senior director of product development for Oracle Identity Cloud Services, in an email. This new feature comes in response to the increased frequency and breadth of incidents targeting both privileged and end-user credentials, Oracle said.
CASB Cloud Service
Additionally, CASB Cloud Service now uses machine-learning for threat detection. Its built-in user behavior analytics (UBA) engine automatically establishes unique historical baselines for each user and cloud service, such as Microsoft Office 365, Box, and others. It continuously compares activity against these baselines to better detect anomalous and risky behavior. If it detects any deviations, the software orchestrates incident response through a number of options including integration with third-party ticketing and incident management systems, and as native automated remediation.
The company says its CASB Cloud Service is the only CASB product on the market to provide security monitoring and threat detection for Oracle s SaaS applications. The CASB Cloud Service also added the Slack messaging platform to its list of supported, sanctioned applications. These also includes Salesforce.com, Microsoft Office365, Box, Google G-Suite, ServiceNow, AWS, GitHub, and Rackspace.
For cloud visibility today we support Check Point, Fortinet, Palo Alto Networks, and Sophos, in addition we have added support for Symantec/BlueCoat secure web gateway, Smith said. In November 2016, Oracle launched its cloud security services portfolio, called the Identity SOC.
Six months after announcing the new cloud security services portfolio, the company said more than 1 million users are using the products and services. Customers include Levi Strauss & Company; cyber risk and consulting company Edgile; video firm Ooyala; and software providers Nomis Solutions, and Pragmatyxs.
- ^ Oracle (www.sdxcentral.com)
- ^ Cloud Resources (www.sdxcentral.com)
- ^ Security Resources (www.sdxcentral.com)
- ^ Microsoft Corporation (www.sdxcentral.com)
- ^ Salesforce.com (www.sdxcentral.com)
- ^ Mini Reports: Inside Facebook Wedge and Inside Google s Data Center (www.sdxcentral.com)
- ^ Rackspace (www.sdxcentral.com)
- ^ Fortinet (www.sdxcentral.com)
- ^ Oracle launched (blogs.oracle.com)
- ^ 1 million users (www.sdxcentral.com)
Customers include Levi Strauss & Company, cyber risk and consulting company Edgile, video firm Ooyala, and software providers Nomis Solutions and Pragmatyxs.
The announcement comes at a time when breaches like last week s WannaCry ransomware attack are increasing demand for security services. It also positions Oracle as a player in the core security vendor market, said Andy Smith, senior director of product development for Oracle s security portfolio.
Oracle has been in the security space for a long time, but in what I would call niche segments of the space, Smith said. We re the 800-pound gorilla in the identity management space. We re also clearly the leader in the database security space. But we really haven t had a basket of security services you would sell to the chief security officer. Oracle s in this space now. This is new for us. Oracle cloud security services the company calls the portfolio its Security Operations Center (SOC) combines four products: Cloud Access Security Broker (CASB) Service, Identity Cloud Service, Configuration and Compliance Cloud Service, and Security and Monitoring Analytics Cloud Service. The first two are generally available, and the second two are both currently being evaluated by select customers. Oracle says the four cloud services provide an integrated approach to security monitoring, threat detection, analytics, and remediation. The portfolio is built on Oracle s public cloud platform. It also works across other public, private, and hybrid clouds, as well as on-site data centers.
The strong adoption Oracle is experiencing with their Security Operations Center (SOC) services portfolio makes perfect sense, said ESG analyst Doug Cahill in an email. Organizations look to such services to close the cybersecurity skill services gap via services and also require a reference architecture to unify disparate security controls. SOCs which employ a security operations and analytics platform architecture such as Oracle s realize both greater threat detection efficacy and operational efficiency.
IDC analyst Robert Westervelt said the new SOC services look to be a good move for Oracle. He said enterprise clients are looking for security products with these components for a variety of reasons. Monitoring user access, extending data governance policies to data located in Software-as-a-service (SaaS) environments, and automating hybrid IT environments top the list.
Oracle has always had a strong identity management offering, and the latest offering appears to be pushing it into adjacent security areas, which is a good move and should appeal to the existing customer base, Westervelt said in an email.
This is a push that appears to strike at CA, which has been investing in building out its strong SaaS identity and secure cloud offerings, he added. Oracle is also striking at a time when RSA which acquired Aveksa for SaaS identity a while back, is now under the Dell umbrella, and a lot of attention is on how Dell manages the acquisition of all of the RSA security product offerings and services. Many customers are dealing with cloud adoption and data flowing in SaaS repositories with investments in security products that may not be easily extended to support policy enforcement and visibility into these distributed environments. But, Westervelt warned, Oracle is entering a crowded environment.
