Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Partner Webcast – Oracle CASB - Enabling Security Monitoring for Oracle Cloud Infrastructure

606 views

Published on

As customers adopt cloud-based infrastructure as part of their digital journey, protecting this infrastructure becomes a critical security imperative to ensure that applications that are built on top of them and the data stored are inherently secure. At Oracle Cloud Infrastructure, customer security is of paramount importance. We understand that enterprises of all industries and sizes require comprehensive visibility, security and compliance monitoring over their cloud resources...

Read More https://blogs.oracle.com/imc/partner-webcast-oracle-casb-enabling-security-monitoring-for-oracle-cloud-infrastructure

Published in: Technology
  • ⇒ www.HelpWriting.net ⇐ This service will write as best as they can. So you do not need to waste the time on rewritings.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Hi there! I just wanted to share a list of sites that helped me a lot during my studies: .................................................................................................................................... www.EssayWrite.best - Write an essay .................................................................................................................................... www.LitReview.xyz - Summary of books .................................................................................................................................... www.Coursework.best - Online coursework .................................................................................................................................... www.Dissertations.me - proquest dissertations .................................................................................................................................... www.ReMovie.club - Movies reviews .................................................................................................................................... www.WebSlides.vip - Best powerpoint presentations .................................................................................................................................... www.WritePaper.info - Write a research paper .................................................................................................................................... www.EddyHelp.com - Homework help online .................................................................................................................................... www.MyResumeHelp.net - Professional resume writing service .................................................................................................................................. www.HelpWriting.net - Help with writing any papers ......................................................................................................................................... Save so as not to lose
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD FULL eBOOK INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF eBook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB eBook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc eBook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. PDF eBook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB eBook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc eBook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookeBOOK Crime, eeBOOK Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Partner Webcast – Oracle CASB - Enabling Security Monitoring for Oracle Cloud Infrastructure

  1. 1. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Oracle CASB - Enabling Security Monitoring for Oracle Cloud Infrastructure Mihai Dragomir Cloud Adoption and Implementation Consultant OPN Innovation and Modernization Center, EMEA A&C June, 2019
  2. 2. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 4
  3. 3. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Program Agenda Why CASB? Mutual Responsibility with Shared Security Model Overview of Oracle CASB Securing Oracle Cloud Infrastructure Key Use Cases Demo: CASB for OCI Monitoring Summary – Q&A 1 2 3 4 5 5 6
  4. 4. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Program Agenda Why CASB? Mutual Responsibility with Shared Security Model Overview of Oracle CASB Securing Oracle Cloud Infrastructure Key Use Cases Demo: CASB for OCI Monitoring Summary – Q&A 1 2 3 4 6 5 6
  5. 5. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Oracle and KMPG Cloud Threat Report 2019 The Oracle and KMPG Cloud Threat Report 2019 examines emerging cyber security challenges and risks that businesses are facing as they embrace cloud services at an accelerating pace. Read the full report here: https://www.oracle.com/cloud/cloud-threat- report/
  6. 6. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 8 Oracle and KPMG CTR 2019 – Executive Summary • Cloud services adoption is enabling improving speed and agility yet brings an expectation of greater security to protect organizations. • Confusion with shared responsibility model causing cloud security failures • Lack of visibility creating unnecessary cloud security risks and threat exposure • Rogue cloud application usage and lacking security controls putting data at risk
  7. 7. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 9 Mutual Responsibility with Shared Security Model
  8. 8. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 10 Securing Critical Data in a Shared Security Model Oracle Fusion HCM Oracle Fusion ERP Single Sign-on On Premise Service Config. Data Apps OS Virtualization Security Infrastructure Physical Security Model CustomerOwned Oracle SaaS Single Sign-on Service Config. Data Apps OS Virtualization Security Infrastructure Physical Security Model CustomerOracle/CSP • Secure the data • Monitor the app Key Challenges
