Photobank - Fotolia
SAN FRANCISCO -- Last week saw an expansion of data handling and machine learning capabilities for Oracle cloud security and management product lines.
The rollout came along with some warnings about the dangers of unprotected data, and a few brickbats for upstart rival Splunk, which has made headway in the field of security information and event management (SIEM).
Oracle's updates appear amid a whirl of headlines on a massive data breach at Equifax, the large credit and collections agency that this year put millions of Americans' private data at risk. Some viewers suggest the breach was the work of state-sponsored hackers.
Among those viewers is Oracle founder and CTO Larry Ellison, who chose Oracle's OpenWorld 2017 event to roll out updates to its Oracle Management Cloud and Oracle Security Monitoring and Analytics Cloud Service. State-sponsored hackers up the ante in cybersecurity, he said.
"Companies have to defend themselves against nation-states. And, some of these guys are very good at what they do," Ellison warned. "This is really a very bad situation."
Looking for bad patterns
Oracle database security has been a strong selling point for the company over many years, although its overall security came in for continual criticism after a 2008 purchase of Sun Microsystems that included Java and the J2EE framework.
Now, Oracle cloud security is gaining special focus. Oracle cloud security efforts were buttressed in 2016 with acquisitions, including DNS services provider Dyn and cloud access broker provider Palerra. For its new releases, acquired services are further strengthened by data management and machine learning advances forged within Oracle.
As described by Ellison and others, the essence of the updates to Oracle Management Cloud and Oracle Security Monitoring and Analytics Cloud Service rely on a well-curated, unified data store for massive amounts of log and other activity data.
Add to that a heaping helping of machine learning algorithms that look for good and bad patterns of activity. Finally, runbook-style automation will be employed to fix more and more security flaws without human intervention.
Splunk-y rival attracts wrath of Larry
Oracle OpenWorld sometimes serves as a stage for leader Ellison's zest for heated competition. Last year, with cloud database technology being showcased, he berated Amazon Web Services. This year, with Oracle's enhanced data, cloud and security management software on the docket, Ellison's targets expanded to include Splunk, a San Francisco-based software company that has made a mark in log analysis in addition to SIEM.
Ellison challenged Splunk for lack of an entity model for unified data handling, difficult-to-use machine learning and lack of remediation capabilities. In his view, not surprisingly, the Oracle offering is better.
"It is not simply an analytical system, like Splunk. It is a security monitoring and management system designed to detect and remediate the problem," he told the OpenWorld gathering.
Splunk -- again, not surprisingly -- responded. In a blog post entitled "Splunk Fires Back at Ludicrous Larry," CEO Doug Merritt contended that there are drawbacks to single, unified repositories for threat and contextual data. Merritt dismissed Ellison's assertion that Splunk is purely an analytical system, without remediation capabilities, citing hooks, for example, to ServiceNow operations automation. And, while Splunk does provide an SDK for data scientists, its capabilities are within reach of "anyone in IT, security or the business, no data science degree required," he said.
"It was flattering that Oracle finally woke up to the power of machine data and the importance of security," Merritt wrote. The blog post concludes with a photo of a capsized Oracle America's Cup series catamaran.
Threats to Oracle cloud security
Oracle will find some favor with its security monitoring and analytics cloud services because they're logical add-ons for its growing number of cloud-based offerings, according to Eric Parizo, a senior analyst at GlobalData Technology. The new services also have the potential to be a disruptive force among security offerings, Parizo said, if the company provides a cloud-based alternative that's truly easier to use.
"Oracle sees Splunk succeeding with a security-centric approach that mirrors a lot of what Oracle does in the data management realm, so Oracle believes it is recapturing an opportunity it should have pursued earlier," he said.
Still, Parizo continued, "it's impossible to ignore Oracle's poor track record on cybersecurity." Over many years, Oracle has "released products rife with security flaws, and ignored those flaws for months or in some cases years after they've been widely known," he said. "The company has a lot of work to do to prove its cybersecurity solutions are effective, and that its approach toward security has evolved enough to justify an investment."
Meanwhile, Oracle may have found an out for at least some portion of its bad security press. The company recently ceded great portions of its Java software assets to the open source community, putting future revisions largely in the hands of the Eclipse Foundation.
The move could mean that Java flaws, many of which Oracle inherited along with its purchase of Java originator Sun, will become the responsibility of a wider group of software developers.
Learn more about Oracle's machine learning push
Oracle, Microsoft back cloud database services
Why Oracle 18c automation isn't a threat to DBAs