Oracle's Ellison: 'We Are Losing the Cyberwar'

Mitch Wagner
10/4/2017
50%
50%

SAN FRANCISCO -- Oracle OpenWorld 2017 -- "We are losing the cyberwar," Oracle's Larry Ellison says. But Oracle's got a super-weapon that will help enterprises regain lost ground against adversaries.

"Companies are losing the cyberwar and it gets worse every year," the Oracle Corp. (Nasdaq: ORCL) chairman, chief technology and founder said in a keynote at Oracle OpenWorld on Tuesday.

Ellison started his talk reviewing two recent cyber attacks. One of course involved Equifax Inc. , in which 143 million Americans lost records, along with people from other countries as well. The stolen information included credit cards, Social Security numbers, home addresses and more. The attackers are apparently "state actors" looking to use the information, rather than thieves looking to sell it, Ellison said. (See Right & Wrong Lessons From the Equifax Breach.)

Even worse, Ellison said, was the attack on the US Office of Personnel management, where hackers -- also, apparently, state actors -- made off with records for 20 million federal employees, including security clearance data, fingerprints, social security numbers and home addresses; targets included White House personnel, foreign embassies, and Defense and State Department personnel. "And suddenly the state actor knows everything about every employee who works for the embassy in their capital city, and the consulate in their cities and other cities around the world," Ellison said.

"We are losing the cyberwar," Ellison said. And adversaries aren't the usual competitors, like a grocery chain competing with Amazon-Whole Foods. "You don't usually think about your competitor being a nation in eastern Europe who's stealing all your data, but they're a competitor also -- or at least an adversary," Ellison said.

Not Enough Red
Oracle OpenWorld this week.
Oracle OpenWorld this week.


Keep up with the latest enterprise cloud news and insights. Sign up for the weekly Enterprise Cloud News newsletter.


Currently, security pros review logs as best as they can and patch systems when there is downtime to make the patch, Ellison said. That failed for Equifax, where the attack was traceable to a vulnerability in Apache Struts for which a patch was already available, but not yet applied by Equifax. There's nothing wrong with open source, Ellison noted, but enterprises need to manage it.

But human beings aren't up to managing modern data centers, comprising tens and hundreds of thousands of servers, storage, operating systems, virtual machines, containers, and more, Ellison said. The job needs automation.

"We don't take the security threat terribly seriously," Ellison said. "Or every few people in our organization take it seriously. The people who are focused on security take it seriously. The people who have other jobs in the data center are trying to get their jobs done. Sometimes when there's a security audit, they say, 'No, no, no, you're just slowing me down.'"

Security needs to be done without slowing down other processes, and also needs to be elevated to top priority, Ellison said. "Nobody wants to be on the front page as having lost people's data. Equifax is a 100-year-old company and they're fighting for their survival because somebody didn't locate an instance of Apache Struts and fix it when a fix was available."

And of course Ellison says Oracle has a solution -- or part of a solution -- in the security capabilities of Oracle Management Cloud. The Management Cloud relies on the same artificial and intelligence capabilities of the Autonomous Database Cloud, which Ellison discussed previously. The database is entirely automated for updates, patches and maintenance, achieving 99.995% uptime, or just a half-hour a year of downtime. Management Cloud turns the same automation to detecting and remediating vulnerabilities and threats. (See Oracle's Ellison: We'll Beat Amazon Cloud Pricing by Half.)

Machine learning looks at vast quantities of data and finds patterns and detects anomalies. In the case of cloud security, anomalies represent potential vulnerabilities and threats, Ellison said.

The primary goal of Management Cloud is to prevent data loss. "The most important job is data theft prevention," Ellison said.

The Management Cloud collects and merges log files from a variety of Oracle's and other companies' cloud and on-premises software, and "enriches" that information to annotate it with human-understandable explanatory notes, correlating which records are associated with which application, and associated databases, servers and operating systems. "These records are associated with our general ledger, running on this application server, and accessing this database. All these users are authorized to use the general ledger. You can say 'show me the failed logins on the general ledger, also OS and database logins associated with that application,'" Ellison said. "You can't do that with a lot of separate logs that look entirely different. You can't ask a simple query like that."

Management Cloud combines log data with third-party databases of known threats and vulnerabilities, such as URLs associated with malware and ransomware, machines known to be part of a botnet, and adult sites that download malware.

