1 New Features and Enhancements
The following topics describe new features and enhancements for Oracle® Communications Security Shield Cloud Service releases.
24.0.4.0.0 May 2024
The following information describes the new content and behavior delivered in the latest Oracle® Communications Security Shield Cloud Service (Security Shield) release.
The following table describes the enhancements in the Security Shield 24.0.4.0.0 release.
Table 1-1 New Features and Enhancements
Features and Enhancements | Description |
---|---|
Cloud Communication Service Supports TLS 1.3 |
The Cloud Communication Service ( CSS) supports TLS 1.3
in addition to the versions currently supported.
Instructions for Modifying the cfg/cfg.json File
|
24.0.0.0.0 February 2024
The following information describes the new content and behavior delivered in the latest Oracle® Communications Security Shield Cloud Service (Security Shield) release.
Table 1-2 New Features and Enhancements
Features and Enhancements | Description |
---|---|
Updated User Interface (continued) |
Oracle continued updating the Security Shield User Interface (UI) to align with Oracle styles and standards. You may notice slight variations in behavior, which are documented in the User's Guide along with new screen captures of the affected UI. |
New Scoreboard for Trusted Enterprise Calls |
Oracle added the new Answered Outbound Calls scoreboard metric card to the Dashboard to support the Trusted Enterprise Calls subscription. The Answered Outbound Calls scoreboard metric card
displays the number of outbound calls that were answered, and
when selected, a dashboard with the following content
displays:
See "The Dashboard" chapter in the User's Guide. |
Short Number Processing Enhancement |
To provide better results from phone number lookups, Oracle enhanced the lookup behavior for inbound calls as follows:
|
Always Send the P-OCSS-Call-Info Header |
Security Shield includes the P-OCSS-Call-Info header regardless of the lookup response so you can rely on the P-OCSS-Call-Info header for call treatment. See "P-OCSS-Call-Info Header Codes" in the User's Guide. |
New SPL Options for Inbound and Outbound Calls |
The 24.0.0.0.0 release adds new SPL options to send only inbound or outbound calls to the Security Shield cloud. The SPL option "ocssEnabled" can allow the Session Border Controller to send both inbound and outbound calls to Security Shield for policy lookup. The SPL package provides the flexibility to choose whether you want to send only inbound calls or only outbound calls to Security Shield for policy lookup by way of the new "inboundOnly" and "outboundOnly" spl-option configurations. Configuration options:
Configuration Examples: realm-config
realm-config
About the New SPL Package SPL version: 1.15.0.0 (Package Build : 1.14_20240124223927) Customers currently using Security Shield must upgrade their Session Border Controllers to the latest released SPL, but only after upgrading their tenant to the latest Security Shield release. Get the latest version available for download from Oracle Software Delivery Cloud or My Oracle Support. Install the SPL on the external-facing realm. |
23.3.1.0.0 January 2024
The following information describes the new content and behavior delivered in the latest Oracle® Communications Security Shield Cloud Service (Security Shield) release.
The following table describes the new features and enhancements in the Security Shield 23.3.1.0.0 release.
Features and Enhancements | Description |
---|---|
Trusted Enterprise Calls |
To help you achieve higher answer percentages and longer connection times for your outbound enterprise calls, Security Shield can optionally provide call signing and phone number attestation for trusted outbound enterprise calls. You can use the call attestation service completely through Security Shield or you can use your own call signing and attestation vendor in conjunction with Security Shield. You can use Trusted Enterprise Calls as a standalone subscription or you can use it with the Standard or Premium subscriptions. For North American customers, only. See "Trusted Enterprise Calls" in the User's Guide. |
23.3.0.0.0 - December 2023
The following information describes the new content and behavior delivered in the latest Oracle® Communications Security Shield Cloud Service (Security Shield) release.
The following table describes the new features and enhancements in the Security Shield 23.3.0.0.0 release.
