Oracle Cloud Platform Identity and Security Management 1z0–1070-Notes

In this blog post, I will share few of my notes that might be useful if you are preparing for Oracle Cloud Platform Identity and Security Management 2019 Associate. All content mentioned in the blog has been taken from multiple Oracle documents/bookshelf.

Oracle Identity SOC Security Solution

Oracle’s Identity Security Operations Center (SOC) is comprised of several cloud services to create a comprehensive security system for cloud environments. It includes Oracle Identity Cloud Service, Oracle CASB Cloud Service, Oracle Security and Monitoring Analytics Cloud Service and Oracle Configuration and Compliance Cloud Service to create a solution.

Image from Oracle WebSite
http://www.aioug.org/ODevCYatra/2018/Chetan_ODevCYatra2018-OMC-SecurityServices-July2018.pdf

Read: http://www.oracle.com/us/products/middleware/identity-management/identity-soc-security-solution-3398075.pdf

Oracle Identity Cloud Service

For security purposes, identity domain administrators, security administrators, and application administrators can define network perimeters in Oracle Identity Cloud Service. After creating a network perimeter, you can prevent users from signing in to Oracle Identity Cloud Service if they use one of the IP addresses in the network perimeter. This is known as blacklisting.

Similarly whitelisting can also be done.

https://docs.oracle.com/en/cloud/paas/identity-cloud/uaids/understand-administrator-roles.html

Support for Open Standards

All components of IDCS are built on modern Cloud principles and use standard open stack protocols.

OpenID Connect for browser-based user authentication
OAuth2 for securing REST API calls
HTTP cookies for tracking user’s active sessions
JWT-based tokens for applications to map authenticated Cloud identities to local application identities
SAML for providing Single Sign on for Cross Domain applications using Federation
SCIM for simplified user management in the Cloud by defining a schema for representing users and groups
RESTful APIs for all identity functions for customization and headless operations

Read: https://docs.oracle.com/en/cloud/paas/identity-cloud/uaids/oracle-identity-cloud-service.html

Whitepaper: https://www.oracle.com/assets/idcs-business-whitepaper-3097391.pdf

Oracle Management Cloud

Oracle Management Cloud is a comprehensive suite of integrated monitoring, management, security and analytics services.

In OMC, we have the CASB Cloud service, which is used to provide security to your SaaS applications, as well as infrastructure and service. We have the Identity Cloud Service, which is used to provide security for your users and do single sign-on. And then we have the other services that are part of OMC umbrella — so the Configuration and Compliance Cloud Service, the Log Analytics Cloud Service, and the Orchestration Cloud Service, which cuts across in the sense that you can actually create your own workflows to do remediation and response activities.

Read: https://blogs.oracle.com/managementcloud/oracle-management-cloud-for-oracle-identity-and-access-management

Image from Oracle Website

Read: https://www.oracle.com/uk/cloud/systems-management/cloud-services.html

Oracle CASB: Cloud Access Security Broker

https://www.oracle.com/uk/cloud/security/cloud-services/casb-cloud.html
Taken From: https://www.youtube.com/watch?v=dbLpAPsjWcM

Threat categories

https://docs.oracle.com/en/cloud/paas/casb-cloud/palug/cloud-security-monitoring.html#GUID-D0DD747D-EF44-4417-9E4C-2C35EBE5E8A9

About Risk Management and Incident Tracking

Oracle CASB Cloud Service helps you manage them through a lightweight incident tracking system. You can export incident tickets from Oracle CASB Cloud Service to a central ticketing system.

BookShelf: https://docs.oracle.com/en/cloud/paas/casb-cloud/index.html

Read: https://www.prnewswire.com/news-releases/oracle-continues-innovation-and-expansion-of-cloud-security-offerings-300468253.html

UBE: https://www.oracle.com/assets/user-behavior-analytics-3497541.pdf

Oracle Security Monitoring and Analytics

Oracle Management Cloud is a suite of next-generation integrated monitoring, management, and analytics cloud services that leverage machine learning and big data techniques against the full breadth of the operational data set.

we have the security monitoring and analytic service as well as the configuration and compliance service. And the orchestration service would be used to do automatic remediation.

