Oracle and Cybereason today announced a partnership that will see the cloud provider sell Cybereason’s endpoint security platform, which is optimized for delivery via Oracle’s global cloud regions. Additionally, Cybereason selected Oracle Cloud Infrastructure (OCI) as its preferred cloud to support its global expansion.

Cybereason recently launched an extended detection and response (XDR) platform that fuses endpoint telemetry with behavioral analytics. It extends the company’s detection and response, and proactive threat hunting capabilities from the endpoints across the enterprise IT environment spanning on premises, clouds, and mobile.

While the security vendor will continue supporting other clouds, with Oracle “we found a mature, security-first, data privacy- and serenity-first cloud,” Cybereason CTO and co-founder Yonatan Striem-Amit said. “And they found in us the best cybersecurity, endpoint security company. We can offer a security-first cloud solution where Oracle’s secure infrastructure and our solution can extend beyond the cloud to secure the legacy data center, secure the endpoint, while having a security-first cloud migration path available for customers.”

Security has long been a big piece of Oracle’s broader strategy to win public cloud customers by touting its “second generation” cloud infrastructure with built-in security that it says costs less than its competitors.

“Security is a core piece of what we do,” said Leo Leung, senior director of products and strategy for Oracle Cloud Infrastructure. “We’re not the Oracle that people remember in that we’re going to partner aggressively, we’re going to work with the best of breed that’s out there, and security was a great place for us to work together. Cybereason’s approach to serving global customers matches our approach to having a very broad global footprint.”

The cloud provider originally announced plans at last year's Oracle OpenWorld to launch 20 new Oracle Cloud regions by the end of this year for a total of 36. The global pandemic slowed these plans a bit. Oracle now has 29 cloud regions worldwide, and it aims to have 38 by mid-2021.

This global footprint is important to customers because having a cloud region nearby lowers latency and improves application performance. Plus, some customers require that their data remain inside their own country for compliance reasons or preference, Leung said.

“There’s also a really nice match in terms of our focus on providing enterprise-level solutions, it’s very different than serving individual users or smaller companies,” Leung said, adding that Cybereason met those scalability requirements. “Some of the customers that we’ll be working with jointly are at massive scale — companies that have tens-of-thousands or hundreds-of-thousands of employees and endpoints. The way we’ve built our cloud matches the way Cybereason goes to market with their technology.”

Looking ahead, both executives say they expect the partnership to grow and add integrations, especially as Cybereason builds out its XDR. The security vendor plans to add enhanced support for firewalls, virtual private network (VPN) activity, cloud access security brokers (CASBs), secure access service edge (SASE), and more visibility into containerized environments.

“If you look across the customer footprints, there are many, many pieces: data environments, the application environments, and all these different endpoints,” Leung said. “As we work together even more closely, there’s some great opportunities to help customers connect those dots.”

Having centralized visibility, security policies, and threat hunting across these different environments became increasingly important in 2020, which started with an influx of COVID-19-related security threats by cybercriminals taking advantage of the pandemic to infiltrate organizations’ environments and demand multi-million-dollar ransoms. And it’s ending with the SolarWinds nation-state hack, likely carried out by Russia’s intelligence agency, which may end up being the biggest attack against the U.S. government and enterprises ever.

“If we learn anything from the SolarWinds attack, it is that even if you practice the best IT hygiene, the companies and government victims here inadvertently let the adversaries in through the front door by following best practices and deploying a legitimate patch delivered by a trusted vendor,” Striem-Amit said. “It highlights the importance of a behavior-first approach, where you need to look at what things do to determine if it’s good or bad, and it highlights the need for rapid response with a very wide range of control of the environment.”

Every organization needs advanced cybersecurity that also allows it to maintain its operational efficiency and agility, he continued. “And that starts with trusted infrastructure, this again goes to why you we look at OCI as a great platform, but it also requires the customers to have a security-first approach while maintaining this very operation-centric view,” Striem-Amit said. “And we’re got to eliminate threats before they can be carried out by observing behaviors continuously.”