Features and Enhancements | Description |
---|---|
Support for Podman with Oracle Linux 8 |
Security Shield adds support for the Podman container engine for Oracle Linux 8. When you install the Cloud Communications Service during your Security Shield configuration, you can now choose either Podman or Docker as the container engine. In the Installation and Maintenance
Guide see:
|
23.3.0.0.0 - November 2023
The following information describes the new content and behavior delivered in the latest Oracle® Communications Security Shield Cloud Service (Security Shield) release.
The following table describes the new features and enhancements in the Security Shield 23.3.0.0.0 release.
Features and Enhancements | Description |
---|---|
Updated User Interface |
Oracle updated the Security Shield User Interface (UI) to align with current
styles and standards. You may notice slight variations in behavior,
which are documented in the User's Guide
along with new screen captures of the UI. For example,
|
Changes to Reputation Score Classification Mappings |
There are now only three classifications on the Reputation Score Classification page: Low Risk, Medium Risk, and High Risk. Standard Subscription
Premium Subscription
|
Changes to Enforcement Action Mappings for Existing Tenants |
The following changes apply to existing tenants following an upgrade. Existing tenants show six classifications, but will show only three after the upgrade. Security Shield merges existing
classifications into the new ones as follows and gives precedence to
the enforcement action noted with the asterisk.
For example: Suppose you had set Block for Significant Risk and Allow for Suspicious in your existing configuration. After you upgrade, Security Shield combines those classifications into the new Medium Risk classification and prefers the enforcement action set for Suspicious. In this example, Security Shield displays Allow for the enforcement action for the Medium Risk classification. Note: After the upgrade, you can reset the enforcement action for the new classifications on the Reputation Score Classification page. Choices include Allow, Block and Redirect. |
Enforcement Action Defaults for New Tenants |
The following behavior applies to new tenants:
|
23.2.0.0.0 - August 2023
The following information describes the new content and behavior delivered in the latest Oracle® Communications Security Shield Cloud Service release.
The following table describes the new features and enhancements in the Oracle® Communications Security Shield Cloud Service 23.2.0.0.0 release.
Features and Enhancements | Description |
---|---|
Tenant-Based Exclusion List |
You may have other departments, company locations, trusted affiliates, trusted partners, and other trusted entities that call you frequently. You can exclude phone numbers for those parties from risk assessment using a new enforcement action called "Exclude". Such high-frequency numbers may otherwise generate high-risk responses resulting in blocked calls, even though the numbers are trusted. To enable customers to exclude certain trusted high-frequency numbers from risk scoring, Oracle modified the behavior of the Allow enforcement action and added the new Exclude enforcement action. Allow—Oracle® Communications Security Shield Cloud Service ignores the risk assessment and allows the call with no further threat detection evaluation. Oracle® Communications Security Shield Cloud Service classifies the call as "Good." Exclude—Oracle® Communications Security Shield Cloud Service ignores the risk assessment and still evaluates the call against TDoS, Traffic Pumping, Spoofing, and Toll Fraud threat detection. Fraud Risk, Spam Risk and Call Center detection is bypassed. See "Access Control List Enforcement Actions" in the Oracle® Communications Security Shield Cloud Service User's Guide. |
Analytics Reports Enhancement |
Oracle created a new version of the Project Workbook and Data Set for the Oracle® Communications Security Shield Cloud Service Analytics reports for enhanced performance when loading the data set. The enhanced Project workbook and Data Set, called OCSS 2.0, contains all the same default reports and data points as before with no additions. Unlike the previous Project workbook, OCSS 2.0 uses materialization to pre-compute the data set. The advantage of materialization is faster loading times compared to querying the base table view of the data, which is especially beneficial for large data sets. Oracle recommends that you use filters to limit the data that is loaded for even greater efficiency. If you set the filters to the full 30 days, with