Intelligent Cyber Defense

using Artificial Intelligence

in the Cloud Era

Chetan Vithlani
Product Manager
Oracle Management Cloud

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |

Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for
information purposes only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality, and should not be relied upon
in making purchasing decisions. The development, release, and timing of any features or
functionality described for Oracle’s products remains at the sole discretion of Oracle.

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 2

Brief Introduction
• Product Manager, Oracle Management Cloud
• Cyber, Cloud and Information Security Solutions Architect
• AIOUG Bangalore Chapter, Founding and Core team member
• Over 2 decades of Global IT Industry experience across BFSI, Telco, Healthcare domains
• Certifications
– Oracle Database RAC 12c certified implementation specialist
– Oracle Database 12c certified implementation specialist
• 30+ Public events and 70+ customer facing sessions
• Social: Twitter: CMVithlani, LinkedIn: https://in.linkedin.com/in/chetanvithlani
• Blogs: https://www.linkedin.com/today/posts/chetanvithlani
• YouTube: https://www.youtube.com/watch?v=Mr6ByIPIwns
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 3
Agenda
• Overview of Oracle Management Cloud (OMC)
• OMC Security Services (detail and demo)
• Q&A

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 4

 “We have to reprioritize and re-think about
how we defend our information. We need
new systems. It can't be our people versus
their computers. We're going to lose that
war. It's got to be our computers versus
their computers. And make no mistake: it's
a war.”
Press release
– Larry Ellison, CTO, Oracle
Keynote highlights

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |

World’s First Cloud Native Management & Security System
• Complete and Integrated System
– Monitor and analyze ALL users and
assets in a single system

• Powered by Machine Learning (ML)

– ML-based insights and anomaly
detection

Configuration Logs SIEM + UEBA Remediation • Automated Remediation

Application & Infrastructure Monitoring Analytics – Automated operational workflows and
real-time security remediation

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 6

Growing Impact of Cybersecurity
2015 2016 2017

eBay MySpace
Yahoo
427M passwords
148M
customer
360M emails ALL 3 Billion+
111M usernames user accounts
records

Prioritize deals that are or can be driven by external threats, specifically data breaches

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 7
Modern Security Challenges
Visibility
• BYOD reduces perimeter
security efficacy
• Cloud assets uncovered
by legacy security
monitoring tools
• DevOps multiplies
change rates and risk of
vulnerable configurations
Detection Efficiency
• Zero day attacks require • More assets, security
anomaly detection tools, & alerts to manage
• Low & slow, multi-stage • High false positives or
threats require sequence noise to signal ratio
awareness • Manual remediation
• Targeted, credentialed spread across point tools
attacks require identity erodes time to resolution
awareness
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 8
Current Approach: Fragmented, Integration Intensive
UEBA
(User and Entity Behavior Analytics)
User context, Anomaly detection

SIEM
(Security Information and Event Management) X Multiple UIs, data models for same data
Security context, Rules based detection X Separation of rules & ML based threats
X Configuration management per stack
X Silo’d and manual remediation
Log Management X Scale and delivery model differences
Raw logs, Forensic search, IT ops analytics

Configuration Management
Secure state, configuration auditing

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 9
Oracle Management Cloud for SIEM/UEBA

Oracle  Integrated SIEM/UEBA, Log Management,

Configuration Management, Orchestration
Management  Heterogeneous coverage across cloud and
on-premise assets
Cloud  Extends operational intelligence to modern
threat detection
 Delivered as cloud native services for rapid
time to value, ease of expansion/scale,
reduced management overhead

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 10

Oracle Management Cloud
END USER Global threat feeds
EXPERIENCE / ACTIVITY Cloud access INTELLIGENT,
Identity UNIFIED PLATFORM

APPLICATION
Real users
Synthetic users
POWERED BY
MACHINE
App metrics
MIDDLE TIER Transactions LEARNING

Server metrics
DATA TIER Diagnostics logs INFORMED BY
A COMPLETE
Host metrics DATA SET
VIRTUALIZATION VM metrics
TIER Container metrics
Configuration HETEROGENEOUS
Compliance Unified Platform AND OPEN
INFRASTRUCTURE Tickets & Alerts
TIER
Security & Network
events
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 11
OMC Key Capabilities
Unified Log
Analytics Remediation Security
Monitoring Management

• Application & • Monitor, • Out-of-the- • Security

Infrastructure aggregate, box ML Monitoring
Monitoring and analyze • Automated
• IT Analytics actions and • User
• Complete • Topology- runbook Behavior
Transaction Aware log • Pre-built
Visibility exploration dashboards • Simple & • Incident
complex Response
• Real, Mobile • Deep • Data workflows
& Synthetic support for Explorer • Config. &
Users Oracle Compliance

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 12

Services Designed To Work Together
Application
Performance Monitoring

Monitor real and synthetic users Orchestration Security Monitoring and

and application performance Analytics

Infrastructure Execute automated remediation Detect, investigate, and remediate

Monitoring and other tasks at cloud scale full range of security threats
Monitor database and cross-tier IT Configuration &
infrastructure performance Analytics Compliance

Log Analyze business and IT data using Manage configuration and change
Analytics pre-built apps and explorers against industry and own standards
Aggregate, index, and explore the
entire enterprise log estate
Systems Management Services (for “the NOC”) Security Services (for “the SOC”)

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 13

ML Is Ideally-Suited for Security & Management
• Massive Data Volume • Data Is Highly-Patterned • Need Insights, Not Data

Terabytes of telemetry Unified metric and log We know the kinds of

generated every day data can be understood questions we want to ask
overwhelm humans by purpose-built ML
Is what I’m seeing
What caused the normal or
problem? abnormal?

What do I need to What problem is

pay attention to coming up in the
right now? near future?

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 14

Oracle Identity SOC Functional Overview
Single Pane of Glass
OMC Security Monitoring & Analytics CS

Content Security User Security Configuration Forensics

CASB Identity OMC Configuration OMC

CS CS & Compliance CS Log Analytics CS

Automated Response & Remediation (OMC Orchestration CS)

ADAPTIVE INTELLIGENCE
Unified Data Platform (includes OMC APM CS & Infrastructure Monitoring CS) and Purpose-Built Machine Learning

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 15

Security Monitoring & Analytics CS

• Security Information and Event

Management (SIEM) + User Entity
Behavior Analytics (UEBA)

• Security Monitoring spanning

operational and security data across
heterogeneous, hybrid environments

• One-stop Security Operations Center

(SOC) analytics, investigation and
response

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 17

Configuration & Compliance Cloud Service
Continuous Compliance Across Hybrid Cloud Estate

• Maintain industry and regulatory

compliance (STIG, GDPR, etc.)

• Enforce company-specific
compliance across hybrid clouds

• ML driven configuration drift

management

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 18

Demonstration
Security Monitoring & Analytics CS
Configuration & Compliance CS

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 19

Oracle POVs on ML-Enabled Management & Security

https://www.forbes.com/sites/oracle/2017/04/25/is-your-systems-management-software-smart-enough/

https://developer.oracle.com/code

https://www.darkreading.com/vulnerabilities---threats/the-soc-is-deadlong-live-the-soc/a/d-id/1329284? https://www.forbes.com/sites/oracle/2017/07/10/cant-stop-cyberattacks-teach-your-computer-to-do-it/

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 20

For More Information

Cloud.oracle.com/management
Cloud.oracle.com/security

#MgmtCloud community.oracle.com/mgmtcloud
@OracleMgmtCloud

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 21

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 22