  9. 9. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 11 Attack Stages and Improving Mean Time to Detect / Respond Research and Recon Land and Establish Escalate Privileges Internal Recon Data Exfiltration Lateral movement across apps Maintain Presence Mean Time to Identify214 Days Average Cost of BreachUSD 3.83M
  10. 10. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 12 Lack of Visibility Across Apps Oracle Platform Services • No single pane of glass monitoring • Inability to identify lateral moves • Inability to identify role changes Key Challenges • Multiple components in each service • Different users and administrators
  11. 11. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 13 Visibility Across Apps Oracle Platform Services Benefits for InfoSec • Single pane of glass to monitor • Correlation of security events • Data security Benefits for LOB • Identification of fraud • Simplified compliance
  12. 12. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 14 CASB Market is Growing “Cloud Access Security Brokers have become an essential element of any cloud security strategy, helping organizations govern the use of cloud and protect sensitive data in the cloud.” “By 2022, 60% of large enterprises will use a CASB to govern some cloud services, up from less than 20% today.” “Through 2023, at least 99% of cloud security failures will be the customer’s fault.” - Gartner Magic Quadrant for Cloud Access Security Brokers (CASB), October 2018
  13. 13. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Program Agenda Why CASB? Mutual Responsibility with Shared Security Model Overview of Oracle CASB Securing Oracle Cloud Infrastructure Key Use Cases Demo: CASB for OCI Monitoring Summary – Q&A 1 2 3 4 15 5 6
  14. 14. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | KEY CHALLENGES • VERY EXPENSIVE to build expertise across 100s of cloud services (IaaS, PaaS & SaaS) • TIME CONSUMING to understand each cloud service resources and corresponding actions Cloud Services Information Security Audit & Compliance Operations 2 Information Tech 1 2 3 4 16 Securing the Digital Enterprise: Heterogeneous Cloud Challenges and Opposing Forces
  15. 15. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 17 Shared Responsibility in Heterogenous Cloud Out of The Box (OOTB) SmartPolicies Machine Learning + Threat Intel + Threat Feeds Governance and Policy Provisioning, Automation and Orchestration Monitoring and Metering Security and Identity Continuous Configuration Automation Capacity And Resource Optimization Oracle CASB Cloud Service KEY BENEFITS • 100’s of hours of effort saved • Consistent security posture • Heterogeneous cloud services Global IT Research & Development Human Resources Sales & Marketing
  16. 16. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Statistical Models & Machine Learning Cloud Service User’s Baseline Behavior Oracle CASB Cloud Service InfosecHigh Anomalous Activity Automation & Machine Learning: Manual Processes Don’t Scale
  17. 17. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Vision: Comprehensive CASB at Shortest Time to Deploy Oracle CASB Cloud Service Users& data in the Cloud SaaS IaaS / PaaS Third Party Integrations • IdP, SIEM, ITSM • EMM, WAF/DNS • Threat Intel Insights • Anomaly Detection • Visibility Actions • Data security • Compliance • Remediation • AlertsOracle Integrations • IDCS • SMACS
  18. 18. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 20 Challenges in Securing IaaS 1. Shared responsibility challenges 2. Compliance requirements 3. Data leakage 4. Misuse of admin privileges 5. Control the risk introduced by Shadow IT
  19. 19. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 1. Shared Responsibility in Heterogenous IaaS EC2 keys not rotated? S3 Buckets public? Failed OCI login attempts? Azure Virtual Network config change? Global IT Research & DevelopmentSales & Marketing Oracle CASB Cloud Service InfosecHigh ACME CORP
  20. 20. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | InfoSec & IT Department AWS CloudTrail Logs AWS VPC Flow Logs AWS CloudWatch Logs Check policies for: • Log retention • MFA • CIS Framework deviations Policy Enforcement Oracle Cloud Infrastructure Audit Azure Logging & Auditing High Oracle CASB Cloud Service 2. Consistent Governance to Meet Compliance
  21. 21. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 3. Detect Leaky Storage with Oracle CASB InfoSec & IT Department Faulty Configurations No visibility High Department 1 Department 2 Department 3 Faulty Configurations Faulty Configurations Oracle CASB Cloud Service
  22. 22. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 4. Detect Misuse of Admin Privileges with UEBA “Oracle’s UEBA stood out from the competition” – Gartner * * Gartner Magic Quadrant for CASB, 2017 Statistical Models & Machine Learning Cloud Service User’s Baseline Behavior Oracle CASB Cloud Service InfosecHigh Anomalous Activity
  23. 23. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 25 Challenges in Securing SaaS 1. Shared responsibility challenges 2. Compliance requirements 3. Data leakage 4. Misuse of admin privileges 5. Control the risk introduced by Shadow IT
  24. 24. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 1. Shared Responsibility in Heterogenous SaaS Mass data delete request? Privilege escalation in ServiceNow? Failed GitHub login attempts? Global IT Research & DevelopmentSales & Marketing Oracle CASB Cloud Service InfosecHigh ACME CORP Role change in HCM Cloud?
