Security Monitoring & Incident Prevention
How Do We Monitor Security Compliance in OCI?
We recommend Oracle Cloud Guard to get a broad view of your cloud security posture across Oracle Cloud Infrastructure. Cloud Guard can detect misconfigured resources and insecure activity. It then provides security administrators with the visibility to triage and resolve cloud security issues.
For more information on Cloud Guard, please see here…
We also recommend the OCI Vulnerability Scanning Service (VSS). This capability is integrated with Cloud Guard. VSS scans instances and containers for known vulnerabilities. This includes checking installed packages for known vulnerabilities as well as open ports. The intention is to reduce the attack surface for a deployment by identifying applications and ports that could be problematic. VSS also checks the OS configuration against published OS-specific CIS benchmarks. The results of the scans feed into Cloud Guard to raise visibility and enable remediation.
For more information on Vulnerability Scanning Service, please see…
Vulnerability Scanning Service
How Does OCI Protect Against Malicious Internet Traffic?
To protect against malicious internet traffic, we recommend using Oracle Web Application Firewall (WAF). WAF can identify and protect any internet-facing endpoint from a range of OWASP-defined threats, including Cross-Site Scripting and SQL Injection.
For more information on Web Application Firewall, please see…
Overview of Web Application Firewall
How Do We Understand And Manage Activity in OCI?
Making sense of the vast amounts of logging data produced in an OCI tenancy can be a real challenge. We recommend the use of the Logging Service to understand better how resources are performing and being accessed.
There are three types of logs available in the logging service;
-
Audit logs: Logs related to events emitted by the Oracle Cloud Infrastructure Audit service. These logs are available from the Logging Audit page or are searchable on the Search page alongside the rest of your logs.
-
Service logs: Emitted by OCI native services, such as API Gateway, Events, Functions, Load Balancing, Object Storage, and VCN Flow Logs. These supported services have pre-defined logging categories that you can enable or disable on your respective resources.
-
Custom logs: Logs containing diagnostic information from custom applications, other cloud providers, or an on-premises environment. Custom logs can be ingested through the API or by configuring the Unified Monitoring Agent. You can configure an OCI compute instance/resource to directly upload Custom Logs through the Unified Monitoring Agent. Custom logs are supported in both a virtual machine and bare metal scenario.