The Gately Report: Cybersecurity Fundamental to Oracle's 21st Century Technology Vision
Plus, Exabeam's CEO weighs in on Cisco's acquisition of Splunk.
![21st century technology vision for Oracle Cloud 21st century technology vision for Oracle Cloud](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt0b4250c54b2dac6c/6537c7406f94b03c51d405fb/21st-Century-Technology-Vision.jpg?width=700&auto=webp&quality=80&disable=upscale)
Olivier Le Moal/Shutterstock
Channel Futures: What are your responsibilities with Oracle in terms of cybersecurity?
Mahesh Thiagarajan: I lead the security and the developer platform for Oracle Cloud Infrastructure (OCI). This includes all security products that are shipped externally and used internally. The compliance organization is responsible for providing all certifications across all of our portfolio and the cloud security organization that is responsible for protecting our cloud.
CF: Are you in a constant race with cybercriminals?
MT: I think anyone who does security and says they’re not in a constant [race] with the cyber activity or cyber attackers, has probably not had a successful business.
CF: Last week, Oracle announced numerous new offerings and capabilities, including some incorporating AI and generative AI. How is security part of these new offerings and capabilities?
MT: One of the significant advantages that we actually have at Oracle is our ability to understand and bring data closer to making intelligent decisions. And part of that is giving customers, especially large customers, the ability to secure their data and actually allow access to the data in a very transparent fashion. When you think about the innovation that we’ve done on the artificial intelligence (AI) infrastructure … that allows customers to run and build dedicated clusters that just for themselves. We’re isolating and ensuring that customers can build dedicated clusters at the infrastructure level. There are a lot of capabilities, so AI companies can run on the platform. Then you start … looking at the generative AI service that brings those models in. How do we actually make it easy for customers to do it? That has a lot to do with how we enable transparent or isolated data access that customers can actually use those models to say, “OK, here is the standard foundational model.” So a lot of our security posture is really around giving customers the isolation that makes it easy for them to get that security advantage and keep their data as their own data.
So when you think about security, we provide a phenomenal infrastructure. Great security guarantees that you can leverage and build dedicated infrastructure for doing AI. You can go to the databases, bring the AI models closer to the data so you’re not moving the data, you’re not actually misplacing the data, you’re not accidentally giving access to other people or an extract, transform and load (ETL) pipeline for some data. We’re bringing machine learning (ML) closer to the data so you’re increasing your security posture. And with the generative AI services, we’re making it possible for you to isolate and put your data at work just for you.
CF: Does generative AI present new challenges in terms of cybersecurity?
MT: Generative AI is a high school kid who’s learned a lot of things off of the internet. That’s where generative AI is now. Is it capable of doing something and more interesting things over time? One hundred percent. The models themselves, the innovation that has actually happened, if you look at generative AI and what they’ve really done, the infrastructure innovation and the software innovation, and the hardware innovation, to bring and allow the model to have billions of parameters to reason about, is the biggest stride. It has gotten to where it’s able to reason about things around what it knows.
But there’s more model innovation that is happening and that actually happens and goes even further, which is what Oracle is enabling along with our partners. There is a possibility that it can get more interesting. And part of our vision around the storyline is actually to continue to focus on the data. Our focus is on the data, and the data security and the data protection.
CF: Oracle also announced its participation in a broader industry effort to create a fresh open standard for network and data security. What’s the goal of that?
MT: We’re going back to the basics because internet protocols were designed to push security up to the top of the stack, implemented at the application layer place, and that has actually created a proliferation. And we’re changing the notion to say, “Look, it’s fine if you want to implement security at the application layer; there’s nothing wrong [with that]. It’s fine if you want to encrypt all of your data. There’s nothing wrong. But we believe in addition to that, you can interoperate and enforce security at the network layer, and that’s our Zero Trust Packet Routing Platform that we announced.
