Cloud Security Perspectives and Insights

Oracle Introduces Identity-Centric Cloud Security with Identity SOC by Rohit Gupta

Greg Jensen
Sr Principal Director - Security - Cloud Business Group

New Challenges Require Identity-Centric Security

In a 2016 Cloud Security Research Report by Crowd Research Partners, 91% of
organizations have security concern about adopting public cloud, however only
14% believe that existing network security tools are capable of truly
protecting the public cloud.

The reality is, just as organizations were getting comfortable with their
security solutions sitting on the edge of the network, the network perimeter
has dissolved. Now users are accessing SaaS applications directly from mobile
devices, bypassing network-centric tools. It’s not just SaaS applications
either, more and more companies are lifting and shifting workloads to the cloud
running in IaaS environments.

To make matters worse, good security resources are scarce. Budgets are
shrinking, and even if you can find the money, an Economist Intelligence Study
indicates that 66% of cyber-security job openings cannot be filled by skilled
candidates. All this while the sophistication of threats is growing.

Today’s attacks have increased in sophistication. The threat of zero-day
exploits is expanding on a scale unseen before and putting a strain on
researcher’s ability to identify and prevent using signature-based techniques.
This makes anomaly detection the only way to spot the needle in a haystack.
Today’s threats now leverage multiple vectors, and breaking apart the attack
sequence into smaller, more difficult to identify, chunks that are re-packaged
and executed making sequence awareness of the attack chain critical. The attack
focus is now targeted where it used to be indiscriminate which makes user
awareness and attribution invaluable in detection. Early detection is the key
to containment, as today’s attacks no longer go on for just hours, they are
persistent as networks, applications and services can be probed for days, weeks
or months.

With all these challenges our old network-centric tools are being asked to
secure data/assets in ways that they are not capable of. It is only identity
that is bringing these disparate worlds together. It is the identity context
brought together with new technologies such as machine learning, big data, and
advanced analytics that allows a security professional to centralize and
normalize user activities.  Then correlate and analyze those user events
against cloud application, device and network based events to identify
anomalistic and potentially risky behavior in near real-time. Last, the outcome
of this leads to preventative actions to defend against current and future
attacks across the affected planes.

the new Solution Brief on Identity SOC

Modern Security Requires a New Detection & Response Paradigm

Historical security measures are reactive and focused on protecting the front
door to applications and data. These controls are absolutely important and
required for a defense-in-depth model, but alone are not sufficient for today’s
threats. The demand for preventive technologies using advanced and lean-forward
security technologies is growing. Organizations have been responsible with
putting the “locks and cameras” on in their organization, but lack in the
ability to correlate multiple penetration attempts together to look for
patterns, root cause, and predict the next phase of the attack sequence.
Security professionals are starting to accept the reality today, which it isn’t
a matter of IF you will be attacked, it is HOW frequent, and WHAT data (if any)
was compromised.  This is the driver behind faster detection and response
with complete audit & analysis of the event sequence.[GJ1]

What’s needed is a full cycle controls environment that combines for preventive
and detective solutions. Leading organizations are recognizing a need for a
four stage model that includes Discover, Secure, Monitor and Respond.

Discover: To improve you must measure and have visibility into what
services are being used, how and by whom. This includes visibility into both
sanctioned as well as un-sanctioned activity that is occurring with Shadow IT.

Secure: We still need all the preventive controls with proactive
application and content security to ensure sensitive data is protected. We
still need to authenticate and give authorization to users and applications as
well as protect data with strong application encryption to keep it safe.

: However those preventive controls are not enough. We must
continuously monitor the environment to detect threats and identify anomalous
activity when it’s occurring.

: Automated response is necessary to augment your already stretched
security teams. Organizations don’t have the resources to detect issues and
then hand the over for a forensic professional to research and ultimately come
up with a manual response plan for each threat.

Download the Solution Brief on Identity SOC

Oracle Delivers the World’s First Identity SOC

Oracle has recognized this shift in the security landscape and in our customer’s needs. Not only do we need to protect our own cloud, but our customers are looking for modern techniques to help them provide consistent security controls across cloud and on-prem environments. A 2016 Right Scale study said enterprises plan to use an average of six (6) cloud services to run their workloads. More than ever, coordinated security management is needed.

Oracle is making a big investment in the world’s first Identity SOC. With three (3) new security cloud services that integrate several new technologies into a homogeneous set of services. The integrated technologies include Security Incident and Event Management (SIEM), User & Entity Behavior Analytics (UEBA), Identity Management (IDM), and Cloud Access Security Broker (CASB). Each of these new services will integrate with the rest of your security fabric, but when joined together they offer the full benefit of a true Identity SOC with bi-directional controls and actionable intelligence.

Download the
Solution Brief on Identity SOC

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.