DEV5059: Using Machine Learning to Make DevSecOps a Reality - Oracle Code One Vijay Tatkar Director, Product Management Oracle Management Cloud ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
DEV5059: Using Machine Learning
to Make DevSecOps a Reality
Oracle Code One
Vijay Tatkar
Director, Product Management
Oracle Management Cloud
October 25, 2018
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for
information purposes only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality, and should not be relied upon
in making purchasing decisions. The development, release, timing, and pricing of any
features or functionality described for Oracle’s products may change and remains at the
sole discretion of Oracle Corporation.
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted
Program Agenda
1 Defining terms
2 Why DevSecOps is Perfect for Machine Learning
3 Making Machine Learning Smarter for SecOps
4 Demo
5 Q&A
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Data Breaches are Exploding World-Wide
11M 1B
Premera Yahoo Carphone
Blue Cross US Voters Dec ’16
200M Mar ‘15 Warehouse
S. Korea
191M, Dec 15 Aug ’15
Experian 154M Jan ‘14
Vodafone Espionage
Mar ’14 56M 32M US Voter
2.4M Oct ‘13
Home Depot Ashley Jun ‘16 Kaspersky 20M Japan
Sep ‘14 Madison 15M 2M Hacking Jun ‘15 Credit Bureau
77M T-Mobile 4M
Team
Jul ‘15
Edmodo
Jul ’15 4.6M
Oct ’15 Talk Talk 12M 22M
Scottrade Oct 15 2M 400GB Telecom Benesse
150M May
76M ‘17TBs IP Oct ’15
CIA IP Theft 50M
Sony Orange Education
Adobe JPMC Nov Apr US
‘17 OPM, 22M Turkish Govt
143M Sabre
Jun ’15 Feb/Apr ‘14
Apr ‘16 30M 5M Jul ‘14
Oct ‘13 Oct ‘14 ’14
Mar ‘16 93M VTech
BSNL Telco Nov ‘15
Equifax Mexico Voter Journal
July ‘17 80M Apr ‘16 3.2M Jul ‘15
150M Anthem 55M
Debit cards Philippines
98M eBay Feb ‘15 Oct ‘16 42M
Voter list Cupid Media
Target May ‘14 400M Apr ‘16
Jan ’13
DEC ‘13 Friend Finder Kmart
Dec ‘16 4 out of 5 breaches
Oct ‘15
were human errors!
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Program Agenda
1 Defining terms
2 Why DevSecOps is perfect for machine learning
3 Making Machine Learning Smarter for SecOps
4 Demo
5 Q&A
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Defining Terms (source: wikipedia.com)
• Machine Learning
– Machine learning is the subfield of computer science that gives computers the ability to learn without being
explicitly programmed. Evolved from the study of pattern recognition and computational learning theory in
artificial intelligence, machine learning explores the study and construction of algorithms that can learn
from and make predictions on data.
• DevSecOps
– DevSecOps is a practice that aims at integrating security into every aspect of an application lifecycle from
design to development, testing, production, and ongoing operations. DevSecOps is increasingly being used
in the context of cloud deployments where organizations already have DevOps teams and tools in place to
integrate, automate and monitoring every aspect of the development lifecycle from development to
production.
• Systems Management or IT Operations Management
– IT Operations is responsible for the smooth functioning of the infrastructure and operational environments
that support application deployment to internal and external customers, including the network
infrastructure; server and device management; computer operations; IT infrastructure library (ITIL)
management; and help desk services for an organization.
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
DevSecOps is changing Development and Operations
Cloud is forcing an evolution away from established practices
• Developer Trends • Security • Operations transformation
– Microservices – Loss of “Fortress” or – Docker
– Continuous Integration “Perimeter” of protection – Kubernetes
– High Frequency Releases – Cyber Kill Chain – Hybrid Clouds
– Open Source Frameworks – 2000: Thrill seeking Geeks – Continuous Deployment
– Real time Data pipelines – 2008: Profit seeking insiders – Zero Downtime releases
– SPARK, Cassandra, Kafka – Now: Highly organized cyber – Chef, Ansible, Jenkins
syndicates, nation states
– Akka, Scala
– Jenkins
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
The Cyber Security Kill-Chain
Research
Infiltration
Discovery
Bad Guys Good Guys
Capture
Exfiltration
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Program Agenda
1 Defining terms
2 Why DevSecOps is perfect for machine learning
3 Making Machine Learning Smarter for SecOps
4 Demo
5 Q&A
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Developers Need To Increase Code Security Awareness
Because fixing code at development is 60x cheaper than a patch
• Top Security threat concerns:* Simple Preventions:
– Phishing: 43% – 93% of breaches could have been easily
– SQL Injection: 49% prevented (*Online Trust Alliance Report)
• Regularly patch & update software
– DDoS: 46%
• Block fake emails via authentication
– XSS: 37%
• Train engineers to recognize phishing attacks
• Protect yourself: – Do risk assessments
– Static Checking, Dynamic Checking tools: – Encrypt end-to-end
• Coverity, FindBugs, AppScan, HP Fortify, Lint, Analyzer
– Ensure that devices & servers are configured
– Appropriate privileges to bots, agents
– Data types and sensitivity
– Build system controls: add logging, event
monitoring, configuration
* Source: Dzone survey of >1000 developers: 2016
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |Four Drivers in Modern-Day Cybersecurity
Security posture must be Asset-, Identity and Hybrid Cloud-Aware – at DevOps speed
Protected Assets = Data Perimeter = Identity Model = Hybrid Cloud Driver = Innovation
• “Protect the data, forget the • “IAM leaders should adopt these • “The secure use of public clouds • “The reality is business leaders
perimeter, says PwC security identity life cycle best practices … requires explicit effort on the part are moving full speed ahead, with
chief” to properly establish an identity of the customer.” or without you…”
perimeter. ”
-- Silicon Republic Interview with Kris McKonkey, PwC Cybersecurity Partner, Nov 2015
-- IGA Best Practices, Gartner, Aug 2016
-- Jay Heiser, Gartner Analyst, Nov 2015
-- Neil MacDonald, Gartner Analyst, Nov 2017
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |Program Agenda
1 Defining terms
2 Why DevSecOps is perfect for machine learning
3 Making Machine Learning Smart for SecOps
4 Demo
5 Q&A
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |Oracle Management Cloud
First Cloud Native Management and Security Solution
Application
Performance
Global threat feeds Monitoring
END USER Cloud access
EXPERIENCE / ACTIVITY
Identity
Infrastructure
Unified, Intelligent
Real users Orchestration
Monitoring Management
APPLICATION Synthetic users
Platform
App metrics
Transactions
MIDDLE TIER
Server metrics Powered by
Diagnostics logs Machine Learning
DATA TIER Log IT
Host metrics Analytics Analytics
VM metrics
Container metrics
VIRTUALIZATION TIER Auto-remediation
Configuration
Compliance
Tickets & Alerts Configuration Security
INFRASTRUCTURE TIER & Compliance Monitoring &
Security & Network Analytics
events
Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |ML Is Ideally-Suited for Security & Management
• Massive Data Volume • Data Is Highly-Patterned • Need Insights, Not Data
Terabytes of telemetry Unified metric and log We know the kinds of
generated every day data can be understood questions we want to ask
overwhelm humans by purpose-built ML
Is what I’m seeing
What caused the normal or
problem? abnormal?