And so while we are pushing and moving the needle on generative AI, we’re focusing more on the basics on data and ensuring things around the data are extremely secure. So yes, there are generative AI advancements. Yes, it’s going to happen, but I think our approach to that is, one, let’s actually invest in basics and fundamentals because data is going to be the new asset. And we want to make sure we’re investing in that.
Now, on the generative AI side, as the models get even more richer, there are more interesting things because everybody is going to have access. So there’s both sides of the coin in terms of cyberattacks. The attackers are going to have access. The people who are trying to defend are going to end up having access. It’s going to be a level playing field. So how do we effectively use the data that we know and the research that we have to apply those principles back to security? That’s going to be the unique advantage.
CF: Ransomware continues to be everywhere, with a recent major attack impacting resorts across the Las Vegas strip. What is Oracle doing to address ransomware, and keep partners and customers safe?
MT: This goes back to the basics about layers of security. There are multiple layers of security, but you just need one misconfiguration or one small hole to lose all the keys to the kingdom. And we’ve seen that happen multiple times.
One, you want to do everything in your power to ensure that the data is protected so a ransomware situation cannot happen. Second, even if it does happen, you have to think about encrypting the data effectively and ensure that the keys are actually far away from the data that’s actually encrypted so there’s protection of the keys.
And so if I take a step back and think about Oracle, it’s pervasive across the stack. Oracle offers a plethora of choices when it comes to encryption offerings. When it comes to databases, we’ve been doing this for a very long time, for decades, so security around our databases continues to improve. That’s the second layer. The third thing, if you’ve done all of those things and still some data is gone or stolen from the main place, make sure you have multiple copies because if you’ve locked the data, it’s gone.
So for addressing ransomware, there are multiple levels and layers of protection Oracle offers for you to be in a good standing. But now we’re innovating even further so it builds on top of the story.
CF: Does input from partners and customers come into play when developing security products? If so, how?
MT: Transparently, yes, because they are a big part of our ecosystem. If you look at every single offering, take key management solutions, we’ve partnered with leading vendors. You look at our digital trust partnerships, we have a deep partnership with DigiCert to do a bunch of work. And look at our cloud integrations, we have many partners, including Stellar Cyber and many others we are partnering with. You look at our scanning solution, and you’ve got Quayls and others. You look at our network firewall product, we’re partnering with Palo Alto Networks. So every one of these products, we actually have a partner that we work with and partners can actually contribute back. They’re close with us, and truly integrating and actually making these things better.
CF: What do you find most dangerous about the current threat landscape?
MT: From my perspective, nations are becoming more sovereign. That poses some very interesting risks as nations become more sovereign. And the landscape is constantly evolving with the geopolitical situation, and that essentially changes the threat landscape quite a bit. That makes the job for many different security personnel really hard.
One of the things that I am observing from a threat landscape perspective is that the nature of model is actually changing. For me, that is the biggest activity. The other one that’s happening is really around the software supply chain attacks and the nature of open source. Go back 20 years and there was no open source. Everything was closed source; the code was locked in. It was easy to protect the code. But in an open world … it becomes hard. We’ve seen a couple of examples. I think we’ve seen some tremendous activity in the industry about moving toward better and safer models to protect against those attacks. It’s not there yet completely and Oracle is making some investment around the concept called OCI config platform, which aims at trying to solve some of the supply chain problem there. But overall, that’s a distant second. I think nations are becoming more sovereign and that’s going to have a tremendous impact on the industry and decision making over the next few years.
CF: Where do you go from here after CloudWorld? What can partners and customers expect from your work in the coming months, into 2023?
MT: Oracle made some phenomenal product announcements essentially addressing the core parts of the problem that we believe needs to be addressed. Some of those products are available immediately, and some of those products are going to go early access shortly.
One of the big things that we always pride ourselves on is putting customers first. So a lot of what we’re going to do is take the excitement that we heard from our customers, and have them try all of the products and the capabilities that we announced, and the partners to come partner with us on these new standards and technology to move the industry forward. We certainly believe there are some things that we are doing that are going to revolutionize the industry.
