Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security //

Automation

// // //
2/13/2018
09:30 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now

Oracle's Mark Hurd Touts Automation for Security & Patching Concerns

Oracle CEO Mark Hurd came to New York City to tout the benefits of automation and artificial intelligence to help tackle concerns of security and patching.

NEW YORK CITY – When Oracle CEO Mark Hurd speaks, it's usually about big-issue, macro ideas in technology. This usually focuses on where IT budgets are headed over the next five years, the changing nature of the cloud or even how GDP will affect CEO decisions.

However, at an event on Monday, Hurd wandered into a different topic: security.

Specifically, Hurd was on hand at CloudWorld NY, to offer details about the Oracle's Autonomous Cloud Platform, which is part of an effort to add machine learning, artificial intelligence and automation to all nearly all the company's software and application products. (See Unknown Document 740509.)

Oracle CEO Mark Hurd in New York City\r\n(Source: Oracle)
Oracle CEO Mark Hurd in New York City
\r\n(Source: Oracle)

However, Hurd spent a good portion of his time during Monday's keynote to talk up the benefits of AI and automation when it comes to maintaining systems and patching large-scale applications, such as databases. As part of his predictions, Hurd noted that 90% of all enterprise apps will have AI capabilities by 2020. (See Unknown Document 740515.)

He also noted that between 2020 and 2025, more than 50% of all enterprise data will be managed autonomously and be more secure because of it. The reason to invest more in automation, machine learning and AI from a security point of view, is that businesses at the executive level do not understand the threats that are out there.

"The reality today is that as big of a deal as security is, nobody takes it seriously," Hurd said. "There will be a day, and I don't want to predict it, when something happens -- something material."

For example, Hurd noted that a bank executive recently told him it takes about four months to move an Oracle security patch throughout the business's various IT systems and networks. That is pretty good considering, on average, an Oracle security patch could take between six months and year to complete.

One way to mitigate some of these problems, Hurd noted, is the cloud, where the hosting company handles much of the patching and security upgrades.

"It takes our customers months to get a patch through their business. Why? Because it's hard," Hurd said. "Why is that? Because they sit on different hardware, different operating systems and there are different versions and I could go on... in the cloud, it's patched immediately. In the cloud, it's more secure and the data is encrypted... there's more innovation, it costs less, it's more secure."

To help hammer that message home, Hurd invited Mark Frissora, the CEO and president of Caesars Entertainment, to talk about the security concerns an enterprise of that size has, with millions of dollars trading hands and customer data that would be valuable to cybercriminals.


The fundamentals of network security are being redefined -- don't get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth-annual Big Communications Event. There's still time to register and communications service providers get in free!

The trouble with security, Frissors explained, is that many executives on his level don't understand it, and that tech vendors need to do a better job of explaining it and how the technology works to prevent a data breach or cyberattack.

"CEOs are undereducated when it comes to cybersecurity," Frissora said. "They are undereducated about security in general. You get a lot of presentations from technology folks and they dummy it down for someone like me, but you can't talk in tech speak. From my perspective, I never had anyone call on me and explain to me why their systems are better at security than anyone else's … boards are panic-stricken by it [hacking] but they don't know what they are talking about."

And this is where Hurd brought the issue back to Oracle, and having the company handle the patching and security not only from the cloud, but by automating more and more of the security process and updates.

"In these companies, there are hundreds of versions of these systems on hundreds of different computers," Hurd said. "In our cloud, there's only one. There's one version, there's one operating system, so our job is infinitely easier and then we are able to encrypt all the data."

Related posts:

— Scott Ferguson, Editor, Enterprise Cloud News. Follow him on Twitter @sferguson_LR.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-39044
PUBLISHED: 2022-12-07
Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and ea...
CVE-2022-40966
PUBLISHED: 2022-12-07
Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN fir...
CVE-2022-42458
PUBLISHED: 2022-12-07
Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered.
CVE-2022-45910
PUBLISHED: 2022-12-07
Improper neutralization of special elements used in an LDAP query ('LDAP Injection') vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries (DoS, additional queries, filter manipulation) durin...
CVE-2022-34840
PUBLISHED: 2022-12-07
Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600...