  25. 25. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 2. Consistent Governance to Meet Compliance Or Any other IDaaS UsersLogsin Role Change – Privilege Escalation Infosec Oracle Public Cloud IDCS Oracle CASB Cloud Service
  26. 26. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 3. Detect Sensitive Data Leakage Cloned Admin User Infosec UsersLogsin Or Any other IDaaS Oracle Public Cloud IDCS Oracle CASB Cloud Service
  27. 27. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 4. Detect Misuse of Admin Privileges with UEBA HR Business Partner Normal/Baseline = 5 Salary changes per day Abnormal = 10 Salary changes per day Infosec Oracle CASB Cloud Service
  28. 28. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 5. Control Shadow and Stealth IT Oracle CASB Cloud Service Machine Learning & App Risk Computation Largest App Risk Registry * Gartner Any Firewall Universal Parser Stealth IT appexchange
  29. 29. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 31 Challenges in Protecting Data 1. Lack of visibility into sensitive data in the Cloud 2. Stopping sensitive content going to unauthorized users 3. Compliance requirements around reporting on Data
  30. 30. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Remediate Document? Classify Document UsersLogsin Or Any other IDaaS Oracle Public Cloud IDCS 1. Visibility Into Cloud Data – Data Classification Retroactive or On-demand Scan of Documents 50+ Data Dictionaries Oracle CASB Cloud Service Unclassified Data Classified Data
  31. 31. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Prerequisite: App must be SAML Compliant & Configured for SSO Oracle CASB Cloud Service 2. Stop Sensitive Content Going to Unauthorized Users/Places Prevent otherwise valid actions like: • Download/Preview/Edit sensitive documents in hostile locations • Over sharing of sensitive documents
  32. 32. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 3. View & Report on Data at Risk using Data Navigator Summary • Keep track of your data artifacts across cloud services, their classification and exposure in one central location • Expose data risk Use Cases • Quantify data exposure risk • Explore sensitive content stored in the cloud • Identify content exposed externally or even publicly at a glance • Remediate inappropriate sharing directly
  33. 33. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Automated Security – CASB Smart Policies Achieve desired security posture even when you don’t have SMEs SMART POLICIES (Library of security monitoring rules) SaaS PaaS IaaS Best Practices (Oracle) Validation Customer Deployments Custom Apps in AWS Java MicroAgent Oracle Threat Labs
  34. 34. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | CASB - SIEM Integrations CASB Risk Events go to SIEM for reporting completeness Any SIEM Solution Oracle CASB Cloud Service Oracle SMA (SIEM) Options for exposing CASB Risk Events: • CASB API • Manual export of Risk Events • Syslog stream out of CASB
  35. 35. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | CASB – Identity Provider Integrations Oracle CASB Cloud Service Oracle Public Cloud IDCS Three key use cases: • Access data into all Enterprise Cloud Apps is included in CASB analytics • IdP SSO into CASB console • Automated remediation (suspend Risky User)
  36. 36. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Program Agenda Why CASB? Mutual Responsibility with Shared Security Model Overview of Oracle CASB Securing Oracle Cloud Infrastructure Key Use Cases Demo: CASB for OCI Monitoring Summary – Q&A 1 2 3 4 38 5 6
  37. 37. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Making a Secure Transition to the Cloud CASB – An Indispensable Security Component in the Cloud On Premises Own Responsibility VPN Dynamic Routing Gateway Object Storage Oracle Cloud Infrastructure Shared Responsibility Oracle CASB Cloud Service
  38. 38. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | CASB & OCI: Security with Speed OCI’s Objective: To get your functionality deployed to the cloud as quickly and painlessly as possible CASB’s Objective: To ensure that you are not exposing any more access, control or data than required
  39. 39. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | OCI – Insights • Summary of alerts and activities • All related risk events – Threats – Security Controls – Policy alerts • Reports – API Key ages – IAM Changes – User, Groups, & Group Memberships – Swift passwords
  40. 40. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | OCI – Controls • Controls examine state • OCI control checks include Exception lists that allow you to remove a known resource from this type of check – For example, an expected VCN without an inbound security list for which you don’t want to continue seeing alerts
  41. 41. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | OCI – Risk Events from Controls • Appear with all other risk events – Can be sorted, filtered, or searched • Details for controls include information on where it resides (e.g., Region, Compartment, etc.)
