Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security //

Automation

2/13/2018
09:30 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now
50%
50%

Oracle's Mark Hurd Touts Automation for Security & Patching Concerns

Oracle CEO Mark Hurd came to New York City to tout the benefits of automation and artificial intelligence to help tackle concerns of security and patching.

NEW YORK CITY – When Oracle CEO Mark Hurd speaks, it's usually about big-issue, macro ideas in technology. This usually focuses on where IT budgets are headed over the next five years, the changing nature of the cloud or even how GDP will affect CEO decisions.

However, at an event on Monday, Hurd wandered into a different topic: security.

Specifically, Hurd was on hand at CloudWorld NY, to offer details about the Oracle's Autonomous Cloud Platform, which is part of an effort to add machine learning, artificial intelligence and automation to all nearly all the company's software and application products. (See Unknown Document 740509.)

Oracle CEO Mark Hurd in New York City\r\n(Source: Oracle)
Oracle CEO Mark Hurd in New York City
\r\n(Source: Oracle)

However, Hurd spent a good portion of his time during Monday's keynote to talk up the benefits of AI and automation when it comes to maintaining systems and patching large-scale applications, such as databases. As part of his predictions, Hurd noted that 90% of all enterprise apps will have AI capabilities by 2020. (See Unknown Document 740515.)

He also noted that between 2020 and 2025, more than 50% of all enterprise data will be managed autonomously and be more secure because of it. The reason to invest more in automation, machine learning and AI from a security point of view, is that businesses at the executive level do not understand the threats that are out there.

"The reality today is that as big of a deal as security is, nobody takes it seriously," Hurd said. "There will be a day, and I don't want to predict it, when something happens -- something material."

For example, Hurd noted that a bank executive recently told him it takes about four months to move an Oracle security patch throughout the business's various IT systems and networks. That is pretty good considering, on average, an Oracle security patch could take between six months and year to complete.

One way to mitigate some of these problems, Hurd noted, is the cloud, where the hosting company handles much of the patching and security upgrades.

"It takes our customers months to get a patch through their business. Why? Because it's hard," Hurd said. "Why is that? Because they sit on different hardware, different operating systems and there are different versions and I could go on... in the cloud, it's patched immediately. In the cloud, it's more secure and the data is encrypted... there's more innovation, it costs less, it's more secure."

To help hammer that message home, Hurd invited Mark Frissora, the CEO and president of Caesars Entertainment, to talk about the security concerns an enterprise of that size has, with millions of dollars trading hands and customer data that would be valuable to cybercriminals.


The fundamentals of network security are being redefined -- don't get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth-annual Big Communications Event. There's still time to register and communications service providers get in free!

The trouble with security, Frissors explained, is that many executives on his level don't understand it, and that tech vendors need to do a better job of explaining it and how the technology works to prevent a data breach or cyberattack.

"CEOs are undereducated when it comes to cybersecurity," Frissora said. "They are undereducated about security in general. You get a lot of presentations from technology folks and they dummy it down for someone like me, but you can't talk in tech speak. From my perspective, I never had anyone call on me and explain to me why their systems are better at security than anyone else's … boards are panic-stricken by it [hacking] but they don't know what they are talking about."

And this is where Hurd brought the issue back to Oracle, and having the company handle the patching and security not only from the cloud, but by automating more and more of the security process and updates.

"In these companies, there are hundreds of versions of these systems on hundreds of different computers," Hurd said. "In our cloud, there's only one. There's one version, there's one operating system, so our job is infinitely easier and then we are able to encrypt all the data."

Related posts:

— Scott Ferguson, Editor, Enterprise Cloud News. Follow him on Twitter @sferguson_LR.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-38562
PUBLISHED: 2021-10-18
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
CVE-2021-41611
PUBLISHED: 2021-10-18
An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed ...
CVE-2021-42565
PUBLISHED: 2021-10-18
myfactory.FMS before 7.1-912 allows XSS via the UID parameter.
CVE-2021-42566
PUBLISHED: 2021-10-18
myfactory.FMS before 7.1-912 allows XSS via the Error parameter.
CVE-2021-36097
PUBLISHED: 2021-10-18
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions.