You are on page 1of 21

Intelligent Cyber Defense

using Artificial Intelligence
in the Cloud Era

Chetan Vithlani
Product Manager
Oracle Management Cloud

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |

Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for
information purposes only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality, and should not be relied upon
in making purchasing decisions. The development, release, and timing of any features or
functionality described for Oracle’s products remains at the sole discretion of Oracle.

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 2

Founding and Core team member • Over 2 decades of Global IT Industry experience across BFSI.Brief Introduction • Product Manager. LinkedIn: https://in.com/in/chetanvithlani • Blogs: https://www.youtube. Healthcare domains • Certifications – Oracle Database RAC 12c certified implementation specialist – Oracle Database 12c certified implementation specialist • 30+ Public events and 70+ customer facing sessions • Social: Twitter: CMVithlani.linkedin.com/today/posts/chetanvithlani • YouTube: https://www.com/watch?v=Mr6ByIPIwns Copyright © 2016. Oracle and/or its affiliates.linkedin. Cloud and Information Security Solutions Architect • AIOUG Bangalore Chapter. Telco. Oracle Management Cloud • Cyber. All rights reserved. | 3 .

| 4 . All rights reserved.Agenda • Overview of Oracle Management Cloud (OMC) • OMC Security Services (detail and demo) • Q&A Copyright © 2016. Oracle and/or its affiliates.

All rights reserved. It's got to be our computers versus their computers. | . And make no mistake: it's a war. It can't be our people versus their computers. “We have to reprioritize and re-think about how we defend our information. CTO.” Press release – Larry Ellison. We need new systems. Oracle and/or its affiliates. We're going to lose that war. Oracle Keynote highlights Copyright © 2016.

World’s First Cloud Native Management & Security System • Complete and Integrated System – Monitor and analyze ALL users and assets in a single system • Powered by Machine Learning (ML) – ML-based insights and anomaly detection Configuration Logs SIEM + UEBA Remediation • Automated Remediation Application & Infrastructure Monitoring Analytics – Automated operational workflows and real-time security remediation Copyright © 2016. | 6 . All rights reserved. Oracle and/or its affiliates.

All rights reserved. specifically data breaches Copyright © 2016. | Confidential – Oracle Internal/Restricted/Highly Restricted 7 .Growing Impact of Cybersecurity 2015 2016 2017 eBay MySpace Yahoo 427M passwords 148M customer 360M emails ALL 3 Billion+ 111M usernames user accounts records Prioritize deals that are or can be driven by external threats. Oracle and/or its affiliates.

credentialed spread across point tools change rates and risk of attacks require identity erodes time to resolution vulnerable configurations awareness Copyright © 2016.Modern Security Challenges Visibility Detection Efficiency • BYOD reduces perimeter • Zero day attacks require • More assets. & alerts to manage • Cloud assets uncovered • Low & slow. security security efficacy anomaly detection tools. Oracle and/or its affiliates. multi-stage • High false positives or by legacy security threats require sequence noise to signal ratio monitoring tools awareness • Manual remediation • DevOps multiplies • Targeted. | Confidential – Oracle Internal/Restricted/Highly Restricted 8 . All rights reserved.

All rights reserved. Integration Intensive UEBA (User and Entity Behavior Analytics) User context. Anomaly detection SIEM (Security Information and Event Management) X Multiple UIs. Rules based detection X Separation of rules & ML based threats X Configuration management per stack X Silo’d and manual remediation Log Management X Scale and delivery model differences Raw logs. Oracle and/or its affiliates. | Confidential – Oracle Internal/Restricted/Highly Restricted 9 . Forensic search. configuration auditing Copyright © 2016. IT ops analytics Configuration Management Secure state.Current Approach: Fragmented. data models for same data Security context.

Configuration Management. | 10 . reduced management overhead Copyright © 2016. Orchestration Management  Heterogeneous coverage across cloud and on-premise assets Cloud  Extends operational intelligence to modern threat detection  Delivered as cloud native services for rapid time to value. ease of expansion/scale. All rights reserved. Oracle and/or its affiliates.Oracle Management Cloud for SIEM/UEBA Oracle  Integrated SIEM/UEBA. Log Management.

All rights reserved. Oracle and/or its affiliates. Identity UNIFIED PLATFORM APPLICATION Real users Synthetic users POWERED BY MACHINE App metrics MIDDLE TIER Transactions LEARNING Server metrics DATA TIER Diagnostics logs INFORMED BY A COMPLETE Host metrics DATA SET VIRTUALIZATION VM metrics TIER Container metrics Configuration HETEROGENEOUS Compliance Unified Platform AND OPEN INFRASTRUCTURE Tickets & Alerts TIER Security & Network events Copyright © 2017.Oracle Management Cloud END USER Global threat feeds EXPERIENCE / ACTIVITY Cloud access INTELLIGENT. 11 .

& Users Oracle Compliance Copyright © 2016. Mobile • Deep • Data workflows & Synthetic support for Explorer • Config. | 12 . runbook Behavior Transaction Aware log • Pre-built Visibility exploration dashboards • Simple & • Incident complex Response • Real. box ML Monitoring Monitoring and analyze • Automated • IT Analytics actions and • User • Complete • Topology. • Out-of-the.OMC Key Capabilities Unified Log Analytics Remediation Security Monitoring Management • Application & • Monitor. Oracle and/or its affiliates. All rights reserved. • Security Infrastructure aggregate.

investigate. | 13 . All rights reserved. and remediate Monitoring and other tasks at cloud scale full range of security threats Monitor database and cross-tier IT Configuration & infrastructure performance Analytics Compliance Log Analyze business and IT data using Manage configuration and change Analytics pre-built apps and explorers against industry and own standards Aggregate.Services Designed To Work Together Application Performance Monitoring Monitor real and synthetic users Orchestration Security Monitoring and and application performance Analytics Infrastructure Execute automated remediation Detect. index. and explore the entire enterprise log estate Systems Management Services (for “the NOC”) Security Services (for “the SOC”) Copyright © 2016. Oracle and/or its affiliates.

Oracle and/or its affiliates. Not Data Terabytes of telemetry Unified metric and log We know the kinds of generated every day data can be understood questions we want to ask overwhelm humans by purpose-built ML Is what I’m seeing What caused the normal or problem? abnormal? What do I need to What problem is pay attention to coming up in the right now? near future? Copyright © 2016. | 14 . All rights reserved.ML Is Ideally-Suited for Security & Management • Massive Data Volume • Data Is Highly-Patterned • Need Insights.

Oracle Identity SOC Functional Overview Single Pane of Glass OMC Security Monitoring & Analytics CS Content Security User Security Configuration Forensics CASB Identity OMC Configuration OMC CS CS & Compliance CS Log Analytics CS Automated Response & Remediation (OMC Orchestration CS) ADAPTIVE INTELLIGENCE Unified Data Platform (includes OMC APM CS & Infrastructure Monitoring CS) and Purpose-Built Machine Learning Copyright © 2016. | 15 . All rights reserved. Oracle and/or its affiliates.

Security Monitoring & Analytics CS • Security Information and Event Management (SIEM) + User Entity Behavior Analytics (UEBA) • Security Monitoring spanning operational and security data across heterogeneous. Oracle and/or its affiliates. investigation and response Copyright © 2016. | 17 . All rights reserved. hybrid environments • One-stop Security Operations Center (SOC) analytics.

Oracle and/or its affiliates. GDPR.) • Enforce company-specific compliance across hybrid clouds • ML driven configuration drift management Copyright © 2016.Configuration & Compliance Cloud Service Continuous Compliance Across Hybrid Cloud Estate • Maintain industry and regulatory compliance (STIG. All rights reserved. etc. | 18 .

Oracle and/or its affiliates.Demonstration Security Monitoring & Analytics CS Configuration & Compliance CS Copyright © 2016. | 19 . All rights reserved.

All rights reserved. | 20 . Oracle and/or its affiliates.com/sites/oracle/2017/07/10/cant-stop-cyberattacks-teach-your-computer-to-do-it/ Copyright © 2016.com/vulnerabilities---threats/the-soc-is-deadlong-live-the-soc/a/d-id/1329284? https://www.oracle.forbes.com/sites/oracle/2017/04/25/is-your-systems-management-software-smart-enough/ https://developer.forbes.darkreading.Oracle POVs on ML-Enabled Management & Security https://www.com/code https://www.

oracle. All rights reserved.com/management Cloud.com/mgmtcloud @OracleMgmtCloud Copyright © 2016.com/security #MgmtCloud community.For More Information Cloud. | 21 . Oracle and/or its affiliates.oracle.oracle.

| 22 . Oracle and/or its affiliates. All rights reserved.Copyright © 2016.