Home Interviews “SOCs help organizations in optimizing controls”

“SOCs help organizations in optimizing controls”

Akshay Aggarwal

Akshay Aggarwal is Cloud Specialist Director – Manageability & Security at Oracle Asia Pacific region. In this role, Akshay is responsible for business development for all the solution specialist product lines of Oracle including AppDev, Mobility, Digital Experience, Integration, Manageability and Security in all the entire Asia Pacific region.

In a discussion with CISO MAG’s Augustin Kurian, he talks about evolving threat landscape, the need of SOC for an organization, and changes GDPR brought to businesses.

How do you see the threat landscape evolving?

The security landscape is evolving more quickly than ever before. The network perimeter has dissolved, even as the number of devices, services, and people allowed to access applications and data, have increased. Automated threats—where it’s not a human being sitting behind a console trying to compromise an IT environment, but rather an automated program running scripts in an attempt to infiltrate systems—have become ordinary. Just a few years ago, concerns about data security and privacy prevented some organizations from adopting cloud-based business models. Today, many of these concerns have been alleviated. IT leaders are migrating their applications and data to the cloud in order to benefit from security features offered by some cloud providers. Both private enterprises and governments have come to realize that traditional IT infrastructure can no longer cope with new-age security threats, which rapidly continue to grow. Current infrastructure and processes can be challenged to protect different varieties of data moving much faster throughout the entire technology stack. Security operations centers (SOCs) are bombarded with millions of alerts; it is not humanely possible to keep pace without new paradigms to triage, automate, and respond to them all.

With hybrid environments, do you think companies are ill-prepared against handling breaches?

The hybrid cloud environment enables business to quickly modernize, transform and innovate; but at the same time, it can pose multiple security threats. Companies need to be able to ingest high amounts of operational and security telemetry and analyze data real-time and embed built-in machine learning (ML) solutions to tackle security breaches. They should also focus on reducing human intervention and automate the entire cyber-defense system.

How is Oracle equipped in averting advanced persistent threats?

Oracle closely works with customers on an ongoing basis, advising them to secure their data against advanced threats, irrespective of the place where the data is stored. We have developed an advanced cyber-defense system running on the cloud that not only encrypts the data but also uses threat intelligence systems to stop any attack on the cloud. Oracle has also introduced an identity security operations centre (iSOC), which includes a remedy system that takes action real time as and when a security breach or any incident that takes place.

Now let me tell you about the management of data itself and Oracle’s approach in this regard. Oracle Autonomous Database—the world’s first self-driving, self-securing and self-repairing database—is redefining the way businesses manage and secure their data. Powered by ground-breaking ML, Oracle Autonomous Database takes the complexity out of running a business-critical database to help businesses realize unprecedented availability, high performance and security – all at a significantly lower cost. With adaptive intelligence-enabled cyber threat detection and remediation, as well as automatic data encryption and with security patches getting automatically applied, Oracle Autonomous Database provides unparalleled security for your critical business data. In fact, there are significant security advantages that automated patch management can bring in. Per a recent study by Verizon, it was estimated that a majority of security breaches that occurred, were primarily because the updated security patches weren’t applied – though available.

What according to you are best practices to be established?

While there is no ‘one size fits all’ approach to security, here are some steps organizations can take to begin with, to thwart cyber threats:

  • Ensure policies and mechanisms are in place to meet compliance requirements across the cloud
  • Enhance cybersecurity policies/programmes that augment network security controls with strategies, skills and processes
  • Look at built-in ML and automated systems to respond to threats with confidence and dramatically combat security challenges
  • Review the security posture of all SaaS, PaaS, and IaaS projects for industry best practices
  • Identify risks where security requirements cannot be fully addressed
  • Look for opportunities where security can be optimized and enhanced

Tell us a bit about the Oracle Trust Fabric. What all vectors are covered by the suite?

The Trust Fabric is powered by our decades of experience of safeguarding the world’s most important data. With the Trust Fabric, Oracle is bringing autonomous security, enabled by AI/ML solutions into the enterprise. The Oracle Trust Fabric offering includes cloud infrastructure analytics and monitoring along with identity and access management for customers. It also allows additional visibility into how an identity is being used and how activities can be monitored to help identify atypical/aberrant behaviours.

Integrated in a cloud-first fashion (as the delivery model), Oracle Trust Fabric provides a single view of the operational security risk and can handle these risks in a much better way, by managing all the systems running on-premises or on cloud.

