SlideShare a Scribd company logo

The future of cyber security

S
Sandip Juthani

Machine learning-based adaptive intelligence: The future of cybersecurity

Technology
1 of 11
Download to read offline
Machine learning-based adaptive intelligence: The future of cybersecurity Whitepaper. January 2018
Most companies are adopting cloud technologies to accommodate digital business opportunities. Everybody loves the convenience—cloud services are easy to provision, deploy, and consume right away. However, security threats are not canceled by cloud adoption, and the scale of services across cloud and on-premises environments requires a new approach to cyber defense. Forward-looking companies are moving from manual security strategies to intelligent security operations centers (SOCs) that can forecast, detect, prevent, and respond to threats automatically, as well as correlate and distill vast amounts of event data into actionable intelligence. As Oracle CTO and Chairman Larry Ellison explained during his keynote speech at Oracle OpenWorld 2017, “The way to secure our data, the way to prevent data theft, is more automation. And we need a cyber defense system that automatically detects vulnerabilities and attacks. Fix the vulnerability before an attack. And then, if there is an attack, detect the attack and shut it down”. He also said, “we need new systems. It can’t be our people versus their computers. We’re going to lose that war. It’s got to be our computers versus their computers. And make no mistake: It’s a war.” How do SOC managers compensate for the loss of control over users, devices, and applications? How do they trust the external users—along with roving employees—that need access to their systems? According to a 2016 Ponemon Cost of Data Breach Study, the average cost of a breach at large enterprises is $4 million, and takes 99 days to detect. These alarming statistics are partially a result of alerts from so many vendors, products, consoles, and security tools. There is too much noise and not enough actionable insight. To secure enterprise IT assets and protect against increasingly sophisticated attacks, forward-looking organizations are adopting cybersecurity technologies that are continuous, adaptive, real-time, and intelligent. They rely on artificial intelligence (AI) and machine learning (ML) algorithms to manage configurations, monitor who has access to what resources, and encrypt sensitive data to protect IT assets. Executive summary 4 Security Operations Center managers are augmenting passive, static security strategies with more advanced and proactive security scenarios that are continuous, adaptive, real-time, and intelligent.
The security landscape is evolving more quickly than ever before.The network perimeter has dissolved even as the number of devices, services, and people allowed to access applications and data has increased. Automated threats—where it’s not a human being sitting behind a console trying to compromise your IT environment, but rather an automated program running scripts in an attempt to infiltrate your systems—have become ordinary. Established security controls are in place but the number of security alerts coming from traditional security systems is exploding. In many cases, cybercriminals hide in the noise. Security operations centers are bombarded with millions of alerts; it is not humanely possible to keep pace without new paradigms to triage, automate, and respond to them all. Moreover, most traditional security tools have not been designed for cloud environments and the unique challenges that cloud adoption presents such as verifying security policies and establishing visibility into infrastructure security. Decisions about who to admit and what resources to authorize must be made from moment-to-moment, based on the circumstances, or context, of each request. The spectrum of trust is no longer clearly defined. Security professionals must verify the identity of each user or application, consider which resources they wish to access, and pay attention to any sensitivities within the data or content in question. Granting access to IT resources is rarely a black and white decision. Security teams must assess risk continuously to discern between friend and foe. Machine Learning and cloud-based analytics tools can automatically detect anomalies in user behavior, as well as intercept rogue applications that bypass traditional perimeter security systems.They augment rules-based security systems by scanning the data that these systems miss.This type of automation is essential to security operations centers because it enables rapid detection and response. In order to dynamically establish trust and identify potential risks, security operations teams must be able to make sense of alerts regarding a huge variety of systems, applications, and data sets—everything from system and application logs, user session activity, and how sensitive IT resources are being accessed, to how security configurations are being changed. All systems and devices should be considered potentially compromised at all times, and all user behaviors continually assessed for malicious, negligent, or harmful activities—inadvertent or otherwise. A comprehensive security portfolio should be based on a zero-trust model, which means that there is no implicit trust for any user, device, or application, and any form of trust must be established and built into an entitlement model or policy. Once authenticated, users should be allowed just enough rights and permissions to complete specific actions. To do this consistently, security professionals need contextual awareness, actionable intelligence, and a more complete assessment of the “gray areas” where so much of today’s network traffic occurs. The same rigorous approach must be applied to cloud, on-premises, and hosted environments. Mitigating sophisticated, automated threats 5 Firewalls, intrusion protection systems, and other types of preventive security technologies are an important part of protecting your company’s information assets—but they are not adequate to protect against new threats from cloud and mobile realms.
Machine learning-driven security intelligence Raw data ingestion FirewallsApp internals (security posture) Data classification Normalized, categorized data clusters Forecasts: high-risk user accounts and data Threats, anomalies and recommendations Reporting,ad hoc queries,and alerts Anom alies and trends 3rd-party threat feedsSecurity operations boil down to two fundamental metrics: how quickly can you detect a breach, and how quickly can you respond to a known attack—two essential metrics known as mean time to detect (MTTD) and mean time to respond (MTTR). Traditional security tools utilize known threat signatures and threat feeds supplied by trusted partners. This is not sufficient today as enterprise perimeters are dissolving and the first sign of a new and unknown threat may get recorded in an application log or by a user session monitoring tool. To make the most of the power of AI and machine learning, new solutions are incorporating systems management feeds such as log files, business transactions, application configurations, role/privilege assignments, and other sources unknown to the traditional security tool. AI and machine learning technologies can help you correlate events and apply heuristics to detect patterns, trends, and anomalies in the data, including detecting new alerts, adding context to those alerts, and responding quickly to address and resolve incidents. An automated cloud security solution can continuously evaluate millions of patterns and uncover anomalies and suspicious activity. Machine learning algorithms scale well to accommodate large volumes of data when deployed in the cloud. Due to the massive amount of data involved, on-premises solutions quickly turn into large infrastructures requiring constant expansion to address compute and storage needs. An AI algorithm processes the data to identify patterns, create audit reports, and detect security risk indicators based on pre-defined threat models, baseline risk indicators, abnormal events, and suspicious user activity. In the remainder of this paper, we’ll examine how AI technology and machine learning technology can streamline fundamental activities like these in your network and security operations center. Detect quickly, remediate faster 7
