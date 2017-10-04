Automation has long been a hot button topic for the cybersecurity industry, promising automatic patching and a move away from the legacy ‘fingerprinting' style of defence. Oracle CTO Larry Ellison joined the chorus today at OpenWorld, announcing the "highly-automated" Oracle Management and Security Cloud

In a call back to his opening keynote, Ellison said that the OMSC works together with the Autonomous Database (ADB) to stop data theft, which is arguably the most significant cyber threat in the world today. Unlike the database, the OMSC is not fully automated yet; it works in conjunction with people.

"Companies are losing the cyber war," said Ellison. The Equifax hack affected 143 million Americans alone - and that data hasn't shown up on the dark web yet, heavily implying that it was a nation state attack. The same goes for the hack on the Office of Personnel Management in summer 2015, when the personal records of more than 20 million federal employees were stolen: America had to pull intelligence agents out of the field because of that incident.

We are losing the cyber war… We have to do something.

The current strategy of analysing some logs and patching them in downtime is absolutely not working, and is what caused the Equifax breach. Working this way shows that we are not prioritising security, said Ellison. People who work in security treat it seriously, but people who do not just see it as a disruption to their daily lives.

"We have to elevate the priority of security in our data centre, because no-one wants to be on the front page for that reason."

Ellison cited an example of a "very large" European defence contractor, who was buying a new system. He pointed to some issues and urged the contractor to look at security vulnerabilities in the system; the reaction was "The HR team like this system." That's not a great reaction! We wouldn't accept it from someone buying a safety system in aviation: safety there is job one, so why is security job ten?

Skynet 101

Legacy systems use too many separate tools, with data silos and few actionable insights. There is too much noise and too much human effort; and, worse, no auto-remediation of problems when they are detected.

Automation is the best way to secure our data, and this is where the ADB and OMSC come in. Working together, they can automatically detect and fix vulnerabilities and shut down attacks. On top of that, an enterprise network needs to be able to recover from an attack if one does get through: the ADB automatically backs up data.

Both the database and security cloud are based on machine learning. They can be trained by feeding them data, helping them detect and connect anomalous events: the CFO logging on from the Ukraine, for example. They use this training to stop attacks in real time.

The OMSC is the first cloud-native system. It runs in but is not limited to the Oracle Cloud; it can also be used to manage Amazon assets in the Amazon cloud, or on-prem assets. It has been designed to take logs and configuration information from all of a company's assets and consolidate them in one place.

"We have to rethink how we defend our systems," Ellison stressed. "It can't be our people versus their computers; we're going to lose that war - and make no mistake, it is a war. It has to be our computers versus their computers."