Cloud Security Perspectives and Insights

Using Behavioral Analytics to Maximize the Scalability & Performance of Security Operations

By: Nishi Shah, Director Cyber Security & Privacy, PwC

As I discussed in my last blog, Security Operations: Using Artificial Intelligence to Lock Down Your Cloud, I talked about how technology security teams can improve efficiency and incident resolution in cloud solutions with Oracle Management Cloud’s (OMC) automated artificial intelligence (AI) and machine learning capabilities.

But, let’s turn our attention to the bigger picture for a moment: Technology security has become more than just an information technology (IT) issue.  As security incidents have become front page news and cost organizations billions of dollars, IT security has become a board-level issue.  Executive leadership at major enterprise organizations continue to drive their IT and Security teams to deploy the most innovative and effective security solutions available.  

As the last blog pointed out, automated AI and machine learning security tools, like OMC, are a good start to make security operations teams more efficient as they manage flagged incidents.  However, there’s another technology—behavior analytics in Oracle Cloud Access Security Broker (Oracle CASB)—that can also enhance application and data security in the cloud. 

We’re all familiar with the typical legacy on-premises security tools, like web gateways and firewalls.  These rules-based tools aren’t as effective in a cloud environment because a skilled adversary can bypass perimeter security solutions by stealing information from cloud endpoints using compromised access credentials. 

This is where the behavior analytics functionality in Oracle CASB comes into play.  It can establish a baseline of typical behavior within an organization.  When the system detects an anomaly that doesn’t fit the company’s normal patterns, the incident is flagged for further investigation.  When used in combination with the Oracle Security Monitoring and Analytics Cloud Service, which is bundled in OMC that we discussed in the previous blog, the platform can learn which anomalies are real threats and which are false positives.  Because the functionality is automated, the solution takes the manual work effort off of the security team.

Here’s an example—an employee logs into the company’s cloud ERP solution from their laptop in their Dallas office at 8:00 a.m. central time and logs off at 5:00 p.m. at the end of the work day.  At 6:00 p.m., Oracle CASB detects five failed login attempts from the same employee originating in Yemen.  The Oracle CASB solution knows that this scenario is not physically possible, and also identifies that the Yemen device does not comply with the company device policy.  Therefore, Oracle CASB would automatically force an adaptive multi-factor authentication to prevent the rogue access to the company cloud ERP solution, and it would flag the incident as suspicious activity.

Along the same lines, if an HR person is processing annual salary increases for employees who were recently promoted, the behavior analytics tool may also flag this as a suspicious incident.  However, a security analyst could help the system weed out this false positive by approving the incident as acceptable.  Through machine learning functionality, the system would eventually learn that although the large annual salary increases are an anomaly, they are not a security threat. 

On the other hand, if this example was actually an “inside job” where an employee is maliciously attempting to increase his or her salary, Oracle CASB can natively process Oracle Cloud ERP and Salesforce transactions in a real-time audit mode to halt the fraudulent transaction as it’s occurring.  Therefore, Oracle CASB can dramatically shift the paradigm from a reactive approach to a preventative solution.

Oracle CASB offers the robust security functionality, like machine learning and behavior analytics, to help ensure that your applications and data are secure in the cloud.  Since it’s a subscription-based product, it’s easy to acquire and install.  With out-of-the-box functionality, most security operations teams can easily deploy the solution, which makes it ideal for smaller organizations.  But it also offers deep functionality that’s well-suited for large, global enterprise organizations.  This is where PwC can help—to install the solution with advanced functionality to not only detect but also to respond, remediate, and prevent potential security incidents with forensics, incident management, and orchestration.

To learn more, please visit the Oracle Security webpage. 

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.