partner webcast – security monitoring and compliance redefined on cloud
Post on 14-Apr-2017
68 Views
Preview:
TRANSCRIPT
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Thanos Terentes Printzios Technology Adoption Manager, EMEA A&CLuca Martelli Senior Director of Identity & Security EMEATania Le Voi Senior Director, OMC Product Management EMEAArtur Alves Principal Sales Consultant, EMEA
New Oracle Management Cloud Security Cloud Services:Security Monitoring & AnalyticsConfiguration & Compliance April 13th 2017
(Audio is Broadcasted via WebEx Audio Streaming)
EMEA Upcoming Security Webcasts & Events
•27-28 April, Budapest, annual Oracle Partner Security Forum (we still have 8 seats available)
Copyright © 2017 Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
4
Safe Harbor
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Agenda
• Identity SOC: next gen security for hybrid scenario
• New Oracle Management Cloud Security Cloud Services:- Security Monitoring & Analytics- Configuration & Compliance
• Demo
• Licensing Model, General Availability
• How can Oracle Cloud Security Services help with GDPR?
• Resources for Partners
• Q&A
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 6
Identity SOC: next gen security for the hybrid environment
CONTENT SECURITY USER SECURITY CONFIGURATION
Security PostureApplications, data and user activity analytics, threat intelligence, and compliance
One-Stop SOC Dashboard
Automated Response & Remediation (Orchestration Cloud Service)
Security Monitoring & Analytics Cloud Service
CASB Cloud Service
Identity Cloud Service
Configuration & Compliance
Cloud Service
Copyright © 2017 Oracle and/or its affiliates. All rights reserved. |
Growing Impact of Cybersecurity
7
eBay
148M customer records
2015
MySpace
427M passwords360M emails
111M usernames
2016
Yahoo
1Billion+user accounts
2016
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Why Aren’t Security Teams Able to Keep Up
8
Shrinking Visibility
• Cloud, BYOD reduce perimeter security efficacy
• DevOps multiplies change rates
• Shrinking window to catch vulnerable config
Growing Detection Gap
• Zero day attacks require anomaly detection
• Low & slow, multi-stage threats require sequence awareness
• Targeted attacks require identity awareness
Falling Efficiency
• More assets, more security tools, more alerts
• Staffing shortages
• Negative impact on SOC metrics
Copyright © 2017 Oracle and/or its affiliates. All rights reserved. |
It's not my machines, it's your code!
It's not my code, it's your machines!
Where’s the data?
9
What does the data mean?
Human-Factor Dependence is Widespread and Inefficient
END USER EXPERIENCE
APPLICATION
MIDDLE TIER
DATA TIER
VIRTUALIZATION TIER
VM CONTAINER
INFRASTRUCTURE TIER
VM CONTAINER
Real UsersSynthetic Users
App metricsTransactions
Server metricsDiagnosticsLogs
Host metricsVM metricsContainer metrics
CMDBTicketsAlerts
END USER EXPERIENCE
APPLICATION
MIDDLE TIER
DATA TIER
VIRTUALIZATION TIER
VM CONTAINER
INFRASTRUCTURE TIER
VM CONTAINER
Real UsersSynthetic Users
App metricsTransactions
Server metricsDiagnosticsLogs
Host metricsVM metricsContainer metrics
CMDBTicketsAlerts
END USER EXPERIENCE
APPLICATION
MIDDLE TIER
DATA TIER
VIRTUALIZATION TIER
VM CONTAINER
INFRASTRUCTURE TIER
VM CONTAINER
Real UsersSynthetic Users
App metricsTransactions
Server metricsDiagnosticsLogs
Host metricsVM metricsContainer metrics
CMDBTicketsAlerts
END USER EXPERIENCE
APPLICATION
MIDDLE TIER
DATA TIER
VIRTUALIZATION TIER
VM CONTAINER
INFRASTRUCTURE TIER
VM CONTAINER
Real UsersSynthetic Users
App metricsTransactions
Server metricsDiagnosticsLogs
Host metricsVM metricsContainer metrics
CMDBTicketsAlerts
END USER EXPERIENCE
APPLICATION
MIDDLE TIER
DATA TIER
VIRTUALIZATION TIER
VM CONTAINER
INFRASTRUCTURE TIER
VM CONTAINER
Real UsersSynthetic Users
App metricsTransactions
Server metricsDiagnosticsLogs
Host metricsVM metricsContainer metrics
CMDBTicketsAlerts
END USER EXPERIENCE
APPLICATION
MIDDLE TIER
DATA TIER
VIRTUALIZATION TIER
VM CONTAINER
INFRASTRUCTURE TIER
VM CONTAINER
Real UsersSynthetic Users
App metricsTransactions
Server metricsDiagnosticsLogs
Host metricsVM metricsContainer metrics
CMDBTicketsAlerts
END USER EXPERIENCE
APPLICATION
MIDDLE TIER
DATA TIER
VIRTUALIZATION TIER
VM CONTAINER
INFRASTRUCTURE TIER
VM CONTAINER
Real UsersSynthetic Users
App metricsTransactions
Server metricsDiagnosticsLogs
Host metricsVM metricsContainer metrics
CMDBTicketsAlerts
END USER EXPERIENCE
APPLICATION
MIDDLE TIER
DATA TIER
VIRTUALIZATION TIER
VM CONTAINER
INFRASTRUCTURE TIER
VM CONTAINER
Real UsersSynthetic Users
App metricsTransactions
Server metricsDiagnosticsLogs
Host metricsVM metricsContainer metrics
CMDBTicketsAlerts
It’s not my policies, it’s your code!
