Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

6/5/2017
04:35 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Oracle Brings Machine Learning to its CASB Service

Machine learning is a next step for cloud systems, as Oracle integrates new capabilities into its CASB offering to discern and leverage user behavior.

Oracle and other companies are integrating new technologies into their cloud access security broker (CASB) offerings to ratchet up security.

Database giant Oracle today announced that it has integrated machine learning, artificial intelligence, and contextual awareness in its CASB service. The idea is to address the growth of security incidents targeting privileged and end-user credentials.

Cloud vendors are competing to address two important issues, says Andy Smith, senior director of product development for Oracle's security portfolio. They are trying to figure out how to bring their products to the cloud, and how to develop the tech to secure their own clouds.

CASB providers are under pressure to create new technologies for better cloud management. These systems sit between cloud service customers and cloud providers to consolidate the enforcement of security policies.

In the past, mostly large businesses demanded CASB systems. "The larger you are, the more complex you are, you have hundreds of cloud services," says Cloud Security Alliance CEO Jim Reavis.

However, as more information and key data assets are moved off-premise, small- and medium-sized businesses are looking into CASB adoption for greater visibility into their organizations.

Oracle's new approach uses supervised and unsupervised machine learning for advanced threat detection. The system detects and stores user actions and compares them with established patterns to determine abnormal activity on each cloud service.

The user behavior analytics (UBA) engine sets historical baselines for each user and service (Box, Office 365, etc.). When it finds behavior derives from the norm, it launches incident response options such as incident management systems and automated remediation.

Unsupervised machine learning compares users' behavior with their previous actions to determine risk. "It creates its own normal" by using algorithms to verify whether activity is anomalistic, says Smith. This "normal" continuously changes based on data it receives.

Supervised machine learning is more customizable: Administrators can specify personal attributes or CRM activity they want to analyze, and create a correlation to look for actions that are against policy. The system had always integrated unsupervised machine learning, but now users can identify what they want to look for, he says.

Say an employee has been put on notice and the business is worried about data theft, for example, he says. Admins can monitor correlations between when someone is put on notice and whether they attempt to steal data before they leave the company.

"They can use it for any kind of risky behavior and apply it to any types of threats," says Smith. "The main one we always think about is compromised accounts," or those that people are concerned about because of phishing or credential theft."

To better monitor risk, the company is bringing what it calls adaptive access to its Identity-Based Security Operations Center (SOC). This new approach to access control will use machine learning to combat fraud across cloud applications by analyzing each login attempt and data on location, device, and time of day.

"The concept of adaptive access isn't new," says Smith. "Doing it where it's built into the cloud service and integrated into other risk services -- that's what's new."

Oracle's CASB is introducing security monitoring and threat detection for several applications, including its own Oracle Human Capital Management (HCM) Cloud, Oracle Enterprise Resource Planning (ERP) Cloud, and Oracle Customer Experience (CX) Cloud Suite. This is in addition to tools like Slack, Office 365, Box, Google G-Suite, AWS, ServiceNow, GitHub, and Rackspace.

Smith emphasizes the importance of ensuring the CASB integrates with the rest of the security fabric. For him, the key is making sure the system covers SaaS, PaaS, and IaaS so the business isn't using multiple CASB systems to get full security coverage.

Related Content:

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada, July 22-27, 2017. Click for information on the conference schedule and to register.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.