Can you tell us how are SOCs better than a Security Team? When should an organization realize it needs a SOC? What are the required and concerned parameters for the same?

Today’s attacks have increased in sophistication. Threats are multi-vector now, utilizing multiple entry points. Unlike before, where the attack focus used to be indiscriminate, it is now targeted – which makes user awareness and attribution invaluable in detection. Early detection is now the key as threats no longer last for an hour or two, but are rather persistent and can affect a system for even days, weeks or months. In such conditions, a traditional security team might not be fully equipped or might lack the scale, pace and bandwidth to fight against each and every challenge that arises. This is where AI/ML powered advanced security solutions make the difference.

With sophisticated security processes, SOCs will be able to sail through the many ‘false positives’ or red flags and zero in on only the subset of threats that really need to be managed. SOCs will improve cost efficiency of the organizations and will help in optimizing controls. It will also help the IT teams to consolidate technologies, tools and processes to improve preparedness and adapt strategic cyber-defense solutions.

There’s one caveat though—every organization might not be in a position to have a robust, dedicated SOC that’s constantly learning and updating skillsets to keep pace with (and counter) the ever expanding threat landscape. This is where end-to-end security providers like Oracle come in by providing it as a cloud service.

Extensive deployment of AI/ML seems to be the easy and immediate remedy. But what are the immediate challenges that accompany this?

To secure enterprise IT assets and protect against increasingly sophisticated attacks, forward-looking organizations are adopting cybersecurity technologies that are continuously learning and adapting, in real-time, and are inherently intelligent. They rely on AI/ML algorithms to manage configurations, monitor who has access to what resources, and encrypt sensitive data to protect IT assets. An advanced security system can adapt to changing conditions, driven by ML that automatically detects and fixes problems without human agents – a capability we refer to as adaptive response.

Security operations boil down to two fundamental metrics: how quickly can you detect a breach, and how quickly can you respond to a known attack – known as mean time to detect (MTTD) and mean time to respond (MTTR), respectively.

AI/ML can help companies correlate events and apply heuristics to detect patterns, trends, and anomalies in the data: including detecting new alerts, adding context to those alerts, and responding quickly to address and resolve incidents. An automated cloud security solution can continuously evaluate millions of patterns and uncover anomalies and suspicious activity. ML algorithms scale well to accommodate large volumes of data when deployed in the cloud. Due to the massive amount of data involved, on-premises solutions quickly turn into large infrastructure sets requiring constant expansion to address compute and storage needs. An AI algorithm processes the data to identify patterns, create audit reports, and detect security risk indicators based on pre-defined threat models, baseline risk indicators, abnormal events, and suspicious user behaviour activity.

Contrary to the popular belief that AI/ML brings in complexity and is difficult to manage, Oracle’s self-driving cyber defense system is able to run autonomously without any human intervention to provide self-driving, self-learning, self-patching, self-securing and self-remediation capabilities. Hence, now, security teams can spend their time qualitatively on analyzing real threats linked to user identity instead of spending hours and hours sifting through a plethora of false positives (the superset of alerts that get flagged).

With GDPR in place, how does Oracle address regulatory and compliance mandates on behalf of third parties?

With data privacy concerns being a priority for organizations dealing with data and stern regulatory compliance procedures like GDPR coming into force, organizations are required to redefine the way they approach data management. A good first step would be to put in place a cohesive IT architecture, whose systems and applications are built to work seamlessly as an integrated unit. The data can then be organized in such a way that it’s easier to find, change, transfer, erase and comply with regulatory requirements.

Oracle has been the undisputed leader in data security for decades. With a long history and proven record of securing data and systems, Oracle has led the data security spectrum for years. Oracle security includes a full set of hybrid cloud solutions, from the chip to applications, that help prevent, predict, detect and respond to security threats. We have an extensive value proposition to help address GDPR requirements that impact data inventory, risk awareness, application modification, and architecture integration.

Do you think several key government bodies of India, U.S, and UK needs SOCs to protect their critical infrastructure?

Most definitely yes. Most of the government bodies of India, US and UK already have SOCs running at different state and national levels to protect their critical infrastructure. The challenge remains how fast they are able to keep pace with the changing technology and threat landscape to ensure citizen data is secured at all times, irrespective of where it resides. Hence, leveraging brand new cyber-defense systems which use AI/ML capabilities is extremely important for them as well as they too are adopting technologies which run in the private and public cloud to provide cutting edge services to the citizens of their country.