Enterprise IT security buyers have a variety of options to evaluate, and they are going to want to identify products that can integrate seamlessly with the existing security investments they have already made, he said. They are also looking to technology providers like Oracle that have a strong technology partner ecosystem an especially important area to buyers as they move more parts of their IT architecture to the cloud.
SOC Security Framework
Oracle calls its cloud security portfolio the world s first identity SOC security framework.
What makes us different is that we re bringing each of these solutions together into a holistic, integrated portfolio, with all of these pieces working together, under the concept of an identity Security Operations Center, Smith said. Customers can purchase each of the four services separately. They also work with competitors security software.
We re not saying, hey, you have to buy all four of these at once. Our identity cloud service will work with Splunk. Our CASB will work with Okta. Each is designed to work with each of the other competitors in the space and compete individually. Oracle decided to integrate and offer these cloud security services because it saw the market shifting toward hybrid cloud environments. It also comes at a time when Oracle is aggressively buying up cloud-service startups and beefing up its cloud offerings.
All of our customers are making this shift from purely on-premises to SaaS, IaaS, basically shifting to the cloud, which is causing disruption in the security community, Smith said. At the same time, Oracle s focusing on our own cloud strategy and our own public cloud we need many of these same security tools for our own cloud and our own customers.
The security services use machine learning to provide an identity-centric, context aware intelligence service that can be used across industries including manufacturing, banking and finance, utilities, technology, retail, government, and healthcare.
Context-aware detection is important because it helps reduce false positives and more rapidly identify abnormal activity. Also, you can create policies around this, Smith said. I might allow access normally from this device and if they are in this location, but if they are in a unique location or coming from a mobile I might restrict access. The context around it really helps.
USA TODAY Sports’ Sam Amick breaks down the Thunder outlook for the remainder of their first-round series against the Rockets. USA TODAY Sports
Houston Rockets guard Patrick Beverley (2) reacts after fouling out in action against the Oklahoma City Thunder during the fourth quarter in game three of the first round of the 2017 NBA Playoffs at Chesapeake Energy Arena.(Photo: Mark D. Smith-USA TODAY Sports)
The NBA is investigating an incident between Houston Rockets guard Patrick Beverley and an Oklahoma City Thunder fan following Game 3 at Chesapeake Energy Arena on Friday night, a person with knowledge of the situation confirmed to USA TODAY Sports. The person spoke on condition of anonymity because he was not authorized to speak publicly on the matter.
Pat Beverley on alleged Game 3 fan incident: “The Rockets are taking care of the situation. I’ll talk more after the investigation is done.”
As seen on video that was published by ESPN, which telecast the Thunder’s 115-113 win in which Beverley had just one point and missed all six of his shots in 25 minutes, Beverley had two heated exchanges with a male fan who was sitting behind the basket. During the game, Beverley had fallen at the man’s feet after barreling through the lane and attempting a layup. The fan, according to the Norman Transcript, was Stuart Scaramucci, who is the son of Thunder minority owner Jay Scaramucci. When he arose, Beverley clearly took exception to something the fan said or did and can be seen pleading with officials to handle the situation. After the game, Beverley and the same fan can be seen exchanging words before arena employees and a Rockets security guard usher him away. The Rockets lead the first-round series 2-1 with Game 4 on Sunday.
NBA playoff coverage:
NBA playoffs: Blake Griffin goes down; Rondo denies tripping Crowder
Clippers announce Blake Griffin to miss rest of playoffs with toe injury
Sadness slowly begins to lift for Celtics star Isaiah Thomas
Beverley, a 28-year-old who spent his early years playing professionally overseas before breaking into the NBA with the Rockets in 2013, is routinely booed during games in Oklahoma City, due in large part to his history with the Thunder. Most of the animosity stems from when the Rockets’ guard knocked into Russell Westbrook in the 2013 playoffs, leaving Westbrook with a torn meniscus. Some of it is simply due to his style of play, as Beverley is the kind of rugged defender that gets under the skin of opponents and their fans alike.
As he discussed leading into the game on Friday, Oklahoma City is the most hostile environment he faces in all the NBA.
“It s a tough place to play,” Beverley said. “It s alright. I get booed everywhere I go. I get booed a lot here…But you know, it’s part of the game. It is what it is.”
It could always be worse, of course. And it has been, in fact, for Beverley.
“Well I got hit in the face with quarters overseas,” he said. “I don t think no one s hitting me in the face here, so I d probably say it s pretty much better here than overseas. In Turkey, I d get lasers in my eyes (from fans with handheld laser pointers) and stuff like that…little firecracker bombs going off in the back. Stuff like that, so I don t think any of that is happening over here, so I think I m going to be ok.”
The Norman Transcript first reported the incident.
Show Thumbnails Show Captions