It’s not my code, it’s your policies!
Copyright © 2017 Oracle and/or its affiliates. All rights reserved. |
Have All The Data You Need
10
Know What The Data Means
What if You Could…?
Copyright © 2017 Oracle and/or its affiliates. All rights reserved. | 11
Our Vision
Complete, integrated suite of management solutions
Designed for heterogeneous applications and infrastructure
Rapid time to valueOn Premise
Application PerformanceMonitoring
LogAnalytics IT
Analytics
Infrastructure Monitoring
ComplianceOrchestration
Security Monitoring & Analytics
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Current Solution: Fragmented and Integration Intensive
12
SIEM(Security Information and Event Management)
Security context, Rules based detection
UEBA(User and Entity Behavior Analytics)
User context, Anomaly detection
X Integration overhead in perpetuity
X Multiple UIs, support lines, M&A risk
X Redundancy within in each segment
X Lacking operational awareness
X Scale, delivery model discrepancies
Log ManagementRaw logs, Forensic search, IT ops analytics
Configuration ManagementSecure state, configuration auditing
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 13
Oracle Management
Cloud
Integrated SIEM/UEBA, log, configuration management
SMB to F100 trusted vendor globally Heterogeneous coverage across cloud and
on-premise assets Adds unique operational intelligence critical
to modern threat detection Delivered as cloud service suite for rapid
time to value, ease of expansion/scale
Security Monitoring and Compliance Redefined
Security Monitoring and Analytics
Configuration and Compliance
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
01100100 01100001 01110100 01100001 0110010001100001 01110100 0100 0110000101100100 01100001 01110100 01100001 0110010001100001 01011 01110100110000101100100 01100001 01110100 110000101100100 01100001 01110100 011000010110010001100001 01110100 110000101100100 0100111 01100001 01110100110000101100100 01100001 01110100 01100001 011010 0110010001100001 0111010001100001 0110010001100001 01110100 01001 01100001 0110010001100001 0111010001100001 0110010001100001 01001 01110100 01100001 0110010001100001 0111010001100001 0100101001 001 0110010001100001 01110100 01100001 011001000110000101110100 010011 01100001 0110010001100001 01110100 01100001 01100100 0110000101001 01110100 01100001 0110010001100001 01110100 01100001 01100100 0100 0110000101110100 01100001 0110010001100001 01110100 01000100 0100 11000010110010001100001 01110100 110000101100100 01100001 01110100 01100001 011001000110000101110100 110000101100100 01100001 010001 01110100 110000101100100 0110000101110100 01100001 01000100 010011 0110010001100001 01110100 011000010110010001100001 01110100 01000 01110100 110000101100100 01100001 0111010001100001 01000100 010011 0110010001100001 01110100 01100001 011001000110000101110100 010011
Next-Generation Unified Data
14
END USER EXPERIENCE/ACTIVITY
APPLICATION
MIDDLE TIER
DATA TIER
VIRTUALIZATION TIER
VM CONTAINER
INFRASTRUCTURE TIER
VM CONTAINER
Real UsersSynthetic Users
Unified Platform
App metricsTransactions
Server metricsDiagnosticsLogs
Host metricsVM metricsContainer metrics
CMDB/ComplianceTicketsAlerts
INTELLIGENT, UNIFIED PLATFORM
POWERED BY MACHINE LEARNING
INFORMED BY A COMPLETE DATA SET
HETEROGENEOUS AND OPEN
✔
✔
✔
✔
Security Events
Global Threat FeedsCASBIdentity
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 15
