Misconfigured resources and insecure activity present two distinct attack surfaces when operating in an infrastructure-as-a-service cloud environment. As reported by SC Magazine, “Misconfigured storage services in 93 percent of cloud deployments have contributed to more than 200 breaches over the past two years, exposing more than 30 billion records”. Cloud security administrators have a difficult time balancing security in the cloud and maintaining business continuity due to lack of visibility into tenancies that span multiple regions with thousands of different cloud resources, cloud security and privacy knowledge gaps, and limited native support for cloud security orchestration and automation. Without a strong commitment from the cloud vendor for a native security solution that addresses the above concerns, security and compliance personnel have a difficult time securing their cloud infrastructure tenancy.
Oracle Cloud Infrastructure (OCI)'s Cloud Guard is a cloud-native detect-and-respond solution that detects misconfigured resources and insecure activities at scale. Cloud Guard acts as a log and events aggregator that directly integrates with all major Oracle Cloud Infrastructure services (Compute, Networking, Storage, etc.), providing actionable results. Cloud security administrators are provided built-in, embedded expertise for a seamless knowledge transfer experience. Cloud Guard offers the flexibility to take action on security issues manually or automatically with conditional operators.
Detecting Misconfigured Resources
Misconfigured resources can present themselves in many different ways; from publicly accessible object storage buckets, unencrypted data storage, and sensitive ports open to the internet, the risks are real and significant. Oracle Cloud Guard detects misconfigured resources across all core services and reports problems across multiple interfaces including: OCI Console, API, CLI, and SDK. Misconfigured resource problems have unique identifiers and can be filtered by risk level, resource type, detected date and time, and more. For compliance reporting use-cases, Cloud Guard maps problems related to misconfigured resources to CIS Benchmarks.
Detecting Insecure Activity
The behavior of users and administrators within the cloud are also a concern. Insecure activity in a cloud infrastructure offering is difficult to detect as it oftentimes spans beyond simple detection rules and can be generated from authenticated users. Cloud Guard detects and reports insecure activity as problems. Examples of insecure activity problem types include: Database System Terminated, Suspicious Network Activity, VCN Network Security Group Deleted, etc. For even greater precision, Cloud Guard users can upload custom blacklists that can be applied to insecure activity types that leverage network-based threat intelligence data. Security analysts have the flexibility to investigate insecure activity problems and pivot on additional metadata provided within the console or extend Cloud Guard findings to SIEM, Syslog, and open-source visualization tools (i.e. Kibana).
Embedded Security Expertise
Oracle Cloud Guard embeds security expertise and provides end users out-of-the-box recipes that detect cloud security issues (i.e. detector recipes) and can automate remediation processes (i.e. responder recipes). Security administrators can also leverage recommendations provided by Cloud Guard to remediate problems and improve the cloud security posture in your tenancy.
Embedded Security Expertise
Cloud Guard embeds security expertise and provides end users out-of-the-box recipes that detect cloud security issues (i.e. detector recipes) and can automate remediation processes (i.e. responder recipes). Security administrators can also leverage recommendations provided by Cloud Guard to remediate problems and improve the cloud security posture in your tenancy.
In summary, OCI Cloud Guard is a cloud detect-and-response solution that provides security administrators comprehensive visibility into misconfigured resources and insecure activity, provides a seamless knowledge transfer for security best practices, and automates core security operations center workflows. Oracle Cloud Guard can be deployed in your OCI tenancy with minimal setup required. Learn more about Oracle Cloud Guard today.