Secure hardware or lose your cyber battles, says Oracle

Embedding security into hardware, not software, is the only way to foil hackers intent on stealing your data, warned Larry Ellison at this year's Oracle OpenWorld.

Saying that existing security measures are simply not good enough, the CTO and founder of Oracle today insisted that only by pushing security down the stack can you stop increasingly clever and dangerous spates of cybercrime.

Speaking at the San Francisco event, Ellison told the audience: "We need much better security. We are not winning a lot of these cyber battles, we're losing a lot of these cyber battles. We haven't lost the war but we're losing a lot of the battles.

"You should always be pushing security down the stack. That doesn't mean we shouldn't have security at every single level - we should - but pushing it down the stack is a good thing."

Expanding on the theory he expressed at the start of the week, Ellison explained that securing the microprocessors themselves means everything running on them also get that level of security.

"Silicon security is better than operating system security. Every operating system, every version of an operating system that runs on that silicon, inherits that security," he said. "Even the best hackers have not figured out a way to download changes to your microprocessor. You can't alter the silicon."

Oracle's first attempt at introducing this is the SPARC M7 chip, which was first announced this time last year as a new piece of hardware development springing from the Sun Microsystems technology Oracle bought five years ago.

Now the processor underpins two new servers dubbed SPARC T7 and SPARC M7, as well as a SuperCluster M7 Engineered System, all available now.

The M7's Silicon Secured Memory checks attempts at accessing in-memory data as they occur, in order to help protect against malicious threats or bugs, and Ellison claimed it would have stopped attacks like Heartbleed and Venom.

"The moment we tried to write that [Venom] code into memory that didn't belong to that programme it would have been detected that first time," he said, adding: "We would detect the attack, or the bug if you will, real time and shut down."

Promising that more chips will follow, Oracle's announcement comes as a data breach allowed hackers to empty thousands of TalkTalk customers' accounts, with the number of victims potentially numbering in the millions.

Meanwhile, customers of UK retailer Marks & Spencer today reported seeing other people's personal details online when trying to log into their website accounts.

But Ellison warned that another form of cybercrime could be even more damaging if businesses fail to ramp up their security measures.

"You think stealing data's bad, you try changing air traffic control data," he said, adding that Heartbleed and Venom have the ability for hackers to change data, not just leak it or copy it. "What happens if all the bank balances data gets changed? You can imagine changing data rather than stealing [it].

"We're always looking for Heartbleed-like violations. You cannot turn it off. A brand new worm, a brand new virus, [we] find it the moment it attaches to your datacentre."