  42. 42. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | OCI – Policy Alerts • Various security policies that are made available to each customer by default. • Designed to help customers improve their security posture and provide a consistent security framework.
  43. 43. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Summary – Oracle CASB for Oracle Cloud Infrastructure (OCI) Supported OCI Services • Compute • Network • Storage – Database, Object Storage, Block Volume Storage • IAM Monitoring, Visibility & Integrations • Policy Engine – e.g. object bucket going public • SIEM & ITSM Integration Security & Governance • Check for compute instance actions • Check for network and storage actions • Check login information Behavior Analytics • Anomalous IP, Brute Force attacks, User anomaly detection • User Risk Behavior using Machine Learning
  44. 44. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Program Agenda Why CASB? Mutual Responsibility with Shared Security Model Overview of Oracle CASB Securing Oracle Cloud Infrastructure Key Use Cases Demo: CASB for OCI Monitoring Summary – Q&A 1 2 3 4 46 5 6
  45. 45. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Smart Config - Securing the State of the Cloud Service Shared Responsibility for Cloud Security Configuration Purpose: Identify and Remediate weak or non-compliant security settings across your OCI deployment Examples: • Detect compute instances with public IP • Identify insecure bucket settings • Discover key rotation status • Many more…
  46. 46. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Smart Config – Visibility & Control for OCI • Authentication • MFA* • IAM Group Membership • Key Rotation • Certificate Expiration • Compartment Settings • Encryption • Security Lists Security Governance * Through Identity Provider Integration
  47. 47. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Smart Config – Securing the State of OCI • Compute Instance has public IP • Compute instance runs a public image • Compute Instance without supported tags • LB Certificate expiry • Unattached block volume • Public buckets • KMS managed keys • Security Lists allow traffic to public ports • Security Lists allow traffic to restricted port • Internet Gateway is attached to VCN • IAM key duration/age • IAM Policy with excess privileges • Admin Group membership checks Supported OCI Services Virtual Machine Load Balancer Compartments Container Database System Block Storage Object Storage Buckets Virtual Cloud Network Internet Gateway ID & Access Management Groups Security Lists EncryptionTagging
  48. 48. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Security Controls Scans for potentially weak configuration Name Description Admin uses API keys for access IAM API keys are credentials used to grant programmatic access to resources. IAM policies are used to govern access of IAM groups to resources in compartments and in the tenancy. Compute Instance has public IP Address In order for an instance to be publicly addressable, it must have a public IP, exist in a public VCN subnet, the VCN must have an Internet Gateway enabled and be configured for outbound traffic and the security list for the subnet must be configured for all IPs and all ports (0.0.0.0/0). Group of Administrators has too few members Configure CASB with the admin group and the minimum number of admins allowed for the tenancy. Group of Administrators has too many members Configure CASB with the admin group and the maximum number of admins allowed for the tenancy. IAM Policy that grants access to all resources A policy is a document that specifies who can access which OCI resources that your company has, and how. A policy simply allows a group to work in certain ways with specific types of resources in a particular compartment. Internet Gateway is attached to a VCN VCN has a collection of features for enforcing network access control and securing VCN traffic. Gateways provide external connectivity to hosts in a VCN. They include Internet Gateway (IGW) for Internet connectivity, Dynamic Routing Gateway (DRG) for on-premises connectivity with VPN or Fast Connect, and Local Peering Gateway (LPG) for connectivity to peered VCN. Load balancer SSL certificate expires in 5 Days To ensure continuous security and usability, SSL certificates must be rotated in OCI. Security list allows traffic from any IP address VCN has a collection of features for enforcing network access control and securing VCN traffic. Security lists provide stateful and stateless firewall capability to control network access to your instances. A security list is configured at the subnet level and enforced at the instance level. You can apply multiple security lists to a subnet where a network packet is allowed if it matches any rule in the security lists. 50
