1. Using Oracle CASB Cloud Service
  2. Monitoring Cloud Applications
  3. Analyzing User Activity Risks and Trends
  4. Different Types of Risk That Oracle CASB Cloud Service Monitors

Different Types of Risk That Oracle CASB Cloud Service Monitors

Oracle CASB Cloud Service monitors four different categories of risk. Data for different types of risk is displayed in different parts of the Oracle CASB Cloud Service console.

Risks Where to find them

User behavior risks

The Oracle CASB Cloud Service Users page. Oracle CASB Cloud Service provides a risk score for each user based on the user's activity history. The risk score is based on hundreds of behavioral parameters (for example, logins, failed logins, and file downloads). When the user's amount of activity for a particular parameter spikes from their normal usage history, Oracle CASB Cloud Service increases the user's risk score and provides details of the user's actions as it relates to the parameter.

Suspicious activity, indicative of a threat

These are specific behavior patterns that appear to be suspicious. Examples: Possible account compromise for an administrator based on an unusual amount of administrative changes, a user who is hopping between IP addresses and geographical locations.

Oracle CASB Cloud Service displays the number of threats found in the Dashboard section of the console, and displays a description of each threat in the Risk Events page (with an option to drill down into details for the alert).

Oracle CASB Cloud Service also displays a risk score based on anomalous activity in the Users page.

Security control

This is a non conforming security configuration value that can leave your users or data at a higher risk of compromise. Examples include settings that permit users to create a five-character password or leave sessions idle for 12 hours before a timeout.

Oracle CASB Cloud Service displays the number of security control alerts in the Dashboard. You can read the complete alert in the Risk Events page.

Note:

Monitoring for weak security settings isn't currently supported for Office 365.

Policy alert

A policy is a rule (for example, "if anyone shares a file tagged Confidential, generate an alert." When Oracle CASB Cloud Service detects an event that matches a policy, it generates an alert in the console, and it can also send the alert over email. Examples of actions that are often the subject of policies include changes to access control lists, creating or deleting privileged roles and users, and downloading or sharing sensitive files.

Oracle CASB Cloud Service displays the number of policy violations found in the Dashboard. You can find a complete description of each policy alert in the Risk Events page.

Finally, you can can configure policies and optionally direct policy alerts to an email recipient in Configuration, Policy Management.