Of course, it wouldn't be an Ellison keynote without Larry slagging a competitor, and this time he turned to Splunk Inc. . By Ellison standards, his criticism there was mild.

Splunk invented log analytics, he said. "They do a pretty good job," he said. But unlike Oracle, Splunk doesn't normalize log data, enrich it with configuration information, and use machine learning to separate normal and abnormal information. Also, Splunk doesn't handle remediation. "You want to go directly from identifying a problem to fixing a problem," Ellison said.

Related posts:

— Mitch Wagner Follow me on Twitter Visit my LinkedIn profile Visit my blog Follow me on Facebook Editor, Enterprise Cloud News

(4)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
kq4ym
50%
50%
kq4ym,
User Rank: Light Sabre
10/21/2017 | 3:18:28 PM
Re: Yahoo Support
Yes, it's pretty scary when "records for 20 million federal employees, including security clearance data," are found by who knows who. While there's certainly more than should and can be done to prevent these issues, Ellison really has a knack on how scare folks to use his products and services while at the same time talking bad about competitors.
danielcawrey
50%
50%
danielcawrey,
User Rank: Light Sabre
10/5/2017 | 2:56:24 PM
Re: Yahoo Support
The OPM hack is really scary. That database includes a bunch of personal info on high-level folks in the US government. More needs to be done to secure our data when it comes to third parties that hold it. 
YahooSupport
0%
100%
YahooSupport,
User Rank: Light Beer
10/5/2017 | 1:04:36 AM
Yahoo Support
Call online technical support by Yahoo customer service helpline number, and get your yahoo account error fixed remotely. And more query in yahoo account so you can click this sites and resolve your technical issues.If you have any query then you can contact on yahoo customer support helpline number and get the best solution according to you. And our expert team available 24/7 hours so you can call anytime.

Yahoo tech service is resolved your technical issues and provide the best facilities. Basically our motives you have face no issues i.e. The reason I am trying to providing best service and solve your common issue.

https://yahoocustomerservice.co/about-yahoo/
mhhfive
50%
50%
mhhfive,
User Rank: Light Sabre
10/4/2017 | 1:07:11 PM
How does one win a cyberwar?
> "One of course involved Equifax Inc. , in which 143 million Americans lost records..."

Well, it turns out 2.5 million more people were affected... but what's a few million people among friends? 

http://money.cnn.com/2017/10/02/technology/business/equifax-million-more-impacted/index.html

I wonder exactly how nation-states use this PII data? Do they sell it to thieves to fund further operations? Are they ruining the credit of particular people who might be key diplomats or who hold some strategically valuable government positions? Is that really that effective as a way to "attack" the American government? 

I can understand maybe getting medical information and somehow using it against key government employees somehow, but ruining a person's credit or finances? 

It seems like there's a simple-ish fix, too -- create a better system than using SSNs to identify people. Sure, that's not exactly easy, but it's not exactly rocket surgery, either. 
More Blogs from Wagner’s Ring
The satellite network operator is looking to the Open Networking Automaton Platform (ONAP) to automate connecting its space-based network with terrestrial operators.
VMware's been shopping this summer, buying three cloud and networking startups that will bolster its telco strategy.
Service providers rank in fifth place for vertical markets served by the switch powerhouse. Number one? The hypercloud guys.
IBM reveals details of how it's using Red Hat software as the foundation for its multicloud strategy, following its $34 billion Red Hat acquisition.
AT&T recently cut a big cloud deal with IBM. Then AT&T cut a big cloud deal with Microsoft the next day. That doesn't mean we're caught in a timeloop – the deals are different, and have plenty of unanswered questions.
Featured Video
Upcoming Live Events
September 17-19, 2019, Dallas, Texas
October 1-2, 2019, New Orleans, Louisiana
October 10, 2019, New York, New York
October 22, 2019, Los Angeles, CA
November 5, 2019, London, England
November 7, 2019, London, UK
November 14, 2019, Maritim Hotel, Berlin
December 3-5, 2019, Vienna, Austria
December 3, 2019, New York, New York
March 16-18, 2020, Embassy Suites, Denver, Colorado
May 18-20, 2020, Irving Convention Center, Dallas, TX
All Upcoming Live Events