Oracle Cloud Platform Identity and Security Management 1z0–1070-Notes

In this blog post, I will share few of my notes that might be useful if you are preparing for Oracle Cloud Platform Identity and Security Management 2019 Associate. All content mentioned in the blog has been taken from multiple Oracle documents/bookshelf.

Oracle Identity SOC Security Solution

Oracle’s Identity Security Operations Center (SOC) is comprised of several cloud services to create a comprehensive security system for cloud environments. It includes Oracle Identity Cloud Service, Oracle CASB Cloud Service, Oracle Security and Monitoring Analytics Cloud Service and Oracle Configuration and Compliance Cloud Service to create a solution.

1. The Oracle Identity SOC is an identity and context-aware intelligence and automation solution.
2. The integrated technologies include Security Incident and Event Management (SIEM), User & Entity Behavior Analytics (UEBA), Identity Management (IDM), and Cloud Access Security Broker (CASB).
3. Oracle’s modern identity based SOC incorporates threat intelligence from open source and commercial feeds, IP white/blacklists, device reputation, known vulnerability databases, geo-location, and more.

Image from Oracle WebSite

http://www.aioug.org/ODevCYatra/2018/Chetan_ODevCYatra2018-OMC-SecurityServices-July2018.pdf

Read: http://www.oracle.com/us/products/middleware/identity-management/identity-soc-security-solution-3398075.pdf

Oracle Identity Cloud Service

1. Oracle Identity Cloud Service provides identity management, single sign-on (SSO), and identity governance for applications on-premises, in the cloud, or for mobile devices.
2. Oracle Identity Cloud Service supports open identity standards such as SAML and OpenID Connect for single-sign-on capabilities (SSO) and provides SSO for crossplatform applications.
3. By integrating Oracle Identity Cloud Service with Oracle CASB (Cloud Access Security Broker) Cloud Service, powerful supervised and unsupervised machine learning techniques can be used for advanced threat detection.

For security purposes, identity domain administrators, security administrators, and application administrators can define network perimeters in Oracle Identity Cloud Service. After creating a network perimeter, you can prevent users from signing in to Oracle Identity Cloud Service if they use one of the IP addresses in the network perimeter. This is known as blacklisting.

Similarly whitelisting can also be done.

https://docs.oracle.com/en/cloud/paas/identity-cloud/uaids/understand-administrator-roles.html

Support for Open Standards

All components of IDCS are built on modern Cloud principles and use standard open stack protocols.

OpenID Connect for browser-based user authentication
OAuth2 for securing REST API calls
HTTP cookies for tracking user’s active sessions
JWT-based tokens for applications to map authenticated Cloud identities to local application identities
SAML for providing Single Sign on for Cross Domain applications using Federation
SCIM for simplified user management in the Cloud by defining a schema for representing users and groups
RESTful APIs for all identity functions for customization and headless operations

Read: https://docs.oracle.com/en/cloud/paas/identity-cloud/uaids/oracle-identity-cloud-service.html

Whitepaper: https://www.oracle.com/assets/idcs-business-whitepaper-3097391.pdf

Oracle Management Cloud

Oracle Management Cloud is a comprehensive suite of integrated monitoring, management, security and analytics services.

In OMC, we have the CASB Cloud service, which is used to provide security to your SaaS applications, as well as infrastructure and service. We have the Identity Cloud Service, which is used to provide security for your users and do single sign-on. And then we have the other services that are part of OMC umbrella — so the Configuration and Compliance Cloud Service, the Log Analytics Cloud Service, and the Orchestration Cloud Service, which cuts across in the sense that you can actually create your own workflows to do remediation and response activities.