  49. 49. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Smart Policies – Activities in the Cloud Service Shared Responsibility for Cloud Security Usage Purpose: Monitor risky activities on critical resources Examples: • Changes to highly privileged identity and access management (IAM) user groups • Import or Update Compute Image • Pre-authenticated request for Object Storage • Many more…
  50. 50. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Managed Smart Policies Custom Policies Policies – Securing Activities in Cloud Services • Oracle provided • Always available • Based on best practices • Constantly updated • InfoSec & IT related events • Two tiers of policies • Customer defined • Available per tenant • Based on custom needs 300+ Service Specific Managed Smart Policies Today Users Locations ResourcesActions Devices
  51. 51. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Managed Smart Policies – Securing Activities OOTB Key Set of Policies – Actively Updated • Import/Update image • Launch/Update/termin ate Compute Instance • Export Image • Create/Update/Delete LB • Object Storage – pre- authenticated request • Object Storage – Create/update Bucket • Launch DB System • Block Volume Changes • Create/update VCN • Internet Gateway attach • Delete VCN • Create/Delete/Update Identity Policies • Create/Delete Identity Group/User/Credentials • Add user to Identity Group • Update/Delete Identity API Keys Supported OCI Services Virtual Machine Load Balancer Compartments Container Database System Block Storage Object Storage Buckets Virtual Cloud Network Internet Gateway ID & Access Management Groups Security Lists EncryptionTagging
  52. 52. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Policy Alerts Rule-based detection: Tier 1 54 Name Description Compute Images - Import or Update Image Tier 1, should be enabled as is - Alerts when compute images are imported or updated. Changing the compute images is normally performed during an update or upgrade to the image, e.g., patches to the OS. However, malicious users can change an image that would affect every compute instance launched from the image, compromising the integrity of the instance. Database Systems - Update or Terminate Database System Tier 1, should be enabled as is - Alerts when database systems are terminated or updated. Altering database systems may indicate a ransomeware attack. It may also affect the integrity and availability of the data and may release sensitive data. Default Administrator Group - Add User Tier 1, should be enabled as is - Alerts when users are added to groups. Sensitive groups, such as the admin group, should be named in the Resource Name in order to alert when users are added to it. This policy has been configured with the resource name of ORACLE_CASB_SERVICE_ACCOUNT_GROUP which allows all users to read all information in the tenant. If you registered OCI to CASB with a different group name, ensure consistency by changing the resource name in this policy. Identity Group - Add User Tier 1, should be enabled as is - Alerts when users are added to groups. Sensitive groups, such as the admin group, should be named in the Resource Name in order to alert when users are added to it. This policy has been configured with the resource name of ORACLE_CASB_SERVICE_ACCOUNT_GROUP which allows all users to read all information in the tenant. If you registered OCI to CASB with a different group name, ensure consistency by changing the resource name in this policy. Identity Policies - Create Delete or Update Policy Tier 1, should be enabled as is - Alerts when policies are created, deleted. or updated. Changing policies will impact the all users in the group and may enable entitlements to users who do not need them. Identity Users - Login Fail or Success Tier 2, may require modification for production services - Alerts when users login successfully or fail login. ENSURE that contextual configurations are used BEFORE enabling this alert. As a safeguard to accidentally enabling this policy, the RESOURCE NAME is set to ORACLE_CASB_SERVICE_ACCOUNT or ADMIN to prevent uncontrolled alerting - you will need to modify this configuration in order to trigger this alert. Networking Virtual Cloud Networks - Create or Update VCN Tier 1, should be enabled as is - Alerts when Virtual Cloud Networks are created. Creating or updating a VCN can allow external connections to corporate resources and data. Object Storage - Create Pre-authenticated Request Tier 1, should be enabled as is - Alerts when a pre-authenticated request is created for access to object storage. Pre- authenticated requests provide a way to let users access a bucket or an object without having their own credentials, as long as the request creator has permissions to access those objects. Access to object storage without requiring authentication impacts data confidentiality.