Security Monitoring and Analytics provides integrated SIEM ( security information and event management)and UEBA ( user and entity behavior analytics)capabilities built on machine learning, user session awareness, and up-to-date threat intelligence context. This service is built on Oracle Management Cloud’s secure, unified big data platform.

Real-time threat detection based on rules and patterns:

Universal threat visibility — Collect and analyze any security relevant data.
SOC-ready content — Ready to use, vendor neutral SOC content library.
Threat intelligence leverage — Connect to any threat feed, leverage embedded reputation data.

Advanced threat analytics and visualization:

Data access anomaly detection — Detect SQL query anomalies for any user, database or application.
Identify anomalous activity of an entity based on instance-based and peer-based behavior baselines.
Multi-dimensional anomaly detection — Detect anomalies across multiple behavioral attributes.
Session awareness and attack chain visualization — Faster detection with user awareness kill chain visualization.

Enhanced Security Monitoring with Oracle Management Cloud Platform:

Topology awareness — Detect multi-tier application attacks and lateral movement indicators.
Additional features include:

Bookshelf: https://docs.oracle.com/en/cloud/paas/management-cloud/omsma/getting-started-oracle-security-monitoring-and-analytics.html

Oracle Configuration and Compliance

Read: https://docs.oracle.com/en/cloud/paas/management-cloud/configuration-compliance.html

Federated SSO is established with trust between multiple organizations (inter-organizational) to authorize each other’s users . SSO is practiced inside an organization (intra-organizational) so that the user can access resources (different web properties and applications) within an organization.

Delegated Authentication

With delegated authentication, identity domain administrators and security administrators don’t have to synchronize user passwords between an on-premises Microsoft Active Directory (AD) enterprise directory structure and Oracle Identity Cloud Service.

Identity Provider

Identity Assertion

Identity Propagation

All components of IDCS are built on modern Cloud principles and use standard open stack protocols.

Oracle Identity Cloud Service administrator roles

As an audit administrator, identity domain administrator, or application administrator, you can run operational or historical reports that capture data about Oracle Identity Cloud Service users, applications, and diagnostic log levels.

Two user reports are available with Oracle Identity Cloud Service:

Two application reports are available with Oracle Identity Cloud Service:

One diagnostic data report is available with Oracle Identity Cloud Service.

REST APIs

Oracle Security Monitoring and Analytics Cloud Service

More Details: https://docs.oracle.com/en/cloud/paas/management-cloud/omsma/index.html

Good to Know Points

Personally identifiable information (PII) is any data that could potentially identify a specific individual.

Oracle Cloud at Customer service delivers Oracle enterprise-grade cloud SaaS, PaaS and IaaS services to customer’s datacenters.

The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization,

Taken From: http://www.oracle.com/us/solutions/cloud/oracle-cloud-machine-ds-2949541.pdf

Oracle Orchestration Cloud Service

Oracle Orchestration Cloud Service allows security administrators to automatically respond to issues, alerts, and events, and to set up custom rules with their favorite scripting languages and configuration software.

Sources:

http://www.oracle.com/us/solutions/cloud/oracle-cloud-machine-ds-2949541.pdf
http://www.oracle.com/us/solutions/cloud/future-of-cyber-security-4302684.pdf
http://www.oracle.com/us/oracle-cloud-essentials-3803237.pdf
https://www.oracle.com/corporate/pressrelease/oracle-security-cloud-growth-051217.html
https://www.oracle.com/cloud/security/index.html
https://blogs.oracle.com/cloudsecurity/oracle-introduces-identity-centric-cloud-security-with-identity-soc-by-rohit-gupta
https://www.oracle.com/corporate/pressrelease/oracle-security-cloud-growth-051217.html

In quest of understanding How Systems Work !