Today’s diverse computing environments demand an intelligent security framework that can continuously monitor potential threats and challenge suspicious behavior.The goal is to get rid of false positives, minimize the minutiae within millions of alerts, and allow the machines to handle the simple stuff—like stepping up authentication when warranted to automatically prevent access by unauthorized users. Oracle has a suite of cloud-based services that brings greater visibility, intelligence, and automation to cybersecurity activities. All of Oracle’s security services are built on Oracle Management Cloud (OMC), an integrated set of monitoring, management, and analytics services that leverage machine learning and big data technologies against a broad operational data set. For example, Oracle Configuration and Compliance Cloud Service enables IT and business compliance personnel to assess, score, and remediate violations using industry- standard benchmarks in addition to user-defined rules. Oracle Security Monitoring and Analytics (SMA) Cloud Service enables rapid detection, investigation, and remediation of security threats and correlates the results with the privileges assigned in your identity and access management (IAM) platform or Active Directory. Oracle Orchestration Cloud Service allows security administrators to automatically respond to issues, alerts, and events, and to set up custom rules with their favorite scripting languages and configuration software. When Oracle’s cloud-based cybersecurity applications alert the database of vulnerabilities, the database can patch itself on the fly. It can also detect anomalous SQL queries by parsing SQL statements to establish whitelist baselines by user, group, database, and application. It evaluates new SQL queries against this baseline to spot potential threats, raise threat scores, and take action to protect sensitive data. On the back-end, Oracle Autonomous Database Cloud Service simplifies database administration and tuning tasks, including automatically maintaining security configurations. Continuous detection 10 The world’s first autonomous database Less labor, lower cost, fewer errors, more secure, more reliable Self-driving User defines service levels, database makes them happen Self-tuning Continuous adaptive performance tuning Self-scaling Instantly resize compute and storage without downtime Self-securing Protection from both external attacks and internal users Self-repairing Automated protection from all downtime
An advanced security system can adapt to changing conditions, driven by machine learning technology that automatically detects and fixes problems without human agents— a capability known as adaptive response. This type of automation is progressively more important in today’s hybrid cloud environments. For example, you may have little visibility into how people use their mobile devices to download apps and data via the corporate network. Many employees use Box, Dropbox, Evernote, Office 365, and other cloud apps for personal and professional tasks, and they may use personal Gmail accounts to send and receive corporate data. It’s convenient for users, but without strict policies, the IT department can easily lose control of how these applications are used, as well as how the associated data is managed and stored. Large businesses typically have hundreds of cloud services. Top-tier cloud providers do a good job of securing their infrastructure, but customers are responsible for protecting their own data in the cloud. Data breaches and attacks can occur when companies have insufficient identity and access management systems. In addition, application programming interfaces (APIs), and user interfaces have IP addresses that can be accessed from outside of trusted organizational boundaries. Because they are exposed, these assets can be the targets of attacks via the internet. A Cloud Access Security Broker (CASB) can assist with cloud management by brokering exchanges between cloud users and cloud providers, as well as by consolidating security policy enforcement activities. For example, Oracle CASB Cloud Service protects your critical data by combining visibility, threat detection, compliance management, and automated incident response for cloud services into a single platform. Situated between your on-premises infrastructure and a cloud provider’s infrastructure, it acts as a gatekeeper, allowing you to extend your in-house security policies beyond your own infrastructure. Users can securely access cloud services, whether from a corporate PC behind the firewall, or mobile devices from a remote coffee shop. Your security team gains visibility into shadow IT processes, and can more reliably secure sanctioned cloud services, including Amazon Web Services, Google Apps, and Salesforce. Adaptive responses 12 Oracle has integrated machine learning, artificial intelligence, and contextual awareness in its CASB service to address the rise of security incidents targeting privileged and end-user credentials. Data protection Monitors whether certain data has been accessed, moved, copied, renamed, edited, deleted, or locked Compliance automation Allows configuration based on best practices, with customized settings to fit unique IT needs Threat detection Helps detect threats from all types of cloud services Cloud visibility Offers visibility into all types of cloud services (including, shadow IT, enterprise apps, App Store, and custom apps)
CASBs depend on user entity behavior analytics (UEBA) to establish unique historical baselines for each user and cloud service. They continuously compare unusual activity against these expected baselines to identify unusual, suspicious, or potentially risky behavior. Once the CASB detects a deviation, it orchestrates an intelligent response, perhaps integrating with a ticketing and incident management system to compare the incident to similar ones, and ultimately suggesting targeted remediation by a human agent. Bolstered by machine learning algorithms, Oracle CASB learns what constitutes typical behavior for each application. It defines a baseline for typical user behavior, against which deviations can be measured. If a user exhibits behavior outside of those well-established expectations, that behavior can be flagged as an anomaly. For example, if an employee has family members in the Ukraine, and occasionally works from that location, logging in from there would not raise a red flag. However, if an employee who never travels to the Ukraine suddenly logs in from that location, the system could leverage the Adaptive Access engine in CASB and force Multi-Factor Authentication (MFA) by initiating a two-factor identity procedure to verify the user’s identity. In this way, the security system gets smarter over time. The more data it studies, the more users it gets to know, the more applications that come under its purview, the better it can understand rogue or suspicious behavior when it occurs. For example, the CASB might monitor the applications users typically use, the locations they log in from, how they access these cloud services, and the time of day when they are most often online. If it suspects an account may have been hijacked, it can require a password reset or two-factor authentication procedure. Source: https://www.abiresearch.com/press/machine-learning-cybersecurity-boost-big-data-inte/ Adaptive responses continued 14 ABI Research forecasts that machine learning in cybersecurity will boost big data, intelligence, and analytics spending to $96 billion by 2021.*