01100100 01100001 01110100 01100001 0110010001100001 01110100 0100 0110000101100100 01100001 01110100 01100001 0110010001100001 01011 01110100110000101100100 01100001 01110100 110000101100100 01100001 01110100 011000010110010001100001 01110100 110000101100100 0100111 01100001 01110100110000101100100 01100001 01110100 01100001 011010 0110010001100001 0111010001100001 0110010001100001 01110100 01001 01100001 0110010001100001 0111010001100001 0110010001100001 01001 01110100 01100001 0110010001100001 0111010001100001 0100101001 001 0110010001100001 01110100 01100001 011001000110000101110100 010011 01100001 0110010001100001 01110100 01100001 01100100 0110000101001 01110100 01100001 0110010001100001 01110100 01100001 01100100 0100 0110000101110100 01100001 0110010001100001 01110100 01000100 0100 11000010110010001100001 01110100 110000101100100 01100001 01110100 01100001 011001000110000101110100 110000101100100 01100001 010001 01110100 110000101100100 0110000101110100 01100001 01000100 010011 0110010001100001 01110100 011000010110010001100001 01110100 01000 01110100 110000101100100 01100001 0111010001100001 01000100 010011 0110010001100001 01110100 01100001 011001000110000101110100 010011
END USER EXPERIENCE/ACTIVITY
APPLICATION
MIDDLE TIER
DATA TIER
VIRTUALIZATION TIER
VM CONTAINER
INFRASTRUCTURE TIER
VM CONTAINER
Real UsersSynthetic Users
Unified Platform
App metricsTransactions
Server metricsDiagnosticsLogs
Host metricsVM metricsContainer metrics
CMDB/ComplianceTicketsAlerts
Security Events
Global Threat FeedsCASBIdentity
Powered By Machine Learning
ANOMALY DETECTION
CLUSTERING
PREDICTION
CORRELATION
Copyright © 2017 Oracle and/or its affiliates. All rights reserved. |
Why The Security Problem is Perfect for Machine Learning
Massive volume
Highly patterned
Predictable format
Possible to unify data
Exhibits long-term trends
Sources constantly change
Copyright © 2017 Oracle and/or its affiliates. All rights reserved. | 17
Purpose-Built Machine Learning Answers Top Questions
What caused the breach?
What is the biggest threat?
Should I be concerned about what this user is
doing?
Is what I’m seeing normal or abnormal?
What do I need to pay attention to
right now?
WHAT WILL HAPPEN
TOMORROW?
How do I prevent the problem in the
future?
What areas can I harden, and how?
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 18
Single Pane of Glass for IdentitySOC
CONTENT SECURITY USER SECURITY CONFIGURATION
Security PostureApplications, data and user activity analytics, threat intelligence, and compliance
One-Stop SOC Dashboard
Automated Response & Remediation (Orchestration Cloud Service)
Security Monitoring & Analytics Cloud Service
CASB Cloud Service
Identity Cloud Service
Configuration & Compliance
Cloud Service
Copyright © 2017 Oracle and/or its affiliates. All rights reserved. |
Security Monitoring and Analytics Cloud Service
• Comprehensive Detection– Any log, any intelligence feed, any metric, any
location (on-premises or cloud)
• Rapid Investigation– Intuitive visualization of threats and early
warning signs
• Intelligent Remediation– Powerful auto-remediation framework for any IT
stack
• Faster Time to Value– Next-gen cloud service with SOC ready content
Oracle Public 19Oracle PublicCopyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2017 Oracle and/or its affiliates. All rights reserved. |
Configuration and Compliance Cloud Service
• Standards Based– Execute industry standard compliance benchmarks
at cloud scale
• Application & Cloud Aware– Assess compliance against infrastructure and
applications stacks, on-premises or in the cloud
• Efficient & Actionable– Quickly determine your enterprise compliance
posture and remediate violations
• Extensible– Execute custom scripts and enforce your
organization’s standards
Oracle Public 20Oracle PublicCopyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2017 Oracle and/or its affiliates. All rights reserved. |
• Application topology awareness
– Lateral movement within application
– Multi-tier attack within application
• Orchestration/Remediation
– Execute configuration assessment
– Change user privileges
• Full visibility across stack and clouds
– End-user activity
– Application and Infrastructure Logs
– Configuration assessment results
– Operational metrics (CPU, memory etc.)
