Many people ask, “what should the detection baseline be in a cloud-based security analytics system?"
The industry standard is to use the . The MITRE ATT&CK matrix is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. It is a highly accepted and always evolving matrix that enables all enterprises and cloud providers to constantly evaluate their threat models, tools, and processes against the prevailing attacker techniques and methods. We believe this is an excellent starting point and the bare minimum framework that must be used in a next-generation cloud provider.
In Oracle SaaS Cloud security, we take detection to the next level
Not only do we ensure that we have a detection rule for every entry in the framework, we also ensure we have a test case and synthetic transactions for every rule. We collect, store, examine, and analyze all the syslogs and application logs for SaaS properties. We also heavily leverage the value of to monitor all syscalls to analyze binary behaviors.
In the (ASCSS) infrastructure at Oracle, the SaaS Cloud Security (SCS) team constantly evaluates real-time threat intelligence. It also oversees activity from shared indicators of compromise (IoCs) with partner teams/companies and applies Oracle Labs research to build more complex rules and analytics to proactively stay ahead of all malicious attackers. By using a combination of machine learning, graph analytics, and object behavior modeling, stealthy actions and opaque techniques can be automatically detected and remediated.
We will continue to share our SaaS Cloud Security advancements and integration with various cloud products, functionality, and partner solutions in this blog. Stay tuned for the next update!