Businesses that have embraced the cloud paradigm are less likely to fall out of compliance with industry and government regulations, guidelines, and standards. However, because of the new challenges and risks that come with the cloud model, it’s more critical than ever to be proactive about cybersecurity. You must institute management processes to assess the state of compliance and evaluate the risks and potential costs of non-compliance. An identity-based SOC uses machine learning to combat fraud across cloud and on-premises applications by analyzing each login attempt in conjunction with data on location, device, and time of day.These intelligent applications are not only better at detecting and preventing threats, but they also automate post-event, investigation, and response activities. Oracle is the first vendor to build this level of identity awareness into a native cloud service that integrates with the rest of the security fabric, offering complete security coverage for hybrid environments. Oracle Identity Cloud Service (IDCS) resides at the center of the security framework to improve compliance, risk management, database security, and application security. It is designed to simplify the deployment of applications such as Office 365, Salesforce, and Oracle Cloud Applications, as well as to bridge the identity gap with on-premises identity management systems and directories, such as Oracle Identity and Access Management and Microsoft Active Directory. Oracle IDCS provides administration capabilities such as user/ group and app administration, access management capabilities such as single sign on, strong authentication, and adaptive risk-based policies. It works in conjunction with Oracle Security Monitoring and Analytics Cloud Service to detect, investigate, and remediate a broad range of security threats across on- premises and cloud environments. Oracle’s modern identity- based SOC incorporates threat intelligence from open source and commercial feeds, IP white/blacklists, device reputation, known vulnerability databases, geo-location, and more. It facilitates rapid detection, investigation, and remediation of a broad range of security threats based on algorithms that can identify patterns in the data. As the system gets smarter, it can even make predictions about the likelihood of future breaches based on historical activity. Risk analysis through identity and context 15 Oracle Identity SOC is the industry’s first identity-centric framework for security operations centers.
It is relatively easy for a hacker to steal a sanctioned user’s credentials and then penetrate the network under the guise of an authorized worker. This may lead to suspicious or anomalous activity—different from how that user normally behaves, or how his or her peers normally behave. A CASB system will issue alerts and step up the security constraints—perhaps requiring two- factor authentication to access a particular application. In addition, a centralized identity framework will enable security personnel to audit which users can access which resources at which times. This allows them to identify situations in which users no longer need access, and to set outbound credentials for hosted applications in the cloud and inbound credentials from third parties. Oracle uses machine learning technology to cluster users based on common aggregate behavior, such as where they come from, the internal assets they access, the cloud services they access, and the time of day they operate. This makes it easy to spot anomalous behavior, such as if an HR professional suddenly starts behaving like a finance exec—indicating a potential hijacked account or insider threat. 
 Automating this process is essential, given the sheer volume of alerts and incidents. For example, upon arriving at work in the morning, a SOC professional might receive a summary report that says there were 10,000 alerts over the weekend. The security framework automatically addressed 98 percent of them, the audit report explains—issued alerts, opened support tickets, and escalated potentially threatening issues—so that only 200 alerts need to be reviewed manually. As we’ve seen, a complete security architecture involves the integration of people, processes, and technology via a cloud-based, identity-centric approach.To tie it all together, you need a comprehensive management framework. Oracle Management Cloud includes a machine-learning engine that correlates the data and enables single- pane-of-glass management. It includes preprogrammed AI models, so you don’t need a data scientist on staff to program the system or keep it up to date.The machine learning algorithms add intelligence to DevOps and SOC processes. For example, one security module handles compliance and configuration management. Other modules handle security information and event management (SIEM) and event aggregation via a cloud access security broker (CASB). Oracle Management Cloud blends these individual capabilities into a broad security fabric. It’s ideal for nimble DevOps teams that are adopting modern IT practices, since it correlates pertinent events from the network, applications, and users interacting with your systems. Oracle has embedded machine-learning technology at the heart of Oracle Management Cloud to help you address security threats across on-premises and cloud environments. This management foundation promises a more productive integration of people, process, and technology. Trust-based review Architectural integration 18 PreventPredict DetectRespond Context Content Identity Intelligence Users Network Automation Security intelligence powered by identity
IT professionals are losing control as legacy workloads are disassociated from the well- protected, carefully circumscribed physical infrastructure and moved into new domains, where the infrastructure, applications, and data are often managed by third-party providers. Third-party cloud providers have limited or no oversight/visibility into the customers and their data owner.That’s why forward-looking security directors are installing automated, intelligent, context-aware security solutions that give them broad control over the security risks to which their organizations are exposed. Rather than passively monitoring the network, they are creating proactive defenses that protect users, applications, content, and data. Most importantly, they are figuring out how to apply consistent security controls across cloud and on-premises environments. Not properly securing against internal and external threats can have a negative impact on your bottom line, your brand, and your market valuation. Cloud and machine learning technologies can improve your security readiness and give you a more complete picture of your overall IT environment. Oracle enables your team to establish a continuous security posture that can evaluate event data in real time. This adaptable system can learn new things—including where employees move, what devices they use, and how their personal computing environments change day to day. Digital businesses can no longer survive without a high level of security intelligence and awareness. Manual and rule-based technologies are no longer adequate for today’s cybersecurity challenges. You need automated, contextual, machine learning technology to detect and respond to known and unknown threats. Oracle’s integrated security portfolio spans on-premises and cloud environments. It combines contextual identity-as-a-service, a cloud access security broker, security monitoring and analytics, and configuration and compliance capabilities—all from one vendor—which makes it easy to automate your cyber defense and win the cyber war. To learn more please click through to the following resources: Modernize Your Security Operations Center Why You Want to Modernize Your Systems Management and Move it to the Cloud Automated cyber defense: your tomorrow, today 20 Today’s advanced threats demand machine learning and cloud—the new differentiators in the security landscape.
Whitepaper. January 2018 Oracle Corporation,World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065, USA Worldwide Inquiries Phone: +1.650.506.7000 Fax: +1.650.506.7200 Copyright © 2018, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. 0118. Machine learning-based adaptive intelligence: The future of cybersecurity