So for me, next steps, take that excitement, take the energy, translate it into execution, have them play with the products, help us define the standards and get that out to the masses. That’s what we’re going to do.
In other cybersecurity news …
The biggest news last week was Cisco’s $28 billion Splunk acquisition, with analysts calling it a “true bombshell move” and a “massive win” for Cisco’s security business.
Exabeam is one of of Splunk’s biggest rivals. Adam Geller, Exabeam‘s CEO, said his company believes this is a “good outcome” for Splunk.
“They’ve struggled getting to cloud native and their innovation velocity has slowed,” he said. “This acquisition might be the best exit for them. Today’s cybersecurity customer demands innovation on cloud-native solutions, particularly in this AI-driven era. Over 90% of today’s enterprises are using the cloud over on-premises solutions. We anticipate this will bring us further opportunities from the Splunk customer base. We’ve been helping improve security analytics on top of Splunk’s security information and event management (SIEM) since we entered the market and more recently replacing their solution altogether for customers demanding cloud-native.”
To effectively and cost-efficiently detect, investigate and respond to threats, today’s security operations centers (SOCs) require cloud-native infrastructure and scale, Geller said. On-premises environments can’t provide a holistic view to understand data everywhere, nor can they sufficiently protect an organization. Cybercriminals are smarter than ever and will not back down in their pursuit of the data – and the majority of it lives in the cloud today.
“Cisco with its new extended detection and response (XDR) play is doubling down on cybersecurity with the Splunk acquisition,” he said. “While this deal might be a good move for both companies from a business perspective, the jury is out whether it will benefit customers. The challenge will now be if they can maintain the quality of both products, while acquiring a company that hasn’t yet moved to the cloud and is still tied to its legacy platform.”
Major U.S. voting equipment manufacturers enlisted cybersecurity experts to provide additional stress-tests of their systems as the 2024 election looms and misinformation remains rife with American voters.
Last week, the Information Technology – Information Sharing Analysis Center (IT-ISAC) hosted a first-of-its-kind pilot event, the Election Security Research Forum, to strengthen U.S. elections. This program culminates five years of planning by the IT-ISAC’s Elections Industry Special Interest Group (EI-SIG) and an independent advisory board composed of security researchers, security companies, nonprofits, and former state and local election officials.
While certified election systems already engage in testing, this is the first time the manufactures are voluntarily making their systems available for third-party review as part of a vulnerability disclosure process. This approach is as much about finding bugs in these systems as it is increasing confidence in the voting process through transparency. The new cybersecurity testing program saw three big voting equipment vendors – Election Systems & Software, Hart InterCivic and Unisyn – grant a group of vetted cybersecurity researchers access to their software and hardware for nearly two days to see if they could find ways to break into the systems.
Casey Ellis, Bugcrowd‘s co-founder and CEO, served on the advisory board who worked with the EI-SIG to advance this event.
“In my opinion, the biggest takeaway from the event was that security researchers and voting service providers can find common ground quickly and collaborate effectively to continuously look for and identify vulnerabilities, and to inform secure design by incorporating breaker-feedback into builder processes,” he said. “What I enjoyed most was watching the lights come on for both audiences: as hackers in the room understood the complexity and gravity of election systems as a security target, and as the voting service providers got to see and understand the hacker mindset in action. I believe that as comfort between hackers and vendors increases, more can be shared ahead of time in pursuit of deeper and more effective research. This was a pilot event and overall, I feel that it was a successful first blind date.”
The vendors in the room were actively welcoming security research, and working hand-in-hand with hackers to identify new and novel risks, Ellis said. The reality is that security research happens whether the vendors invite it or not, so this shift in relationship and approach takes advantage of the existing dynamics of the internet in order to make the democratic process more resilient, and more trustworthy. Ultimately, all vendors and every organization associated with the democratic process should be doing this.
