I’m sure everyone is aware of how cyber security in the cloud is a constant battle and attackers are continuously becoming more sophisticated and agile in their techniques. However, operating and innovating the security infrastructure in a cloud environment is an advantage that next-generation cloud providers have in the fast-moving business environment. Collection, detection, and alerting are standard pillars in the cloud security infrastructure baselines, but I would like to talk about how we in Oracle SaaS Cloud Security take it to the next level. I want to share a little about how we use graph-powered analytics in the Oracle SaaS Cloud Security infrastructure to protect our customers and their data in an agile and dynamic way that attackers can never compete with.
Let’s dig in a little and explain what is actually meant by graph-powered security analytics. I am sure everyone understands what it means to query and investigate logs and data that is collected into a SIEM that helps identify attacks, patterns, or indicators of compromise (IoCs). We use technology from Oracle Labs to create interactive visual graphs to combine heterogeneous data sources from logs, SIEMs, network captures, system events, and other traces. The semi-structured graph enables connections to be made between all the sources to easily and quickly analyze and understand behaviors, movements, and actions performed by a given entity in the observed environment.
An interactive graph dynamically enables investigation in multiple ways:
- Graph query
- Graph visualization
- Graph analysis
In one example, an analyst or security engineer can very quickly review what a given process on a tracked system (host) performed, executed, or spawned. The connection to the network can extend the impact of the rogue activity to other assets. And then the ultimate binary or object can be analyzed and identified in malware databases or IoC collections to understand its role in the activity.
The availability and power of the Oracle Labs graph-powered analytics makes it possible to quickly and thoroughly identify, analyze, and appropriately remediate in a complex cloud environment. Cyber-threat hunting and detection becomes easy thanks to the visualization and the automatic Graph ML techniques embedded in the system. These techniques can be stored and retrieved in a data lake for continuous analysis or historical forensics. This is one of the many innovative ASCSS components in the Oracle SaaS Cloud security infrastructure that is in place and in use today.