Recommended

Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Career in cyber security
Career in cyber securityCareer in cyber security
Career in cyber securityManjushree Mashal
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityMaryam Hidayatallah CPFA,MIPA,MA,CICA
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
Cyber Security & Cyber Security Threats
Cyber Security & Cyber Security ThreatsCyber Security & Cyber Security Threats
Cyber Security & Cyber Security ThreatsSiemplify
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
cyber security
cyber securitycyber security
cyber securitykm. nahid
 

Recommended

Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Career in cyber security
Career in cyber securityCareer in cyber security
Career in cyber securityManjushree Mashal
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityMaryam Hidayatallah CPFA,MIPA,MA,CICA
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
Cyber Security & Cyber Security Threats
Cyber Security & Cyber Security ThreatsCyber Security & Cyber Security Threats
Cyber Security & Cyber Security ThreatsSiemplify
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
cyber security
cyber securitycyber security
cyber securitykm. nahid
 
Enterprise Security and Cyber Security Cases
Enterprise Security and Cyber Security CasesEnterprise Security and Cyber Security Cases
Enterprise Security and Cyber Security CasesHakan Yüksel
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityimtnoida112
 
Cyber security
Cyber securityCyber security
Cyber securityRavikantGautam8
 
A new way to prevent Botnet Attack
A new way to prevent Botnet AttackA new way to prevent Botnet Attack
A new way to prevent Botnet Attackyennhi2812
 
Icit analysis-identity-access-management
Icit analysis-identity-access-managementIcit analysis-identity-access-management
Icit analysis-identity-access-managementMark Gibson
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityIllumeo
 
Cyber security
Cyber securityCyber security
Cyber securityShaibal Ahmed
 
Securing data flow to and from organizations
Securing data flow to and from organizationsSecuring data flow to and from organizations
Securing data flow to and from organizationsOPSWAT
 
Cyber security and Homeland security
Cyber security and Homeland securityCyber security and Homeland security
Cyber security and Homeland securityADGP, Public Grivences, Bangalore
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018joshquarrie
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityGopiRajan4
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsMercury Solutions Limited
 
Tonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
Tonex Cybersecurity Fundamentals, Cybersecurity Training and CertificationTonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
Tonex Cybersecurity Fundamentals, Cybersecurity Training and CertificationBryan Len
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Knowledge Group
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securitySHIVAMSHARMA1271
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityA. Shamel
 
cyber security | What Is Cyber Security | Hello World Session
cyber security | What Is Cyber Security | Hello World Sessioncyber security | What Is Cyber Security | Hello World Session
cyber security | What Is Cyber Security | Hello World SessionYasserElsnbary
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018Leslie McFarlin
 

More Related Content

What's hot

Enterprise Security and Cyber Security Cases
Enterprise Security and Cyber Security CasesEnterprise Security and Cyber Security Cases
Enterprise Security and Cyber Security CasesHakan Yüksel
 
A new way to prevent Botnet Attack
A new way to prevent Botnet AttackA new way to prevent Botnet Attack
A new way to prevent Botnet Attackyennhi2812
 
Icit analysis-identity-access-management
Icit analysis-identity-access-managementIcit analysis-identity-access-management
Icit analysis-identity-access-managementMark Gibson
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityIllumeo
 
Securing data flow to and from organizations
Securing data flow to and from organizationsSecuring data flow to and from organizations
Securing data flow to and from organizationsOPSWAT
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018joshquarrie
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityGopiRajan4
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsMercury Solutions Limited
 
Tonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
Tonex Cybersecurity Fundamentals, Cybersecurity Training and CertificationTonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
Tonex Cybersecurity Fundamentals, Cybersecurity Training and CertificationBryan Len
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Knowledge Group
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securitySHIVAMSHARMA1271
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityA. Shamel
 
cyber security | What Is Cyber Security | Hello World Session
cyber security | What Is Cyber Security | Hello World Sessioncyber security | What Is Cyber Security | Hello World Session
cyber security | What Is Cyber Security | Hello World SessionYasserElsnbary
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 

What's hot (20)

Enterprise Security and Cyber Security Cases
Enterprise Security and Cyber Security CasesEnterprise Security and Cyber Security Cases
Enterprise Security and Cyber Security Cases
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
A new way to prevent Botnet Attack
A new way to prevent Botnet AttackA new way to prevent Botnet Attack
A new way to prevent Botnet Attack
 
Icit analysis-identity-access-management
Icit analysis-identity-access-managementIcit analysis-identity-access-management
Icit analysis-identity-access-management
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Securing data flow to and from organizations
Securing data flow to and from organizationsSecuring data flow to and from organizations
Securing data flow to and from organizations
 
Cyber security and Homeland security
Cyber security and Homeland securityCyber security and Homeland security
Cyber security and Homeland security
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber security
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security Certifications
 
Tonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
Tonex Cybersecurity Fundamentals, Cybersecurity Training and CertificationTonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
Tonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
cyber security | What Is Cyber Security | Hello World Session
cyber security | What Is Cyber Security | Hello World Sessioncyber security | What Is Cyber Security | Hello World Session
cyber security | What Is Cyber Security | Hello World Session
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 

Similar to The future of cyber security

What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018Leslie McFarlin
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
How Modern Cybersecurity Software Shields Against the Latest Threats.pdf
How Modern Cybersecurity Software Shields Against the Latest Threats.pdfHow Modern Cybersecurity Software Shields Against the Latest Threats.pdf
How Modern Cybersecurity Software Shields Against the Latest Threats.pdfWebtrills1
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trendsChristopher Bennett
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructureAnton Chuvakin
 
The Fundamentals and Significance of Security Orchestration Tools
The Fundamentals and Significance of Security Orchestration ToolsThe Fundamentals and Significance of Security Orchestration Tools
The Fundamentals and Significance of Security Orchestration Toolssecuraa
 
Ibm cognitive security_white_paper_04_2016
Ibm cognitive security_white_paper_04_2016Ibm cognitive security_white_paper_04_2016
Ibm cognitive security_white_paper_04_2016Janghyuck Choi
 
Threat Intelligence in Cybersecurity.pdf
Threat Intelligence in Cybersecurity.pdfThreat Intelligence in Cybersecurity.pdf
Threat Intelligence in Cybersecurity.pdfCiente
 
Module 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxModule 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxSkippedltd
 
Threat Intelligen.pptx
Threat Intelligen.pptxThreat Intelligen.pptx
Threat Intelligen.pptxCompanySeceon
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Soar cybersecurity
Soar cybersecuritySoar cybersecurity
Soar cybersecuritySecuraa
 
Interset-advanced threat detection wp
Interset-advanced threat detection wpInterset-advanced threat detection wp
Interset-advanced threat detection wpCMR WORLD TECH
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attackAndreanne Clarke
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultSOCVault
 
The Role of Technology in Modern Security Services Trends and Innovations.pdf
The Role of Technology in Modern Security Services Trends and Innovations.pdfThe Role of Technology in Modern Security Services Trends and Innovations.pdf
The Role of Technology in Modern Security Services Trends and Innovations.pdfMax Secure Ltd
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 

Similar to The future of cyber security (20)

What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 
How Modern Cybersecurity Software Shields Against the Latest Threats.pdf
How Modern Cybersecurity Software Shields Against the Latest Threats.pdfHow Modern Cybersecurity Software Shields Against the Latest Threats.pdf
How Modern Cybersecurity Software Shields Against the Latest Threats.pdf
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of IT
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trends
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
 
The Fundamentals and Significance of Security Orchestration Tools
The Fundamentals and Significance of Security Orchestration ToolsThe Fundamentals and Significance of Security Orchestration Tools
The Fundamentals and Significance of Security Orchestration Tools
 
Ibm cognitive security_white_paper_04_2016
Ibm cognitive security_white_paper_04_2016Ibm cognitive security_white_paper_04_2016
Ibm cognitive security_white_paper_04_2016
 
Threat Intelligence in Cybersecurity.pdf
Threat Intelligence in Cybersecurity.pdfThreat Intelligence in Cybersecurity.pdf
Threat Intelligence in Cybersecurity.pdf
 
Module 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxModule 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptx
 
Threat Intelligen.pptx
Threat Intelligen.pptxThreat Intelligen.pptx
Threat Intelligen.pptx
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Soar cybersecurity
Soar cybersecuritySoar cybersecurity
Soar cybersecurity
 
Interset-advanced threat detection wp
Interset-advanced threat detection wpInterset-advanced threat detection wp
Interset-advanced threat detection wp
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attack
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVault
 
The Role of Technology in Modern Security Services Trends and Innovations.pdf
The Role of Technology in Modern Security Services Trends and Innovations.pdfThe Role of Technology in Modern Security Services Trends and Innovations.pdf
The Role of Technology in Modern Security Services Trends and Innovations.pdf
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 

