(Originally published on Forbes)
Corporate security teams have long built firewalls to keep the information held inside company networks safe. But that approach carries fewer safety guarantees today, now that so many companies have embraced telecommuting and allow staffers to work on their own devices. Employees are using their smartphones and tablets to compute at home, in the local coffee shop, on airplanes, and in customer offices around the world.
"Lots of computing activity is taking place outside of a company's core network, and all those walls that were built are no longer sufficient to protect data," said Dan Koloski, an Oracle vice president and computer security expert.
The Firewall Burned Down
In today's era of cloud computing, BYOD, mobility, and software as a service, most of an organization's data is held in systems no longer under the direct control of its security teams, Koloski explained in an article published on DarkReading, Information Week's website for computer security experts.
"Companies need to reframe their thinking, and definition of the perimeter," he wrote.
In an interview, Koloski said a critical component of guarding corporate information resources is to protect the identities of people authorized to have access to that information. And it's time for the humans to leverage computers to identify security threats in ways that people are simply not capable of doing.
That's because security teams only have time to manually investigate a small subset of the alerts generated out of the data they monitor to evaluate threats. Large companies typically generate terabytes of information every single day about user activity as well as operational logs—both of which can contain information that might indicate an intrusion. The task of analyzing all that information in real time, Koloski said, is impossible for humans to accomplish effectively
A better approach is to rely on the computers themselves to recognize unusual circumstances that indicate security threats.
Using an approach called machine learning, programmers use highly tuned algorithms that allow the computer to learn as it processes data that describe routine operations. The more data the software processes, the more it learns, and the more accurately it identifies which patterns indicate normal operations and which indicate a potential security threat. The software can notify its human operator to take corrective action, or even fix the problem automatically.
A suite of new software products, called Oracle Identity Security Operations Center (Oracle Identity SOC) cloud services, announced earlier in 2017, uses Oracle's expertise both in unifying and managing large quantities of data and in machine learning to offer greatly enhanced system and network protection across hybrid clouds. Oracle Management Cloud, a part of the Oracle Identity SOC portfolio, uses machine learning to monitor computer systems and user activity, looking for unusual patterns that can indicate an operational problem—or a computer break-in.
Koloski cautioned that generic machine learning algorithms just "out of the box" are like babies who haven't learned anything yet, which is why Oracle runs a massive R&D effort in machine learning that develops both machine learning toolkits for data scientist users as well as purpose-built machine learning applications for business and technical users (such as security professionals). Oracle Management Cloud is an example of the latter in that the algorithms Oracle deploys in its offerings have already been trained and coached, and are more like graduate school grads, ready to go to work.
"Our data scientists teach the programs that security is different from sales forecasting or marketing or systems management. We have different questions we want to ask and different data we want to analyze," he said.
And that's what Oracle does that distinguishes its security products from the competition, he said. The software has been "fully educated" so it's ready to identify and stop cyberattacks right out of the box.
"If you get attacked by the bad guys, the software will tell you to ‘look out' and can take protective action on your behalf," Koloski said.