Read: https://blogs.oracle.com/managementcloud/oracle-management-cloud-for-oracle-identity-and-access-management

Image from Oracle Website

Read: https://www.oracle.com/uk/cloud/systems-management/cloud-services.html

Oracle CASB: Cloud Access Security Broker

https://www.oracle.com/uk/cloud/security/cloud-services/casb-cloud.html

Taken From: https://www.youtube.com/watch?v=dbLpAPsjWcM

1. Oracle CASB Cloud Service includes support for IaaS including Amazon Web Services (AWS) and Rackspace, as well as support for SaaS applications including Box, GitHub, Google Apps, Microsoft Office 365, ServiceNow, and Salesforce.
2. Oracle CASB Cloud Service classifies the risks that it detects into one of these categories: Weak or noncompliant Security control, Policy alert, Anomalous behavior, Suspicious behavior
3. ServiceNow is the only incident management provider supported by Oracle CASB Cloud Service currently. It is not set up by default.
4. Splunk is the only SIEM provider supported by Oracle CASB Cloud Service currently.
5. The Threat Intelligence Providers page subscribes your Oracle CASB Cloud Service tenant to three of the most up-to-date threat intelligence services

• Tor gives Oracle CASB Cloud Service insight into anonymous proxy usage.
• Digital Element allows Oracle CASB Cloud Service to better resolve IP addresses to physical locations, as well as providing information about the relationship between an IP address and the underlying domain name.
• abuse.ch provides Oracle CASB Cloud Service with detailed information about URL classification, domain classification, and IP reputation.

Threat categories

https://docs.oracle.com/en/cloud/paas/casb-cloud/palug/cloud-security-monitoring.html#GUID-D0DD747D-EF44-4417-9E4C-2C35EBE5E8A9

About Risk Management and Incident Tracking

Oracle CASB Cloud Service helps you manage them through a lightweight incident tracking system. You can export incident tickets from Oracle CASB Cloud Service to a central ticketing system.

BookShelf: https://docs.oracle.com/en/cloud/paas/casb-cloud/index.html

Read: https://www.prnewswire.com/news-releases/oracle-continues-innovation-and-expansion-of-cloud-security-offerings-300468253.html

UBE: https://www.oracle.com/assets/user-behavior-analytics-3497541.pdf

Oracle Security Monitoring and Analytics

Oracle Management Cloud is a suite of next-generation integrated monitoring, management, and analytics cloud services that leverage machine learning and big data techniques against the full breadth of the operational data set.

we have the security monitoring and analytic service as well as the configuration and compliance service. And the orchestration service would be used to do automatic remediation.

Security Monitoring and Analytics provides integrated SIEM ( security information and event management)and UEBA ( user and entity behavior analytics)capabilities built on machine learning, user session awareness, and up-to-date threat intelligence context. This service is built on Oracle Management Cloud’s secure, unified big data platform.

Real-time threat detection based on rules and patterns:

Universal threat visibility — Collect and analyze any security relevant data.
SOC-ready content — Ready to use, vendor neutral SOC content library.
Threat intelligence leverage — Connect to any threat feed, leverage embedded reputation data.

Advanced threat analytics and visualization:

Data access anomaly detection — Detect SQL query anomalies for any user, database or application.
Identify anomalous activity of an entity based on instance-based and peer-based behavior baselines.
Multi-dimensional anomaly detection — Detect anomalies across multiple behavioral attributes.
Session awareness and attack chain visualization — Faster detection with user awareness kill chain visualization.

Enhanced Security Monitoring with Oracle Management Cloud Platform:

Topology awareness — Detect multi-tier application attacks and lateral movement indicators.
Additional features include:

• Correlation Rule-tunning
• Customizable Watchlists
• Storage management
• Integration with IDCS and CASB services

Bookshelf: https://docs.oracle.com/en/cloud/paas/management-cloud/omsma/getting-started-oracle-security-monitoring-and-analytics.html

Oracle Configuration and Compliance

1. Oracle Configuration and Compliance is a cloud-first solution that helps you assess the compliance of your on-premises, cloud, or hybrid cloud environments based on your business objectives. Oracle Configuration and Compliance automatically assesses, scores, and reports on the compliance posture of your enterprise.
2. Oracle Configuration and Compliance enables you to use Open Vulnerability and Assessment Language (OVAL) industry standards when you run compliance assessments.