Recently uploaded

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

The future of cyber security

  • 1. Machine learning-based adaptive intelligence: The future of cybersecurity Whitepaper. January 2018
  • 2. Most companies are adopting cloud technologies to accommodate digital business opportunities. Everybody loves the convenience—cloud services are easy to provision, deploy, and consume right away. However, security threats are not canceled by cloud adoption, and the scale of services across cloud and on-premises environments requires a new approach to cyber defense. Forward-looking companies are moving from manual security strategies to intelligent security operations centers (SOCs) that can forecast, detect, prevent, and respond to threats automatically, as well as correlate and distill vast amounts of event data into actionable intelligence. As Oracle CTO and Chairman Larry Ellison explained during his keynote speech at Oracle OpenWorld 2017, “The way to secure our data, the way to prevent data theft, is more automation. And we need a cyber defense system that automatically detects vulnerabilities and attacks. Fix the vulnerability before an attack. And then, if there is an attack, detect the attack and shut it down”. He also said, “we need new systems. It can’t be our people versus their computers. We’re going to lose that war. It’s got to be our computers versus their computers. And make no mistake: It’s a war.” How do SOC managers compensate for the loss of control over users, devices, and applications? How do they trust the external users—along with roving employees—that need access to their systems? According to a 2016 Ponemon Cost of Data Breach Study, the average cost of a breach at large enterprises is $4 million, and takes 99 days to detect. These alarming statistics are partially a result of alerts from so many vendors, products, consoles, and security tools. There is too much noise and not enough actionable insight. To secure enterprise IT assets and protect against increasingly sophisticated attacks, forward-looking organizations are adopting cybersecurity technologies that are continuous, adaptive, real-time, and intelligent. They rely on artificial intelligence (AI) and machine learning (ML) algorithms to manage configurations, monitor who has access to what resources, and encrypt sensitive data to protect IT assets. Executive summary 4 Security Operations Center managers are augmenting passive, static security strategies with more advanced and proactive security scenarios that are continuous, adaptive, real-time, and intelligent.
  • 3. The security landscape is evolving more quickly than ever before.The network perimeter has dissolved even as the number of devices, services, and people allowed to access applications and data has increased. Automated threats—where it’s not a human being sitting behind a console trying to compromise your IT environment, but rather an automated program running scripts in an attempt to infiltrate your systems—have become ordinary. Established security controls are in place but the number of security alerts coming from traditional security systems is exploding. In many cases, cybercriminals hide in the noise. Security operations centers are bombarded with millions of alerts; it is not humanely possible to keep pace without new paradigms to triage, automate, and respond to them all. Moreover, most traditional security tools have not been designed for cloud environments and the unique challenges that cloud adoption presents such as verifying security policies and establishing visibility into infrastructure security. Decisions about who to admit and what resources to authorize must be made from moment-to-moment, based on the circumstances, or context, of each request. The spectrum of trust is no longer clearly defined. Security professionals must verify the identity of each user or application, consider which resources they wish to access, and pay attention to any sensitivities within the data or content in question. Granting access to IT resources is rarely a black and white decision. Security teams must assess risk continuously to discern between friend and foe. Machine Learning and cloud-based analytics tools can automatically detect anomalies in user behavior, as well as intercept rogue applications that bypass traditional perimeter security systems.They augment rules-based security systems by scanning the data that these systems miss.This type of automation is essential to security operations centers because it enables rapid detection and response. In order to dynamically establish trust and identify potential risks, security operations teams must be able to make sense of alerts regarding a huge variety of systems, applications, and data sets—everything from system and application logs, user session activity, and how sensitive IT resources are being accessed, to how security configurations are being changed. All systems and devices should be considered potentially compromised at all times, and all user behaviors continually assessed for malicious, negligent, or harmful activities—inadvertent or otherwise. A comprehensive security portfolio should be based on a zero-trust model, which means that there is no implicit trust for any user, device, or application, and any form of trust must be established and built into an entitlement model or policy. Once authenticated, users should be allowed just enough rights and permissions to complete specific actions. To do this consistently, security professionals need contextual awareness, actionable intelligence, and a more complete assessment of the “gray areas” where so much of today’s network traffic occurs. The same rigorous approach must be applied to cloud, on-premises, and hosted environments. Mitigating sophisticated, automated threats 5 Firewalls, intrusion protection systems, and other types of preventive security technologies are an important part of protecting your company’s information assets—but they are not adequate to protect against new threats from cloud and mobile realms.
  • 4. Machine learning-driven security intelligence Raw data ingestion FirewallsApp internals (security posture) Data classification Normalized, categorized data clusters Forecasts: high-risk user accounts and data Threats, anomalies and recommendations Reporting,ad hoc queries,and alerts Anom alies and trends 3rd-party threat feedsSecurity operations boil down to two fundamental metrics: how quickly can you detect a breach, and how quickly can you respond to a known attack—two essential metrics known as mean time to detect (MTTD) and mean time to respond (MTTR). Traditional security tools utilize known threat signatures and threat feeds supplied by trusted partners. This is not sufficient today as enterprise perimeters are dissolving and the first sign of a new and unknown threat may get recorded in an application log or by a user session monitoring tool. To make the most of the power of AI and machine learning, new solutions are incorporating systems management feeds such as log files, business transactions, application configurations, role/privilege assignments, and other sources unknown to the traditional security tool. AI and machine learning technologies can help you correlate events and apply heuristics to detect patterns, trends, and anomalies in the data, including detecting new alerts, adding context to those alerts, and responding quickly to address and resolve incidents. An automated cloud security solution can continuously evaluate millions of patterns and uncover anomalies and suspicious activity. Machine learning algorithms scale well to accommodate large volumes of data when deployed in the cloud. Due to the massive amount of data involved, on-premises solutions quickly turn into large infrastructures requiring constant expansion to address compute and storage needs. An AI algorithm processes the data to identify patterns, create audit reports, and detect security risk indicators based on pre-defined threat models, baseline risk indicators, abnormal events, and suspicious user activity. In the remainder of this paper, we’ll examine how AI technology and machine learning technology can streamline fundamental activities like these in your network and security operations center. Detect quickly, remediate faster 7
