Customers can use Oracle CASB Cloud Service (hereafter referred to as CASB) to monitor and gain deeper visibility into their OCI environments to protect against security threats.
CASB supports security monitoring of a rich set of cloud applications. This link describes the set of applications that CASB can monitor and how to prepare them for monitoring. This post is focused on OCI as a target application for CASB.
CASB provides some capabilities out-of-the box for all the monitored applications without the need of any configuration by customers. For example, CASB monitors users’ activities and builds behavior profile for the users which can be used to detect anomalous behavior. Similarly CASB receives threat intelligence data which is used to detect threats. More information about anomalous behavior is here.
However, customers need to configure some other aspects of security monitoring to enable CASB monitor cloud applications. Security Controls and Policy Alerts are two such aspects that need to be configured for each individual cloud application. It is our expectation that this blog post will serve as a quick reference to these two specific aspects of OCI monitoring with CASB.
Readers who need a refresher on CASB should refer to the documentation here.
Please note that future versions of CASB might provide enhanced features than is covered here and hence readers should refer to the documentation for the latest and greatest.
The documentation also includes some video tutorials that could be useful for users. They are located here.
The current set of OCI resources that could be monitored with CASB is documented here. More OCI resources could be included in this set in future. New features are documented here.
Security Controls and Policy Alerts are the two of the multiple important aspects that could be monitored by CASB for supported targets. We will focus on these two categories of CASB monitoring for OCI in this blog post. The complete list of categories could be found here.
Before we get into the core topic of this blog post, here is a blog post that could help you quickly set-up CASB monitoring for OCI and here is the CASB product documentation for the same. A video tutorial for visually inclined folks is here.
Now, lets’ get to the main focus of this blog post.
Security Controls:
Security Controls are the best practices configuration settings that CASB can monitor for and alert on any deviations. For the most part users don’t need to perform any configuration. Now it is possible to create and activate Security Control Templates that CASB can utilize as its baseline. Details about how to view/modify the Security Control Baseline and uptake the Template feature for OCI are documented here.
Some security controls allow for configuring exceptions in order to control the volume of Risk Events that are created. In addition, some security controls need additional configuration items as these may be different for different customers based on their respective security policies. For example, following is a screen capture of a security control parameter for OCI that allows for providing values for exceptions as well as expects values for configuration parameters:
Tip – For contextual documentation about a certain parameter, click the more information icon besides the name of the Security Control Parameter. This applies, in general, for other UI pages of CASB – Wherever you see this icon, you could get contextual help by clicking on it.
The comprehensive list of all the Security Controls that CASB supports for OCI is documented here
Policy Alerts:
CASB Policies are rules/guidelines that customers want to evaluate on-going events against and capture the events that match a policy so that these events could be reviewed and rectified, if necessary. CASB Cloud Service generates an alert whenever an event that matches the policy occurs. CASB supports two different kinds of policies:
Managed Policies - CASB provides a predefined set of policies for each application type. These are based on general good practices for the respective application types. You should examine the existing policies for your application type, and consider implementing managed policies, before creating your own custom policies. Managed policies could also be duplicated in the Custom Policies section and then customized if the use-case that you are trying to meet is slightly different than that covered by the managed policy. Managed Policies are of two types:
Custom Policies – Customers also have the capability of defining their own custom policies. Customers may need to define custom policies when:
More information about CASB Policies can be found here.
This link describes how to create Custom Policies for OCI.
CASB Managed Policies for OCI:
In order to list and view the Managed Policies for OCI:
As I mentioned above, the list of resources monitored by OCI are listed here. Additionally, in order to modify/customize any Managed Policy follow this section of CASB documentation. Individual policy descriptions explain what is a policy is meant to do and what additional information, if necessary, should be provided (for example with Tier-2 policies).
Please note that new Managed Policies could get added by CASB Engineering for the supported applications from time to time as new features are released. Hence it is a good idea to keep an eye on the new features which are announced here.
I would like to thank my colleague Uday Sambhara for contributing to this blog post.
Next Post