“What do I hope comes from this program?” he said. “Personally, it’s the normalization of the fact that election systems are no different from any other computer system. The fact that they aren’t perfect is a product of the fact that they are built by people. Normalizing the input of those who ‘think bad, but do good’ in the form of good-faith hackers reinforces this story out to non-technical voters, and at the same time as it finds actual vulnerabilities to fix, it also helps to establish confidence in the overall democratic apparatus.”
Kaspersky released a new report delving into the evolving threats targeting the IoT sector. The research uncovered a thriving underground economy on the dark web focused on IoT-related services, particularly for distributed denial of service (DDoS) attacks.
With IoT devices, such as routers and smart home components, projected to exceed 29 billion by 2030, Kaspersky’s research offers insights into attack methods, dark web activities and prevalent malware types.
DDoS attacks orchestrated through IoT botnets were found to be in high demand among hackers. In the first half of 2023, Kaspersky’s Digital Footprint Intelligence service analysts identified over 700 ads for DDoS attack services on various dark web forums.
The cost of these services varies and depends on factors like DDoS protection, CAPTCHA, and JavaScript verification on the victim’s side, ranging from $20 per day to $10,000 per month. On average, the ads offered these services at $63.50 per day or $1,350 per month.
In addition, the dark web marketplace offers exploits for zero-day vulnerabilities in IoT devices, as well as IoT malware bundled with infrastructure and supporting utilities.
In the realm of IoT malware, a variety of families exist, with many originating from the 2016 Mirai malware. Fierce competition among cybercriminals has driven the development of features designed to thwart rival malware. These strategies include implementing firewall rules, disabling remote device management, and terminating processes linked to competing malware.
The primary method for infecting IoT devices continues to be through brute-forcing weak passwords, followed by exploiting vulnerabilities in network services. Brute-force attacks on devices are commonly directed at Telnet, a widely used unencrypted protocol. Hackers use this method to gain unauthorized access by cracking passwords, allowing them to execute arbitrary commands and malware. Although SSH, a more secure protocol, is also susceptible, it presents a greater resource challenge for attackers.
In the first half of 2023, Kaspersky’s honeypots recorded that 97.91% of password brute-force attempts focused on Telnet, with only 2.09% directed at SSH. These attacks were primarily focused on China, India and the United States, while China, Pakistan and Russia were the most active attackers.
Furthermore, IoT devices face vulnerabilities due to exploits in the services they use. These attacks often involve execution of malicious commands by exploiting vulnerabilities in IoT web interfaces, resulting in significant consequences, such as the spread of malware like Mirai.
“Kaspersky urges vendors to prioritize cybersecurity in both consumer and industrial IoT devices,” said Yaroslav Shmelev, a security expert at Kaspersky. “We believe that they must make changing default passwords on IoT devices mandatory and consistently release patches to fix vulnerabilities. In a nutshell, the IoT world is filled with cyber dangers, including DDoS attacks, ransomware and security issues in both smart home and industrial devices. Kaspersky’s report stresses the need for a responsible approach to IoT security, obliging vendors to enhance product security from the get-go and proactively protect users.”
Kaspersky released a new report delving into the evolving threats targeting the IoT sector. The research uncovered a thriving underground economy on the dark web focused on IoT-related services, particularly for distributed denial of service (DDoS) attacks.
With IoT devices, such as routers and smart home components, projected to exceed 29 billion by 2030, Kaspersky’s research offers insights into attack methods, dark web activities and prevalent malware types.
DDoS attacks orchestrated through IoT botnets were found to be in high demand among hackers. In the first half of 2023, Kaspersky’s Digital Footprint Intelligence service analysts identified over 700 ads for DDoS attack services on various dark web forums.
The cost of these services varies and depends on factors like DDoS protection, CAPTCHA, and JavaScript verification on the victim’s side, ranging from $20 per day to $10,000 per month. On average, the ads offered these services at $63.50 per day or $1,350 per month.
In addition, the dark web marketplace offers exploits for zero-day vulnerabilities in IoT devices, as well as IoT malware bundled with infrastructure and supporting utilities.