  • 5. Today’s diverse computing environments demand an intelligent security framework that can continuously monitor potential threats and challenge suspicious behavior.The goal is to get rid of false positives, minimize the minutiae within millions of alerts, and allow the machines to handle the simple stuff—like stepping up authentication when warranted to automatically prevent access by unauthorized users. Oracle has a suite of cloud-based services that brings greater visibility, intelligence, and automation to cybersecurity activities. All of Oracle’s security services are built on Oracle Management Cloud (OMC), an integrated set of monitoring, management, and analytics services that leverage machine learning and big data technologies against a broad operational data set. For example, Oracle Configuration and Compliance Cloud Service enables IT and business compliance personnel to assess, score, and remediate violations using industry- standard benchmarks in addition to user-defined rules. Oracle Security Monitoring and Analytics (SMA) Cloud Service enables rapid detection, investigation, and remediation of security threats and correlates the results with the privileges assigned in your identity and access management (IAM) platform or Active Directory. Oracle Orchestration Cloud Service allows security administrators to automatically respond to issues, alerts, and events, and to set up custom rules with their favorite scripting languages and configuration software. When Oracle’s cloud-based cybersecurity applications alert the database of vulnerabilities, the database can patch itself on the fly. It can also detect anomalous SQL queries by parsing SQL statements to establish whitelist baselines by user, group, database, and application. It evaluates new SQL queries against this baseline to spot potential threats, raise threat scores, and take action to protect sensitive data. On the back-end, Oracle Autonomous Database Cloud Service simplifies database administration and tuning tasks, including automatically maintaining security configurations. Continuous detection 10 The world’s first autonomous database Less labor, lower cost, fewer errors, more secure, more reliable Self-driving User defines service levels, database makes them happen Self-tuning Continuous adaptive performance tuning Self-scaling Instantly resize compute and storage without downtime Self-securing Protection from both external attacks and internal users Self-repairing Automated protection from all downtime
  • 6. An advanced security system can adapt to changing conditions, driven by machine learning technology that automatically detects and fixes problems without human agents— a capability known as adaptive response. This type of automation is progressively more important in today’s hybrid cloud environments. For example, you may have little visibility into how people use their mobile devices to download apps and data via the corporate network. Many employees use Box, Dropbox, Evernote, Office 365, and other cloud apps for personal and professional tasks, and they may use personal Gmail accounts to send and receive corporate data. It’s convenient for users, but without strict policies, the IT department can easily lose control of how these applications are used, as well as how the associated data is managed and stored. Large businesses typically have hundreds of cloud services. Top-tier cloud providers do a good job of securing their infrastructure, but customers are responsible for protecting their own data in the cloud. Data breaches and attacks can occur when companies have insufficient identity and access management systems. In addition, application programming interfaces (APIs), and user interfaces have IP addresses that can be accessed from outside of trusted organizational boundaries. Because they are exposed, these assets can be the targets of attacks via the internet. A Cloud Access Security Broker (CASB) can assist with cloud management by brokering exchanges between cloud users and cloud providers, as well as by consolidating security policy enforcement activities. For example, Oracle CASB Cloud Service protects your critical data by combining visibility, threat detection, compliance management, and automated incident response for cloud services into a single platform. Situated between your on-premises infrastructure and a cloud provider’s infrastructure, it acts as a gatekeeper, allowing you to extend your in-house security policies beyond your own infrastructure. Users can securely access cloud services, whether from a corporate PC behind the firewall, or mobile devices from a remote coffee shop. Your security team gains visibility into shadow IT processes, and can more reliably secure sanctioned cloud services, including Amazon Web Services, Google Apps, and Salesforce. Adaptive responses 12 Oracle has integrated machine learning, artificial intelligence, and contextual awareness in its CASB service to address the rise of security incidents targeting privileged and end-user credentials. Data protection Monitors whether certain data has been accessed, moved, copied, renamed, edited, deleted, or locked Compliance automation Allows configuration based on best practices, with customized settings to fit unique IT needs Threat detection Helps detect threats from all types of cloud services Cloud visibility Offers visibility into all types of cloud services (including, shadow IT, enterprise apps, App Store, and custom apps)
  • 7. CASBs depend on user entity behavior analytics (UEBA) to establish unique historical baselines for each user and cloud service. They continuously compare unusual activity against these expected baselines to identify unusual, suspicious, or potentially risky behavior. Once the CASB detects a deviation, it orchestrates an intelligent response, perhaps integrating with a ticketing and incident management system to compare the incident to similar ones, and ultimately suggesting targeted remediation by a human agent. Bolstered by machine learning algorithms, Oracle CASB learns what constitutes typical behavior for each application. It defines a baseline for typical user behavior, against which deviations can be measured. If a user exhibits behavior outside of those well-established expectations, that behavior can be flagged as an anomaly. For example, if an employee has family members in the Ukraine, and occasionally works from that location, logging in from there would not raise a red flag. However, if an employee who never travels to the Ukraine suddenly logs in from that location, the system could leverage the Adaptive Access engine in CASB and force Multi-Factor Authentication (MFA) by initiating a two-factor identity procedure to verify the user’s identity. In this way, the security system gets smarter over time. The more data it studies, the more users it gets to know, the more applications that come under its purview, the better it can understand rogue or suspicious behavior when it occurs. For example, the CASB might monitor the applications users typically use, the locations they log in from, how they access these cloud services, and the time of day when they are most often online. If it suspects an account may have been hijacked, it can require a password reset or two-factor authentication procedure. Source: https://www.abiresearch.com/press/machine-learning-cybersecurity-boost-big-data-inte/ Adaptive responses continued 14 ABI Research forecasts that machine learning in cybersecurity will boost big data, intelligence, and analytics spending to $96 billion by 2021.*