all other filters disabled, loading times may be longer because the loading time is a function of the data size. Note: The materialization process updates the data set every five minutes, so you may notice that some new calls do not appear in the results right away. You can still use the original analytics Project Workbook and Data Set, called OCSS on the UI, with no modification required, for at least the duration of the 23.2.0.0.0. release. If you have existing reports based on the OCSS Project Workbook and Data Set, Oracle recommends moving them to the OCCS 2.0 Project because the OCSS Project Workbook and Data Set will reach end-of-life in the not distant future. Important: From the 23.2.0.0.0 release and forward, when you create a custom analytics Project, you must use OCSS 2.0. See "Call Traffic Analytics" in the Oracle® Communications Security Shield Cloud Service User's Guide. |
Support for Multi-Factor Authentication to Cloud Account (OCI Console) |
As part of continuous efforts to improve the security of Oracle Cloud Infrastructure (OCI), Oracle started the next phase of the Multi-Factor Authentication plan for the OCI Console. The new policy is designed specificity to help prevent the compromise of customer cloud accounts (OCI Console). It is not for access to the Oracle® Communications Security Shield Cloud Service Dashboard and analytics. To learn more about the policy, see About the "Security Policy for OCI Console" Sign-On Policy. New Customers All new Identity Access Management (IAM) domains and Identity Cloud Service (IDCS) stripes now include a sign-on policy named "Security Policy for OCI Console" seeded in the active state. Existing Customers After a two-week period of seeding the policy in a disabled state, Oracle will activate the policy for existing customers who do not activate it themselves. The Appendix at the end of this document explains the enforcement rules Oracle will apply. The new policy is in effect. Oracle is activating the "Security Policy for OCI Console" by default. If you want to opt out of Oracle automatically activating the policy, delete the "Security Policy for OCI Console" sign-on policy using REST APIs. See Delete a Policy For information about the enforcement rules Oracle applies to activating the new Multi-Factor Authentication policy for the OCI Console, see Appendix-A for What's New 23.2.0.0.0. |
Cloud Communication Service (CCS) Patch Released |
Oracle pushed Cloud Communication Service release 1.3.0.1 to My Oracle Support (MOS) as 1.12.10 (Program Increment 12, Patch 12). Ensure that your deployment uses the version of CCS in the 1.12.10 package. There are no CCS changes for Program Increment 13 (23.2.0.0.0 ). |
Appendix-A for What's New 23.2.0.0.0
Oracle will not activate the Multi-Factor Authentication policy for Oracle Cloud Infrastructure (OCI) when an active external IDP (SAML/Social or X.509) is configured in the IAM domain or IDCS Stripe. When no external IDP is configured, the enforcement rule in the following table applies.
Table 1-3 Activation Rules
Tenancy Type | Sign-on Policy "Security Policy for OCI Console" status | The customer has defined its own sign-on policy for the OCI Console or has explicitly assigned the OCI Console to the default sign-on policy | Sign-on policy "Security Policy for OCI Console" status after forced activation |
---|---|---|---|
With IAM Domain (All domain types) | Present and enabled | N/A. When the customer has a sign-on policy in place, there is no change. | No Change. |
Present and disabled | No | Change the policy to Present and enabled | |
Present and disabled | Yes | No Change. Oracle will not overwrite a customer-defined policy. | |
Deleted | N/A | No change. | |
With IDCS Stripes Enabled (All IDCS Types) | Present and enabled | N/A. When the customer has a sign-on policy in place, there is no change. | No Change. |
Present and disabled | No | Change the policy to Present and enabled. | |
Present and disabled | Yes | No Change. Oracle we will not overwrite a customer-defined policy. | |
Deleted | N/A | No Change. |
23.1.0.0.0 - May 2023
The following information describes the new content and behavior delivered in the latest Oracle® Communications Security Shield Cloud Service (Security Shield ) release.
The following table describes the new features and enhancements in the Security Shield 23.1.0.0.0 release.
Features | Description |
---|---|
Policy Updates |
Oracle streamlined how the Session Border Controller learns of policy updates after an initial response from OCSS, so that you no longer need to provision a network device to allow traffic into your network. |