X

Oracle CASB Enables Security Monitoring for Oracle Cloud Infrastructure

Tina Liu
Director, Product Marketing

At Oracle Cloud Infrastructure, customer security is of paramount importance. We understand that enterprises of all industries and sizes require comprehensive visibility, security and compliance monitoring over their cloud resources. Oracle Cloud Infrastructure provides maximum visibility to customers regarding the actions taken on their cloud resources through the availability of various logs, including the Oracle Cloud Infrastructure Audit service which tracks all actions taken on Oracle Cloud Infrastructure tenancy resources.

Oracle Cloud Access Security Broker (CASB) Cloud Service helps take security a step further by providing automated capabilities for customers to monitor the security of their cloud infrastructure resources. Additionally, Oracle CASB supports monitoring of Oracle Cloud Applications (SaaS), Oracle Cloud Platform (PaaS), and other public clouds, including AWS, Azure, Office 365, and Salesforce. The solution helps customers with heterogeneous multiple-cloud deployments achieve better security postures for their cloud resources.

Security Monitoring Use Cases

Oracle CASB monitors the security of Oracle Cloud Infrastructure deployments through a combination of predefined Oracle Cloud Infrastructure-specific security controls and policies, customer-configurable security controls and policies, and advanced security analytics that use machine learning for detecting anomalies. Following are the different types of security monitoring that Oracle CASB performs:

  • Security misconfiguration of Oracle Cloud Infrastructure resources: Oracle CASB monitors configurations of Oracle Cloud Infrastructure compute, virtual cloud networks (VCNs), and storage, based on Oracle Cloud Infrastructure security best practices. For example, Oracle CASB can alert administrators on Oracle Cloud Infrastructure Object Storage buckets that are made public.
  • Monitoring of credentials, roles and privileges: Oracle Cloud Infrastructure Identity and Access Management (IAM) security policies assign various privileges (inspect, read, use, and manage) to IAM groups. Oracle CASB monitors IAM users and groups for excessive privileges and for changes to administrator groups. For example, Oracle CASB monitors the use and age of IAM credentials that are used to authenticate users, such as console passwords and API keys. Any deviations from the acceptable standards can result in alerts.
  • User behavior analysis (UBA) for anomalous user actions: User logins and access patterns are analyzed to establish expected behavior, and deviations from expected baselines are detected with advanced analytics based on machine-learning (ML) algorithms. UBA generates risk scores for events, and customers have options to configure security alerts based on risk-score thresholds.
  • Risk events from threat analytics: Oracle CASB is integrated with third-party threat intelligence feeds, and it uses them to analyze access events to customer Oracle Cloud Infrastructure tenancies. This is done in order to detect potential security threats such as accesses to Oracle Cloud Infrastructure resources from suspicious IP addresses or any anomalous patterns of IP addresses used.

Register Your Tenancy with Oracle CASB

This section provides an overview of how to register your Oracle Cloud Infrastructure tenancy with Oracle CASB and how to view security alerts.

To enable CASB monitoring, you create an Oracle Cloud Infrastructure application instance with Oracle CASB and provision it by using the API key credentials of a least-privilege IAM user that is authorized to get configuration information and audit logs from your Oracle Cloud Infrastructure tenancy.

The following screenshot (Figure 1) shows the registration page where you provide the tenancy OCID, IAM user OCID, public key fingerprint of the IAM user API key, and private key of the IAM user API key to register an Oracle Cloud Infrastructure application instance.

Figure 1. Oracle Cloud Infrastructure Application Instance Registration

Oracle CASB has preconfigured security controls and prebuilt policy controls for Oracle Cloud Infrastructure security monitoring. Examples include checking for public buckets, open (0.0.0.0/0) VCN security lists, monitoring privileges granted using IAM policies, and more. The following screenshot (Figure 2) shows predefined Oracle Cloud Infrastructure security controls that you can enable.

Figure 2. Oracle Cloud Infrastructure Security Controls 

At this point, Oracle CASB is ready to get Oracle Cloud Infrastructure audit logs and configuration information from your tenancy to conduct security monitoring based on security and policy controls. The following screenshot shows the dashboard with Oracle Cloud Infrastructure security alerts generated by Oracle CASB.

Figure 3. Oracle Cloud Infrastructure Security Alerts 

As a recap, Oracle CASB provides comprehensive security monitoring for customer Oracle Cloud Infrastructure tenancies and generates security alerts with actionable remediation steps to triage the issues. What's more, Oracle CASB enables you to get going quickly because it doesn't require installation of any software agent and uses customer-provided privileges to get security configuration information and logs required for analytics. For more information about how to configure Oracle CASB for use with Oracle Cloud Infrastructure, see the Using Oracle CASB Cloud Service documentation.

Oracle CASB is currently used by Oracle Cloud Infrastructure customers, including large enterprises, whose feedback is integrated into the product, enabling us to continue to improve security and user experience. As new Oracle Cloud Infrastructure services and features are released, Oracle CASB will transparently offer corresponding security checks to Oracle Cloud Infrastructure customers. Oracle CASB provides maximum Oracle Cloud Infrastructure security monitoring for customers, with a relatively low total cost of ownership (TCO). And our Universal Credits Model (UCM) covers Oracle CASB and can be used to pay by consumption for CASB security monitoring.

For more information about Oracle CASB and Oracle Cloud Infrastructure-specific security checks, see the following documentation:

This post was written by guest blogger Nachiketh Potlapally, a consulting member of the technical staff on the Oracle Cloud Infrastructure team.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha