Machine learning, artificial intelligence and Autonomous services will require less human intervention in protecting enterprise infrastructure in the near future.
Akshay Aggarwal, Director, Solution Specialist, Oracle India tells Brian Pereira how cyber security is evolving. And no, this is not straight out of a science fiction movie. All this is reality today.
DC: The volume of security breaches is so high that it is not possible for humans to monitor and contain every single attack. Even current defense mechanisms may be inadequate. What role do you see artificial intelligence playing here?
Akshay Aggarwal: As you know, data breaches are on the rise and we read about them every day in the media. These are mega breaches that steal hundreds and thousands of records. In a typical attack millions or billions of accounts are compromised. And people are wondering how they should secure their organisations.
In the cloud era, where more infrastructure is moving to the (public) cloud, you have to believe that those clouds are secure enough to take care of your information.
The traditional mechanism that companies used to have is, they used to run a security operation centre, with many people doing manual analysis of the alerts that they were getting. That is probably not enough in today’s world. That’s where, when we talk about cyber security, AI is actually helping in a big way.
AI has been around for ages, but I think cloud has made it a reality by way of providing machine learning to our benefit; machine learning is able to apply a lot of these algorithms on top of tons of data which is coming into the cloud and leverage that to the advantage, to do lot of correlations of that data and make it more business useable. I think you cannot continue to use just people to manage these security threats and we need systems to do that, and these systems need to be powerful enough and use the latest technologies like AI and ML (machine learning) to our advantage to provide the right kind of coverage that is required.
DC: So how will AI & ML actually transform the security landscape? What is the opportunity for Oracle? What are the challenges for customers and how are you helping out?
Akshay Aggarwal: The biggest challenge today is that customers do not have enough people or skilled resources to run a big security operations centre. Obviously, you want to secure your environment but most organisations will never have enough budget for a large security operations centre, with plenty of highly qualified people, who have the capabilities for analysing sophisticated threats. So that’s where automation is helping us, because cloud actually gives you that scale that is required. It actually provides a mechanism where you can ingest lot of data into a big data repository; with AI and ML you are able to run lot of these algorithms on top of that data which is going into that repository, and make it more variable.
To give you an example, one of our customers told us they receive thousands of alerts on a daily basis and many of those are false positives. The biggest issue is we do not know whether a false positive is malicious in nature or not, because systems are throwing up these false positives. They said it was becoming extremely difficult for their team to manage that. So we took a chunk of that data, around 11 million alerts from them. Leveraging our cloud based cyber defense system we were able to do some pattern detection and also able to apply the correlations and convert that into a meaningful 300-odd actionable insights, and made it available to them. So, instead of looking at 11 million records you are now working on something which is more business friendly, which makes more business sense, and you have only 300 insights because it was able to do that correlation and say, now these 300 are the ones which are of different nature. Then people can look into these in a better way and can take actions on it.
The way to secure our data, the way to prevent data theft is more automation. And we need a cyber defense system that automatically detects vulnerabilities and attacks.
— Larry Ellison, CTO & Founder, Oracle
DC: Why is Identity management and protection becoming so important for organisations today?
Akshay Aggarwal: We are trying to bring in an identity context to it because when the perimeter is moved from the traditional data centre there is no real perimeter anymore as the systems are running all over the globe. Identity is the only perimeter that organisations look at protecting. Because it is the identity which people are actually debating to add to their advantage; misusing that identity to name the data that they are looking for.
For example, let’s say you have signed on to a cloud service and your employees are being given a set of identities that they will use to log in to that system and start using it. Let’s say, I as a hacker get access to some of those identities, then I will be actually going into that system, do some malicious activity and get the data which otherwise I would not be entrusted to. I would get the data and misuse it. In such a scenario, since a hacker has access to the right identity, you would not even know what that person has done. So, you need additional technologies like an Identity Management System and you need a cloud security system, which can actually look at what identity is actually targeted at, and what kind of user behaviour is flagged, which is malicious in nature.
Using our cloud security solution (Oracle Automated Cyber Defense System) we are able to figure out if it will immediately raise an alert and do some remedial action on top of that identity to say Mr XYZ is doing this action which is not normal as per his role and as per his behaviour on a day-to-day basis, and hence we are blocking his account.
We are trying to apply the context of identity of the people; we are trying to use the user behaviour. We are trying to bring in data context to it, and looking at activity happening both on-premise and in the cloud world, and doing analysis on top of this and then figuring out if there is something unusual happening.
The Autonomous Database and our automated security system, is based on a new technology called machine learning. Machine learning is the most important new technology to show up for a long time. It looks at all of these logons with all the IP addresses and URLs, distinguishes normal behavior from abnormal, risky behavior.
— Larry Ellison, CTO & Founder, Oracle
DC: Larry Ellison spoke about Autonomous at the last Oracle OpenWorld. How does the Autonomous part come into security?
Akshay Aggarwal: I will divide that question into two parts. Firstly, Oracle acknowledges that customers need more of the autonomous kind of service offering in comparison to automation services which were already available. We have a lot of vendors, including Oracle, who are providing these cloud services which were quite automated in itself. But there were stages where you need human intervention to do the patch management at a certain time, apply the security patch at a certain time. Oracle realised that there is still lot of expectation from the end customer on what should happen in the cloud and how it should be done. So the very first thing, as part of the Autonomous services is that we are trying to make it self-driving, self-securing and self-repairing. Which means all these services from a security perspective should be self-secured at all times, and all the layers of security should be by default applied to it, without asking the end user whether you want to do this or not. If you give an option to the end user he still might do it but the decision to do it might take time, and by that time you are already impacted.
With its Autonomous strategy Oracle is ensuring that all the cloud services that we have launched, or will continue to launch in future, which are autonomous in nature, are self-securing, which means security by default. So your data will remain encrypted, all the layers of security will be applied, the Autonomous Cyber Defense System will ensure that we continue to do the auto patching, so that any security vulnerability due to an old system is no more there. So that is the first part from an Autonomous perspective.
The second part when we talk about Autonomous security is when we try to do things like prevention, detection and response in an autonomous fashion. When we talk about security, we talk about starting from prevention, get into detection and then to do the response and remediation. Now if you do these same actions in an autonomous fashion, that’s the future of autonomous security. That’s where we are trying to say that with our cyber defense system it should be able to do everything in an Autonomous fashion without needing too much of human intervention. Obviously, there are scenarios where human intervention is required but in most of the scenarios the system should be capable of handling any kind of threat, identifying it, let’s say a trouble ticket, and taking the right kind of action in the form of using the Identity Management system to block the user and do those kind of things in an autonomous fashion. So that’s Oracle’s perspective on autonomous security.