  53. 53. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Monitor User Behavior for OCI Anomalous Activity Detection using Machine Learning • User Risk • Alerts • Insights • Remedial Actions Abuse.ch • Feodo tracker • URL/Domain, • IP Reputation Digital Element • IP Metadata • Domain, ISP & ASN threat intel feeds Compute • Launch/Update/Stop/Import/ Export • Key & Security group changes IAM • User, Role, Group, Policy, Certificates changes Users Locations ResourcesActions Devices Behavioral Attributes across Clouds Behavior within OCI (APIs, Console & CLI) Network VCN, Subnet Create/Update Storage • Block addition • DB Update, Bucket Create/Update/Delete 3rd Party Threat Feeds
  54. 54. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Monitor User Behavior for OCI Suspicious/Risky Activity Detection using Usage Patterns & Signatures Users Locations ResourcesActions Devices Oracle CASB Key Security Indicators • Login distances • Most Failed logins • Most logins • Known bad IPs • Most Active IAM Users • Most Active IAM Groups Analytics OCI-Specific Risk Factors • IAM User Activities • IAM Group Activities
  55. 55. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Analytics & Reporting Reports on Compliance Status Dynamic: Alerts • Public Buckets • IAM User API Key Age • Privileged IAM Changes – Group Membership • Privileged IAM Changes – Users & Groups • User Activity • Swift Passwords • KMS Rotation Predefined Custom – Report Builder • Based on customer needs • Pick any available fields to build report Custom – Wizard-based • Based on customer needs • Uses pre-defined report constructs Predefined • Identity Policy Changes • IAM API Key Rotation • Bucket Encryption • Public Bucket Custom Alerts • Based on customer needs • Driven by Policies
  56. 56. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Program Agenda Why CASB? Mutual Responsibility with Shared Security Model Overview of Oracle CASB Securing Oracle Cloud Infrastructure Key Use Cases Demo: CASB for OCI Monitoring Summary – Q&A 1 2 3 4 58 5 6
  57. 57. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Call to Action – Start Monitoring OCI with Oracle CASB • Step 1 – Copy Public Key from CASB Console • Step 2: In OCI Console – Create service account user & upload public key – Add user to a group (or create a group) – Add a security list to give proper privileges • Step 3 – In CASB Console – Register tenancy and compartments
  58. 58. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Program Agenda Why CASB? Mutual Responsibility with Shared Security Model Overview of Oracle CASB Securing Oracle Cloud Infrastructure Key Use Cases Demo: CASB for OCI Monitoring Summary – Q&A 1 2 3 4 60 5 6
  59. 59. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Q&A Oracle IMC blog: http://blogs.oracle.com/imc Oracle ECEMEA Partner Hub Homepage: http://oracle.com/goto/hub-ecemea Oracle IMC Mail: partner.imc@beehiveonline.oracle.com Twitter: http://twitter.com/oracleimc Facebook: http://facebook.com/oracleimc LinkedIn: http://linkedin.com/groups/OracleIMC-4535240 Google+: http://plus.google.com/+OracleIMC
  60. 60. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 62

×