What do I need to What problem is
pay attention to coming up in the
right now? near future?
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |Unified Data Informs Both Security and Management
• Example: Configurations/Topology • Example: Performance metrics
– Time-series performance data from
end-user to disk across hybrid estate
>3800 >5600 >49000 – Modeled and correlated over time for
Number of property settings available in
basic installs of Oracle Database, Exalogic, Exadata
anomaly detection and forecasting
Why security cares: Why ops cares: Why security cares: Why ops cares:
misconfigurations misconfigurations anomalies may root cause analysis
leave data and IT cause majority of indicate malware or of issues; outage
assets exposed performance issues ransomware prevention
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |Security Monitoring & Analytics
• Cloud-native
• Built on integrated OMC platform
• Continuous monitoring, analytics-
driven, and self-learning
• Automated response
• Has identity context
• ML models, rules, and correlation
for high fidelity threat detection
Copyright © 2018 Oracle and/or its affiliates. All rights reserved. |Configuration & Compliance Cloud Service
Continuous Compliance Across Hybrid Cloud Estate
• Maintain industry and regulatory
compliance (STIG, GDPR, etc.)
• Enforce company-specific
compliance across hybrid clouds
• ML driven configuration drift
management
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |Program Agenda
1 Defining terms
2 Why DevSecOps is perfect for machine learning
3 Making Machine Learning Smart for SecOps
4 Demo
5 Q&A
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |DEMO: Decoding the Cyber Kill Chain
A “Spearfish” starts a chain of threat events
Kill Chain is a sequence: We will decode some
– Recon: Suspicious User threat types:
Activity – WebAccessAnomaly
– Infiltration: Hijacked Account – MultipleFailedLogins
– Lateral Movement: Malicious – BruteForceAttack
User Behavior
Mary Baker gets infected – CASBAlertO365
• Sets in motion a Cyber “Kill Chain” – Exfiltration: Data exposure
– SQLAnomaly
– TargetAccountAttacks
– MultipleAccountCreation
– LocalAccountCreation
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 19The Cyber Security Kill-Chain & How to prevent Threats
Security Research
Intelligence
Infiltration
Apps &
Network Logs Discovery DB Security
Bad Guys Good Guys
Correlation &
Capture
ML models
Auto-
Exfiltration
remediation
Copyright © 2017, Oracle and/or its affiliates. All rights reserved.How to protect yourself
• Continuous Monitoring • Algorithms and Insights • Automated Security
– Continuous monitoring of – Purpose-built ML to – Auto-response to critical
Users, Applications and dynamically set baselines to alerts
Databases to reduce Mean detect and correlate – Orchestrate playbooks to
time to Detect (MTTD) anomalies trigger auto-remediation
– Continuous assessment of – Enrichment of log data with – Quick forensics and
users and entity behavior for rich security categorization automated ticketing to reduce
anomaly detection – Real-time snapshot of your mean time to respond (MTTR)
– Identify Anomalous security and compliance – Real-time snapshot of security
behavior, suspicious posture for better risk and compliance posture
activities and policy management
violations – Deep Security monitoring
– Ensure the right security for Database and
controls are on your IT Applications
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |Key Takeaways
• DevSecOps depends on “SecOps”
speed matching “DevOps” speed
• The DevSecOps problem is well-suited
to machine learning
BUT…
• Machine Learning must be matured
• Unified data and context increases the
effectiveness of ML and analysis
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |Oracle POVs on ML-Enabled Management & Security
https://www.forbes.com/sites/oracle/2017/04/25/is-your-systems-management-software-smart-enough/
https://developer.oracle.com/code
https://www.darkreading.com/vulnerabilities---threats/the-soc-is-deadlong-live-the-soc/a/d-id/1329284? https://www.forbes.com/sites/oracle/2017/07/10/cant-stop-cyberattacks-teach-your-computer-to-do-it/
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |For More Information
Cloud.oracle.com/management
Cloud.oracle.com/security
#MgmtCloud community.oracle.com/mgmtcloud
@OracleMgmtCloud
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |You can also read
