Comprehensive Cloud Security Monitoring for Oracle Cloud Infrastructure

Published on October 26, 2020

As public cloud usage skyrockets, many vendors are offering compelling cloud infrastructure options. Oracle Cloud Infrastructure (OCI) is one such offering. Known for their excellent reputation in data management technology, more enterprises are adopting Oracle Cloud.

But with increased adoption, attackers are increasingly interested in attacking cloud infrastructure. That’s why Securonix now integrates with OCI to provide security monitoring and management for cloud performance, governance and audit tracking, and identity. As a cloud native SIEM, Securonix is ideally positioned to detect and respond to threats to Oracle Cloud Infrastructure.

 

The Securonix-Oracle Cloud Integration

End-To-End Visibility Across Your Cloud Infrastructure

Securonix Next-Gen SIEM integrates with OCI to provide security monitoring and management across:

  • Identities
  • Cloud access security broker (CASB)
  • Object storage and infrastructure events
  • Governance audit events
  • Performance monitoring and tracking using monitoring metrics from different Oracle Cloud Infrastructure services

Additional inputs from OCI, such as CPU utilization and disk usage, help Securonix detect security issues such as cryptomining.

 

Solution Benefits

Securonix detects attacks across the entire enterprise network and provides monitoring support for multiple public clouds with our federated SIEM-based multi cloud monitoring. Using advanced analytics, Securonix combines relevant security events with threat correlation and chains to give your analysts the right information to respond to threats to your enterprise.

Securonix provides a complete, holistic view of threats to OCI – while also being able to integrate with other public cloud, hybrid, and on-premises infrastructure for comprehensive security visibility. With Securonix, security teams will be able to:

  • Improve threat detection by combining event data from OCI cloud services and infrastructure with other network data sources across the entire enterprise network.
  • Faster search and threat hunting with fast historical search capabilities for hunting for existing threats, and live search with community threat intelligence for real-time threat hunting.
  • Visibility into complex, escalating threats with threat chain modelling. Threat chain modelling uses advanced analytics to map related events together so that analysts can respond to threats that develop over time.

 

How Securonix Integrates With Oracle Cloud Infrastructure

Securonix leverages key information from various data sources within OCI, including the following:

  • OCI Out of the Box Connectors
    • Oracle Object Storage- via Events and Notifications
    • Oracle Database
    • Oracle CASB Alerts
    • Oracle Audit Events
    • Oracle Performance
    • Oracle Identity
  • Governance Audit Events: Monitor API calls to Oracle Cloud Infrastructure services such as the Oracle Identity Cloud Service.
  • Performance Monitoring: Monitor key metrics from different services (such as CPU utilization, disk usage activity).
  • OCI CASB Alerts: Threat analytics for cloud access security broker alerts are provided by the Oracle CASB Cloud Service, which allows security monitoring of a host of cloud services.

Context-Driven Threat Identification

The Securonix platform adds critical contextual data to ingested events. Each event is correlated with contextual information such as identity, storage access activities, and other events, detecting cloud-centric threats such as cryptomining, privilege escalation, infrastructure scanning, detection evasion through log modifications, and open object/block storage buckets.

 

Want to learn more? Contact Securonix today to schedule a demo.