  • 8. Businesses that have embraced the cloud paradigm are less likely to fall out of compliance with industry and government regulations, guidelines, and standards. However, because of the new challenges and risks that come with the cloud model, it’s more critical than ever to be proactive about cybersecurity. You must institute management processes to assess the state of compliance and evaluate the risks and potential costs of non-compliance. An identity-based SOC uses machine learning to combat fraud across cloud and on-premises applications by analyzing each login attempt in conjunction with data on location, device, and time of day.These intelligent applications are not only better at detecting and preventing threats, but they also automate post-event, investigation, and response activities. Oracle is the first vendor to build this level of identity awareness into a native cloud service that integrates with the rest of the security fabric, offering complete security coverage for hybrid environments. Oracle Identity Cloud Service (IDCS) resides at the center of the security framework to improve compliance, risk management, database security, and application security. It is designed to simplify the deployment of applications such as Office 365, Salesforce, and Oracle Cloud Applications, as well as to bridge the identity gap with on-premises identity management systems and directories, such as Oracle Identity and Access Management and Microsoft Active Directory. Oracle IDCS provides administration capabilities such as user/ group and app administration, access management capabilities such as single sign on, strong authentication, and adaptive risk-based policies. It works in conjunction with Oracle Security Monitoring and Analytics Cloud Service to detect, investigate, and remediate a broad range of security threats across on- premises and cloud environments. Oracle’s modern identity- based SOC incorporates threat intelligence from open source and commercial feeds, IP white/blacklists, device reputation, known vulnerability databases, geo-location, and more. It facilitates rapid detection, investigation, and remediation of a broad range of security threats based on algorithms that can identify patterns in the data. As the system gets smarter, it can even make predictions about the likelihood of future breaches based on historical activity. Risk analysis through identity and context 15 Oracle Identity SOC is the industry’s first identity-centric framework for security operations centers.
  • 9. It is relatively easy for a hacker to steal a sanctioned user’s credentials and then penetrate the network under the guise of an authorized worker. This may lead to suspicious or anomalous activity—different from how that user normally behaves, or how his or her peers normally behave. A CASB system will issue alerts and step up the security constraints—perhaps requiring two- factor authentication to access a particular application. In addition, a centralized identity framework will enable security personnel to audit which users can access which resources at which times. This allows them to identify situations in which users no longer need access, and to set outbound credentials for hosted applications in the cloud and inbound credentials from third parties. Oracle uses machine learning technology to cluster users based on common aggregate behavior, such as where they come from, the internal assets they access, the cloud services they access, and the time of day they operate. This makes it easy to spot anomalous behavior, such as if an HR professional suddenly starts behaving like a finance exec—indicating a potential hijacked account or insider threat. 
 Automating this process is essential, given the sheer volume of alerts and incidents. For example, upon arriving at work in the morning, a SOC professional might receive a summary report that says there were 10,000 alerts over the weekend. The security framework automatically addressed 98 percent of them, the audit report explains—issued alerts, opened support tickets, and escalated potentially threatening issues—so that only 200 alerts need to be reviewed manually. As we’ve seen, a complete security architecture involves the integration of people, processes, and technology via a cloud-based, identity-centric approach.To tie it all together, you need a comprehensive management framework. Oracle Management Cloud includes a machine-learning engine that correlates the data and enables single- pane-of-glass management. It includes preprogrammed AI models, so you don’t need a data scientist on staff to program the system or keep it up to date.The machine learning algorithms add intelligence to DevOps and SOC processes. For example, one security module handles compliance and configuration management. Other modules handle security information and event management (SIEM) and event aggregation via a cloud access security broker (CASB). Oracle Management Cloud blends these individual capabilities into a broad security fabric. It’s ideal for nimble DevOps teams that are adopting modern IT practices, since it correlates pertinent events from the network, applications, and users interacting with your systems. Oracle has embedded machine-learning technology at the heart of Oracle Management Cloud to help you address security threats across on-premises and cloud environments. This management foundation promises a more productive integration of people, process, and technology. Trust-based review Architectural integration 18 PreventPredict DetectRespond Context Content Identity Intelligence Users Network Automation Security intelligence powered by identity
  • 10. IT professionals are losing control as legacy workloads are disassociated from the well- protected, carefully circumscribed physical infrastructure and moved into new domains, where the infrastructure, applications, and data are often managed by third-party providers. Third-party cloud providers have limited or no oversight/visibility into the customers and their data owner.That’s why forward-looking security directors are installing automated, intelligent, context-aware security solutions that give them broad control over the security risks to which their organizations are exposed. Rather than passively monitoring the network, they are creating proactive defenses that protect users, applications, content, and data. Most importantly, they are figuring out how to apply consistent security controls across cloud and on-premises environments. Not properly securing against internal and external threats can have a negative impact on your bottom line, your brand, and your market valuation. Cloud and machine learning technologies can improve your security readiness and give you a more complete picture of your overall IT environment. Oracle enables your team to establish a continuous security posture that can evaluate event data in real time. This adaptable system can learn new things—including where employees move, what devices they use, and how their personal computing environments change day to day. Digital businesses can no longer survive without a high level of security intelligence and awareness. Manual and rule-based technologies are no longer adequate for today’s cybersecurity challenges. You need automated, contextual, machine learning technology to detect and respond to known and unknown threats. Oracle’s integrated security portfolio spans on-premises and cloud environments. It combines contextual identity-as-a-service, a cloud access security broker, security monitoring and analytics, and configuration and compliance capabilities—all from one vendor—which makes it easy to automate your cyber defense and win the cyber war. To learn more please click through to the following resources: Modernize Your Security Operations Center Why You Want to Modernize Your Systems Management and Move it to the Cloud Automated cyber defense: your tomorrow, today 20 Today’s advanced threats demand machine learning and cloud—the new differentiators in the security landscape.
  • 11. Whitepaper. January 2018 Oracle Corporation,World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065, USA Worldwide Inquiries Phone: +1.650.506.7000 Fax: +1.650.506.7200 Copyright © 2018, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. 0118. Machine learning-based adaptive intelligence: The future of cybersecurity