Security Image Source Pixabay/Inspirito

Steve Zalewski, Chief Security Architect, Levi Strauss & Company (image Source Linkedin)
Steve Zalewski, Chief Security Architect, Levi Strauss & Company

Oracle issued a timely press release last week to remind people of their identity SOC framework. Eyes were focused on the Wannacryt ransomware worm that impacted 74 countries. That was according to one of the better articles out there on The Register. So what was Oracle Security shouting about?

According to Oracle their identity-based, Security Operations Center (SOC) cloud services portfolio has passed through the one million customer. Though this is no doubt end points rather than the number of companies that have signed up to it. The customer list however, includes some well known brands including: Levi Strauss & Company, New Mexico Human Services Department, Nomis Solutions and Ooyala.

Steve Zalewski, Chief Security Architect, Levi Strauss & Company commented: “At Levi’s, my primary job is to protect the company brands and reduce our overall risk. From an IT perspective we have moved quickly into the cloud and have upgraded our SOC intelligence capability as a result. Levi’s invested in Oracle CASB Cloud Service to help give us visibility and better protection for our IaaS investments.

So what does Oracle Security deliver

Perhaps ironically the Oracle Security solution does not seem to include patch management. What this means is that although it might have detected a WannaCrypt infection and stopped it from spreading. It would not in itself have prevented the first machine, and potentially others from being infected. This is one of the challenges with purchasing security software. A single product will not always protect a company from every attack vector.

The Oracle Identity SOC framework provides four core components:

CASB : An API-based Cloud Access Security Broker for Applications and Workloads.

Identity : An open and standards based identity management solution. It will work with hybrid and on-premises solution. It supports multi factor authentication, password recovery and support for mobile applications.

Configuration and Compliance : This solution automates application and infrastructure configuration assessments. It allows businesses to identify how well installed against best practice those applications are.

Security Monitoring and Analytics : Oracle Security Monitoring and Analytics (SMA) Cloud Service enables rapid detection, investigation and remediation of the broadest range of security threats across on-premises and cloud IT assets. Security Monitoring and Analytics provides integrated SIEM and UEBA capabilities built on machine learning, user session awareness, and up-to-date threat intelligence context.


There is no new announcement with this release except for the passing of 1,000,000 users. It is a timely reminder that Oracle has an security platform as part of its complete stack. Whether the announcement was merely opportunistic or a pre-planned, is a moot point. That it didn’t specifically call out being able to resolve the WannaCrypt ransomware issue indicates the latter. It does however, highlight the fact that companies need to spend more or their security frameworks. Oracle’s is not the only product out there. However, for those companies already using the Oracle stack it is one of the obvious ones to use.

Rohit Gupta, Group Vice President, Cloud Security products at Oracle commented: “As organizations continue their journey to the cloud, they are looking for an integrated, intelligent and comprehensive security platform that can manage, better secure and automate processes across hybrid IT environments. Customers agree that Oracle’s Identity SOC approach offers a critical controls framework to help enhance their security posture for applications and data—both in the cloud and the datacenter.”

It will be interesting to see if others issue press releases claiming to have a clean bill of health amongst their customers on WannaCrypt.


Please enter your comment!
Please enter your name here