Beijing – China on Monday defended its right to investigate actions threatening national security but declined to comment on a report that authorities killed or jailed up to 20 CIA sources. The New York Times reported on Sunday that Beijing had systematically dismantled CIA spying operations in China beginning in late 2010, in one of the worst US intelligence breaches in decades. At least a dozen Central Intelligence Agency sources were killed between late 2010 and the end of 2012, including one who was shot in front of colleagues in a clear warning to anyone else who might be spying, the Times reported, citing 10 current and former US officials.
In all, 18 to 20 CIA sources in China were either killed or imprisoned, according to two former senior American officials quoted.
The paper called it a grave setback to a network that, up to then, had been working at its highest level for years.
“As for as the situation mentioned in the New York Times report, I’m not aware of that but I can tell you that Chinese security authorities are following their legal mandate to carry out investigations about organisations, personnel and actions that harm Chinese national security and interests,” foreign ministry spokesperson Hua Chunying told a regular news briefing.
“For these normal discharges of official duties by Chinese security organisations we have no comment on that,” she said. The Global Times, a state-run newspaper, said the authenticity of the Times report “remains unknown”. But it added, “if this article is telling the truth, we would like to applaud China’s anti-espionage activities”.
“Not only was the CIA’s spy network dismantled, but Washington had no idea what happened and which part of the spy network had gone wrong. It can be taken as a sweeping victory,” the nationalist daily said.
Al Murabit Security Services (Al Murabit), a security firm specialised in oil and gas operations, has opened its new office in Burjessia, in the Basra province of Iraq.
The move is in line with the firm s commitment to deliver its full security service offering to customers in southern Iraq, as well as through its headquarters in Baghdad. Situated in the southern oilfields, the new office relocates the team closer to their customers and enables them to better serve their requirements in Basra. A full team is now in-situ and immediately available to deliver operational support to current and proposed projects. The regional director, business development manager and a full commercial PSD team supported by an operations control room and local compliance team are already up and running and supporting our current contracts, providing a full spectrum of security services and risk management.
For clients who require country-wide support, Al Murabit s Basra team will work in synergy with the team in the Baghdad headquarters enabling smooth operations and closer cooperation. Strategically located in Burjessia, our new office in Al Majal business park provides access to all the major oilfields around Basra; key transportation and logistics hubs are within easy reach, including road, air and shipping ports. Al Murabit has strengthened its position in the market over the last year with key employee positions bolstered with skilled and experienced security experts and a focus on internal staff development programmes.
Developing and growing the critical infrastructure has reinforced Al Murabit s offering in the south of Iraq.
I am extremely proud of our achievements over the last year and the relocation of our office to a larger, better located space highlights our steady growth and our continued commitment to our clients, Simon Barry, head of Al Murabit Security Services, was quoted in a press release as saying.
This strengthens our capabilities on the ground to extend a diversified service offering at key locations.
Customers include Levi Strauss & Company, cyber risk and consulting company Edgile, video firm Ooyala, and software providers Nomis Solutions and Pragmatyxs.
The announcement comes at a time when breaches like last week s WannaCry ransomware attack are increasing demand for security services. It also positions Oracle as a player in the core security vendor market, said Andy Smith, senior director of product development for Oracle s security portfolio.
Oracle has been in the security space for a long time, but in what I would call niche segments of the space, Smith said. We re the 800-pound gorilla in the identity management space. We re also clearly the leader in the database security space. But we really haven t had a basket of security services you would sell to the chief security officer. Oracle s in this space now. This is new for us. Oracle cloud security services the company calls the portfolio its Security Operations Center (SOC) combines four products: Cloud Access Security Broker (CASB) Service, Identity Cloud Service, Configuration and Compliance Cloud Service, and Security and Monitoring Analytics Cloud Service. The first two are generally available, and the second two are both currently being evaluated by select customers. Oracle says the four cloud services provide an integrated approach to security monitoring, threat detection, analytics, and remediation. The portfolio is built on Oracle s public cloud platform. It also works across other public, private, and hybrid clouds, as well as on-site data centers.
The strong adoption Oracle is experiencing with their Security Operations Center (SOC) services portfolio makes perfect sense, said ESG analyst Doug Cahill in an email. Organizations look to such services to close the cybersecurity skill services gap via services and also require a reference architecture to unify disparate security controls. SOCs which employ a security operations and analytics platform architecture such as Oracle s realize both greater threat detection efficacy and operational efficiency.
IDC analyst Robert Westervelt said the new SOC services look to be a good move for Oracle. He said enterprise clients are looking for security products with these components for a variety of reasons. Monitoring user access, extending data governance policies to data located in Software-as-a-service (SaaS) environments, and automating hybrid IT environments top the list.
Oracle has always had a strong identity management offering, and the latest offering appears to be pushing it into adjacent security areas, which is a good move and should appeal to the existing customer base, Westervelt said in an email.
This is a push that appears to strike at CA, which has been investing in building out its strong SaaS identity and secure cloud offerings, he added. Oracle is also striking at a time when RSA which acquired Aveksa for SaaS identity a while back, is now under the Dell umbrella, and a lot of attention is on how Dell manages the acquisition of all of the RSA security product offerings and services. Many customers are dealing with cloud adoption and data flowing in SaaS repositories with investments in security products that may not be easily extended to support policy enforcement and visibility into these distributed environments. But, Westervelt warned, Oracle is entering a crowded environment.
Enterprise IT security buyers have a variety of options to evaluate, and they are going to want to identify products that can integrate seamlessly with the existing security investments they have already made, he said. They are also looking to technology providers like Oracle that have a strong technology partner ecosystem an especially important area to buyers as they move more parts of their IT architecture to the cloud.
SOC Security Framework
Oracle calls its cloud security portfolio the world s first identity SOC security framework.
What makes us different is that we re bringing each of these solutions together into a holistic, integrated portfolio, with all of these pieces working together, under the concept of an identity Security Operations Center, Smith said. Customers can purchase each of the four services separately. They also work with competitors security software.
We re not saying, hey, you have to buy all four of these at once. Our identity cloud service will work with Splunk. Our CASB will work with Okta. Each is designed to work with each of the other competitors in the space and compete individually. Oracle decided to integrate and offer these cloud security services because it saw the market shifting toward hybrid cloud environments. It also comes at a time when Oracle is aggressively buying up cloud-service startups and beefing up its cloud offerings.
All of our customers are making this shift from purely on-premises to SaaS, IaaS, basically shifting to the cloud, which is causing disruption in the security community, Smith said. At the same time, Oracle s focusing on our own cloud strategy and our own public cloud we need many of these same security tools for our own cloud and our own customers.
The security services use machine learning to provide an identity-centric, context aware intelligence service that can be used across industries including manufacturing, banking and finance, utilities, technology, retail, government, and healthcare.
Context-aware detection is important because it helps reduce false positives and more rapidly identify abnormal activity. Also, you can create policies around this, Smith said. I might allow access normally from this device and if they are in this location, but if they are in a unique location or coming from a mobile I might restrict access. The context around it really helps.