Oracle wants you to drop a log into its cloud, so it can talk security
Larry E wants diverse log file formats tamed, so you can ask security questions in natural language
OpenWorld 2017 Oracle’s founder and chief technology officer Larry Ellison put on his best salesman act Tuesday during his second keynote at the tech giant's OpenWorld gabfest – this time playing up the impact high-profile IT security breaches have had on organisations and increasing concerns over state hackers.
“The people we’re competing against aren’t the normal competitors … it’s not an easy task to defend yourself against nation states,” Larry Ellison told his audience in San Francisco.
Ellison laid it on thick for the first 20 minutes of his talk, before revealing some more detail of the security solution Oracle will offer as part of its incoming autonomous database.
The Oracle Management and Security Cloud - which Ellison teased in his first keynote on Sunday - is pitched as a highly autonomous system that will detect threats in real-time and automatically take remedial action to shut down attackers and secure data.
Oracle promises ‘highly automated’ security in self-driving databaseREAD MORE
The system will ingest information from a range of data sources and then unify and enrich it so the records have similar formats. Ellison said that process will make it possible to use natural language queries such as "show me all the failed logins on the general ledger”.
“The current legacy security systems, there’s lots of data,” Ellison said. “It’s very hard to use data log analytics in a security situation. It’s extremely difficult to do when the data is separated into several different silos.”
As an example, he said: “A Linux log has a different format to an Oracle database log; that’s why it’s so bloody hard for an analyst to go through all these records and figure out what’s going on.”
He added that even in systems that do analyse logs, “there’s no automatic remediation”, as users need to use a completely separate system to take action or patch a database.
Big Red’s offering, he promised, will manage information across all assets - whether that’s cloud or on-premise, Amazon, MongoDB or Oracle cloud - and put it all in Oracle’s cloud for analysis.
Event log data will be enriched with relevant configuration data, Ellison said, meaning that plain English text is added to the complex log records and enabling natural language queries.
“You can’t do anything remotely like that with a lot of separate logs that look entirely different,” Ellison said. "You can’t automate the system unless you have all of that configuration data.”
Oracle VP: 'We want the next decade to be Java first, Java always'READ MORE
He added that the information would be enriched with third party information, for instance whether a URL is “bad”, such as if it is associated with malware or ransomware. Customers would be able to add their own third party databases or subscribe to additional Oracle feeds, Ellison added.
Machine learning technologies will be used to detect normal patterns in the data, and take programmed actions when an anomaly is identified, in real-time, such as changing a password or turning on 2FA if a person’s behaviour is unusual.
“We unify, analyse data, detect anomalies and remediate,” he said. “It’s one system and it’s relatively easy to use.”
The system, Ellison noted later, can also be used to monitor performance and improve productivity or other issues - but “security is number one”.
Interestingly, Ellison chose to define Oracle's forthcoming efforts by saying they're not what one would expect from Splunk.
“It’s not simply an analytics system like Splunk,” Ellison said. “You can use Splunk to investigate logs … but they stop at the analytics page, they don’t do the remediation. It’s not a connected system.”
The CTO also dedicated a slide to pointing out the differences between the two firms' tech, which, as one analyst pointed out on Twitter, might actually be a compliment for Splunk. ®
Sponsored: Becoming a Pragmatic Security Leader