Read: https://docs.oracle.com/en/cloud/paas/management-cloud/configuration-compliance.html

“Federated SSO is established with trust between multiple organizations (inter-organizational) to authorize each other’s users . SSO is practiced inside an organization (intra-organizational) so that the user can access resources (different web properties and applications) within an organization.

Delegated Authentication

With delegated authentication, identity domain administrators and security administrators don’t have to synchronize user passwords between an on-premises Microsoft Active Directory (AD) enterprise directory structure and Oracle Identity Cloud Service.

Identity Provider

Identity Assertion

Identity Propagation

All components of IDCS are built on modern Cloud principles and use standard open stack protocols.

1. OpenID Connect for browser-based user authentication
2. OAuth2 for securing REST API calls
3. HTTP cookies for tracking user’s active sessions
4. JWT-based tokens for applications to map authenticated Cloud identities to local application identities
5. SAML for providing Single Sign on for Cross Domain applications using Federation
6. SCIM for simplified user management in the Cloud by defining a schema for representing users and groups
7. RESTful APIs for all identity functions for customization and headless operations

Oracle Identity Cloud Service administrator roles

1. Identity domain administrator
2. Security administrator
3. Application administrator
4. User administrator
5. User manager
6. Audit administrator
7. User

As an audit administrator, identity domain administrator, or application administrator, you can run operational or historical reports that capture data about Oracle Identity Cloud Service users, applications, and diagnostic log levels.

Two user reports are available with Oracle Identity Cloud Service:

• Successful Login Attempts: View users who have logged in to Oracle Identity Cloud Service successfully.
• Unsuccessful Login Attempts: View users who have not logged in to Oracle Identity Cloud Service successfully.

Two application reports are available with Oracle Identity Cloud Service:

• Application Access: View how many times users logged in to both Oracle Identity Cloud Service, and Oracle and custom applications in your identity domain.
• Application Role Privileges: View application role grants and revokes for users and groups for applications that are configured in Oracle Identity Cloud Service.

One diagnostic data report is available with Oracle Identity Cloud Service.

• Diagnostic Data: View logging data captured in Oracle Identity Cloud Service.

REST APIs

1. Support for OpenID Connect with Oracle Identity Cloud Service as an Identity Provider
2. Support for OAuth2 service with range of token grant types that enable you to securely connect clients to services.
3. REST API supports SCIM 2.0 compliant endpoints with standard SCIM 2.0 core schemas

Oracle Security Monitoring and Analytics Cloud Service

1. Security solution provided by Oracle
2. Anomaly detection and investigations, and remediation of the broadest range of security threats across on-premises and cloud
3. Integrated security information and event management (SIEM) capabilities
4. User and entity behavior analytics (UEBA) capabilities
5. built on machine learning, user session awareness, and up-to-date threat intelligence context.

More Details: https://docs.oracle.com/en/cloud/paas/management-cloud/omsma/index.html

Good to Know Points

Personally identifiable information (PII) is any data that could potentially identify a specific individual.

Oracle Cloud at Customer service delivers Oracle enterprise-grade cloud SaaS, PaaS and IaaS services to customer’s datacenters.

The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization,

Taken From: http://www.oracle.com/us/solutions/cloud/oracle-cloud-machine-ds-2949541.pdf

Oracle Orchestration Cloud Service

Oracle Orchestration Cloud Service allows security administrators to automatically respond to issues, alerts, and events, and to set up custom rules with their favorite scripting languages and configuration software.

Sources:

http://www.oracle.com/us/solutions/cloud/oracle-cloud-machine-ds-2949541.pdf
http://www.oracle.com/us/solutions/cloud/future-of-cyber-security-4302684.pdf
http://www.oracle.com/us/oracle-cloud-essentials-3803237.pdf
https://www.oracle.com/corporate/pressrelease/oracle-security-cloud-growth-051217.html
https://www.oracle.com/cloud/security/index.html
https://blogs.oracle.com/cloudsecurity/oracle-introduces-identity-centric-cloud-security-with-identity-soc-by-rohit-gupta
https://www.oracle.com/corporate/pressrelease/oracle-security-cloud-growth-051217.html