At Infosecurity Europe 2017, you couldn’t escape the buzz of what will may soon become the next great battle on the cybersecurity frontier – automation.
However, the belief that automation is a cyber security silver bullet is not one that is well believed it seems, with Oracle’s Rohit Gupta telling CBR that not all situations can be solely monitored by technology.
“There are certain conditions where automation will never be accepted. As an example, let’s say the system discovers something suspicious going on in an executive’s credentials, the CFO’s credentials. You don’t want to turn off the access between the CFO and his or her system, that could be career suicide, you never want that to happen.
“In that scenario you have policy in place that says for these specific types of roles, or these specific types of entitlements, I want to have human intervention – somebody to look over this detected issue to find out what happened, and then allow that individual or analyst as appropriate to essentially pre-empt the next course of action,” Oracle’s VP of cyber security told CBR.
We are currently living and working at a time where there are numerous attacks on systems, by numerous different malicious parties, all trying to get to the crown jewels via numerous different attack methods.
Mr Gupta told CBR of a common problem experienced by many an IT department, that of alert fatigue – he made the example of an IT professional coming to work in the morning to face 250 alerts before the day has even begun. Automation could cut through this fatigue, yet businesses do not tend to be immediatley ready to embrace automation as a solution – the barrier holding back adoption, according to Mr Gupta, is trust.
“Typically what happens is customers take a little bit of time, most enterprises take a little bit of time, to trust the algorithm, you have got to get comfortable with the algorithm.”
“So from a tuning standpoint we don’t set up the system to automate change on day one, what you typically do is you want to get to a level where you are comfortable with the fidelity of the system, and then once you are at the point where you are comfortable with automation, then you can let the system make these decisions.”
Acknowledging trust as a big part of automation adoption, Oracle has taken the step to offer supervised and unsupervised algorithms in it’s cyber security offering – a key differentiator according to the Oracle VP. Leveraging automation and machine learning, Oracle offers everything from anomaly detection and behaviour analytics to adaptive access control. The algorithms, however, underpin the offering.
The Oracle Cloud Access Security Broker (CASB) is the tool that will be utilising supervised and unsupervised machine-learning techniques, actively carrying out threat detection.
The Oracle CASB is an interface that provides visibility across the entire cloud stack, while also performing as a security automation tool for IT teams. Oracle says that this is the only tool capable of combining these capabilities in one place.
Oracle aims to compliment this stack-wide visibility with predictive analytics, aiming to provide customers with an edge on increasingly agile attackers launching sophisticated attacks.
READ MORE: Oracle Cloud: Standing tall against AWS and Microsoft Azure
“We leveraged and we built in our own internal RND, techniques for both supervised and unsupervised algorithms. Learning through unsupervised techniques, meaning you queue the algorithm, let it run and over time it will figure out baselines to decide what is normal and then identify deviations,” said Mr Gupta.
“The second one is supervised models, where you essentially get human intervention into the process, so that you can refine the threat model. For a non-technical user, or somebody who is not a highly trained forensic analyst, that is a big deal.”
Ultimately Oracle is looking to achieve what most are in the IT and cyber security space – the ability to, as Mr Gupta told CBR, “help our customers as they go through a digital transformation, or as they move workloads from on premise into the cloud.”
However, where Oracle may have the edge is in the algorithm – especially when automation ignites debate over trust and fuels rhetoric on the rise of the robots.