In the realm of IoT malware, a variety of families exist, with many originating from the 2016 Mirai malware. Fierce competition among cybercriminals has driven the development of features designed to thwart rival malware. These strategies include implementing firewall rules, disabling remote device management, and terminating processes linked to competing malware.
The primary method for infecting IoT devices continues to be through brute-forcing weak passwords, followed by exploiting vulnerabilities in network services. Brute-force attacks on devices are commonly directed at Telnet, a widely used unencrypted protocol. Hackers use this method to gain unauthorized access by cracking passwords, allowing them to execute arbitrary commands and malware. Although SSH, a more secure protocol, is also susceptible, it presents a greater resource challenge for attackers.
In the first half of 2023, Kaspersky’s honeypots recorded that 97.91% of password brute-force attempts focused on Telnet, with only 2.09% directed at SSH. These attacks were primarily focused on China, India and the United States, while China, Pakistan and Russia were the most active attackers.
Furthermore, IoT devices face vulnerabilities due to exploits in the services they use. These attacks often involve execution of malicious commands by exploiting vulnerabilities in IoT web interfaces, resulting in significant consequences, such as the spread of malware like Mirai.
“Kaspersky urges vendors to prioritize cybersecurity in both consumer and industrial IoT devices,” said Yaroslav Shmelev, a security expert at Kaspersky. “We believe that they must make changing default passwords on IoT devices mandatory and consistently release patches to fix vulnerabilities. In a nutshell, the IoT world is filled with cyber dangers, including DDoS attacks, ransomware and security issues in both smart home and industrial devices. Kaspersky’s report stresses the need for a responsible approach to IoT security, obliging vendors to enhance product security from the get-go and proactively protect users.”
Cybersecurity will be a big part of Oracle‘s vision for 21st century technology powering the future of numerous industries.
That’s according to Mahesh Thiagarajan, Oracle’s executive vice president of security and developer platform. We spoke with him during last week’s Oracle CloudWorld 2023.
During his keynote, Oracle chairman and CTO Larry Ellison said several industries can transform using 21st century technologies.
Oracle’s Mahesh Thiagarajan
“Security is part of the unified cloud story that Larry and [Oracle executive vice president] Clay Magouyrk talked about,” Thiagarajan said. “At Oracle, the security technologies that we build are first built for us, for Oracle Cloud Infrastructure (OCI). And those security technologies are then used by SaaS, our industry verticals in our portfolio. Then we give that to our customers. It’s one common homogenous platform. We put our energy and ensure all of the technologies that we build are available for that as well. So the things that are going to us, that are going to power the application, that are going to power the 21st century technology powering the future, are all going to be built on this fundamental, which is the infrastructure layer that carries the cybersecurity capabilities transparently passing through.”
3 Pillars for 21st Century Technology Security Vision
Thiagarajan said there are three pillars that drive his organization when it comes to cybersecurity.
“One, when you think about products, ensuring that we have simple and prescriptive services because there’s enough cloud services at this point, everybody’s got to keep up to speed, so our ability to offer security has to be simple and prescriptive, easy to use,” he said. “The second pillar is really around deep integration. Our security posture has to be deeply integrated across the stack. The third pillar is the cloud migration journey by itself is hard so we will work with you to define the basic set of capabilities and functionalities that you need in OCI to be absolutely secure on our cloud, get the de facto prescriptive principles and others.”
Oracle has more than 15 key security partners who build their services on its cloud and offer it to all customers from its cloud, Thiagarajan said. In addition, they also integrate their products with Oracle security products.
“So when I talk about deeply integrated, I’m talking about pervasively going across the unified cloud stack … to make sure that we provide an integrated identity and access management (IAM), and network security across multiple clouds and making sure I bring all of the partners and allow them to offer technologies in the ecosystem to customers so they have flexibility and choice,” he said.
Scroll through our slideshow above for more from Oracle and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like