21
Application PerformanceMonitoring
Log Analytics
IT Analytics
Infrastructure Monitoring
Compliance
Orchestration
Security Monitoring & Analytics
Unified Data, Comprehensive Suite
Copyright © 2017 Oracle and/or its affiliates. All rights reserved. |Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Artur Alves Principal Sales Consultant, EMEA
New Oracle Management Cloud Security Cloud Services:Security Monitoring & AnalyticsConfiguration & Compliance
April 13th 2017
Copyright © 2017 Oracle and/or its affiliates. All rights reserved. |
• Key aspects of GDPR
– New statutory requirements will require companies to re-think how they handle and protect their personal data
– Includes a new liability and sanction regime
– Entry into force on 25 May 2018
• Potential serious consequences
– Fines of up to 4% of global annual revenue or €20M
– 72 hours for data breach notification
• Aspects of GDPR that Oracle Offerings may Help Address
– “Data Protection by design and default”
– “Security of Processing“
– “Data Breach Notifications to Individuals” not required if security controls prevent breach from occurring
– If a data breach occurs “administrative fines shall” take into account “technical and organisational measures implemented”
23
• Relevant Oracle Offerings
– Database Security Advanced Security Option, Database Vault, Audit Vault Database Firewall, Key Vault, Data Masking/Subsetting. DB Cloud can make use of DB security features/options
– High availability and resilience: Data Guard, RAC, Backup solutions, ZDLRA
– Software Security CASB Cloud Service, SMA Cloud Service, CC Cloud Service, API-Platform Cloud Service
– Identity Management Identity Governance, Identity Cloud Service, Access Management, Centralised Directory
– Applicable to “existing/legacy systems and new digital systems”
Summary: GDPR & Oracle Offerings
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Awarness and Enablement Plan for PartnersDemoWorkshopsPartner Community Forum (April)
Copyright © 2017 Oracle and/or its affiliates. All rights reserved. |
Access a cloud instance of IDCS: demo.oracle.com (GSE)
• Partners have access to demo.oracle.com (GSE) directly provided they sign the DSS Addendum
• Demo ServiceSAddendum can be signed on line via http://www.oracle.com/partnerstore(Demo Services -> Apply for Addendum)
Copyright © 2017 Oracle and/or its affiliates. All rights reserved. |
• 2 days annual meeting with focused EMEA Identity&Security partners
• Benefits:
– Sharing about customer business priorities
– Getting the latest roadmaps and insights from HQ head of security development (HQ PMs Team + EMEA Team)
– Networking
• Expectations:
– Bidirectional conversations
• Link : https://blogs.oracle.com/emeapartnermiddleware/entry/oracle_partners_identity_cloud_security
Security Partner Community ForumBudapest – 27, 28 April 2017
26
Copyright © 2017 Oracle and/or its affiliates. All rights reserved. |
• A&C Team
– partner.imc@beehiveonline.oracle.com
– Thanos Terentes Printzios
– Your Oracle Partner Manager
• EMEA Security
– Franck Hourdin
– Luca Martelli
– Patrick McLaughlin
– Prashant Barot
• OMC EMEA Product Management
– Tania Le Voi
Regional Security Goto Persons:
– Alessandro Vallega, France, Italy
– Mauricio Gumiel, Iberia
– Karen Weebers, Benelux
– Dragan Petkovic, MEA
– Dimitris Theodoropoulos, EECIS
– Ernst Lorenz, North
– Paul Kennedy and Graeme Kerr, UKIE
– Natalia Diskin, Israel
Follow-up Contact Details in the Security Team(firstname.lastname@oracle.com)
27
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Stay In TouchOracle IMC blog:http://blogs.oracle.com/imc
Oracle ECEMEA Partner Hub Homepage:http://oracle.com/goto/hub-ecemea
Oracle IMC Mail:partner.imc@beehiveonline.oracle.com
Twitter: http://twitter.com/oracleimc
Facebook: http://facebook.com/oracleimc
LinkedIn: http://linkedin.com/groups/OracleIMC-4535240
Google+: http://plus.google.com/+OracleIMC
top related