1. Using Oracle CASB Cloud Service
  2. Enhancing Security
  3. Maintaining Secure Configuration Settings
  4. About Security Configuration Monitoring

About Security Configuration Monitoring

Understand how Oracle CASB Cloud Service can help maintain security configurations for a cloud application or service.

All enterprise cloud applications have security-related settings, such as requirements for password complexity and automatic timeouts for sessions that are idle, that are your first line of defense for protecting your data and users. For example, when users are permitted to keep idle sessions for hours at a time, it greatly increases the risk of their accounts being compromised.

When an Oracle CASB Cloud Service administrator registers a cloud application or service, Oracle CASB Cloud Service establishes a baseline for various security controls in the instance, and generates risk events when the instance's settings deviate from the baseline.

Some of the security settings that Oracle CASB Cloud Service monitors are generic, for example, password complexity requirements. Many of the settings are specific to the cloud application or service, and without Oracle CASB Cloud Service these would require expertise in the service to configure correctly. For example, Oracle CASB Cloud Service automatically monitors Amazon Web Services (AWS) for insecure S3 bucket encryption settings, weak network ACLs, and security groups with sensitive ports that are exposed to the internet.

There are a few ways that Oracle CASB Cloud Service can help maintain security configurations for a cloud application or service:

  • When you add or register a cloud application, as described in Registering Cloud Applications with Oracle CASB Cloud Service in Monitor-only mode, Oracle CASB Cloud Service automatically alerts you when it detects security configuration settings in the application that diverge from Oracle CASB Cloud Service's internal benchmarks.

  • When you register a cloud application or service in Monitor and push controls mode, you select the settings that you want to configure in the application or service. When registration is complete, Oracle CASB Cloud Service automatically updates the security configuration settings in the application or service, and then subsequently alerts you when it detects any modifications to these settings.

  • You can create incident tickets for non compliant security controls, and export the tickets to a central system.

Note:

Monitoring for weak security settings isn't supported for Office 365.