Skip to main content

What is CASB - Oracle CASB Cloud Service

What is CASB:
Cloud Access Security Brokers is a term coined by Gartner to describe cloud solutions centered around these four main pillars: visibility, compliance, data security, and threat protection. As per Gartner Cloud access security brokers (CASBs) are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on. 

To Summarize CASB is a service which is used to secure and monitor Cloud and On-Prem applications and to respond with remediation in case of Threats or suspicious events are detected. Key is the analysis of events generated in the application and intelligence on those events to map it to a threat.Remediation of CASB's can be of various degrees starting from generating a ticket to step up authentication for user and blocking the access eventually.

Broadly CASB's can be classified in two categories: API based CASB and Proxy based CASB.
API based CASB's use API provided by applications to monitor and secure applications while Proxy based CASB's use a agent on the network to monitor the user access. Pros and cons of these CASB's are a topic of another discussion.

Oracle CASB Cloud Service:

Oracle CASB cloud service is a API based CASB service. Oracle CASB can monitor Iaas, Pass and SaaS applications which is unique in nature as most of the CASB vendors are focused around SaaS applications. The model on which Oracle CASB works is based on four pillars : Discover, Secure, Monitor, Respond.
Oracle CASB connects to applications using API and detects the events in the applications like login activities, user access, security controls. Discovery in Oracle CASB is of two types: 'Shadow IT discovery' which is from the top view what applications user are accessing and Deep Dive discovery which is from the event and audit logs of application about what users are accessing within. Oracle CASB can also monitor and push standard compliance control to the applications.
Once events are gathered from the applications they are processed in the analytics engine of Oracle CASB and run through the policy engine, threat engine and machine learning. Based on the analytics user behavioral profiling is done and events are categorized as Policy alerts, threats and controls. User activities are also verified against IP reputation lists and location feeds. Below is the view of the Dashboard:


After the events are analysed, re-mediate actions are taken based on the severity of the event. Oracle CASB can be integrated with an Incident management tool in the organization and a incident can be raised for the suspicious activities. Oracle CASB also has a built in light weight ticketing tool where Incidents can be assigned and owners will be notified by the email about the assignment and status. Oracle CASB can also be integrated with SIEM (security information and event management) tools to gather the activities in other enterprise applications. Data provided by SIEM solutions are then analysed in CASB.


Comments

  1. Mirnalini Sathya10 March 2018 at 03:53

    Excellent blog on Cloud Computing where I can see some unknown facts about cloud computing. Please update your thoughts frequently.
    Cloud Computing Certification in Chennai
    Cloud Certification in Chennai

    ReplyDelete
  2. Securium Solutions2 April 2021 at 04:19


    Cloud Access Security Broker is a secure application designed to protect the cloud and associated information from vulnerabilities. To get Cloud Access Security Broker Services in India, Securium Solutions is one of the best companies for giving cyber security services.

    ReplyDelete

Post a Comment

Popular posts from this blog

Developing Prepopulate Adapter with OIM 11g R2

1.      Prepopulate Adapter in OIM uses the plugin point oracle.iam.request.plugins.PrePopulationAdapte r. 2.      Write the Java code which returns the value which has to be populated on the form. 3.      This code will implement the plugin point oracle.iam.request.plugins.PrePopulationAdapte r. Code Snippet: - package com.oracle.oim.utility.eventhandler; import java.io.Serializable; import java.util.Iterator; import java.util.List; import java.util.logging.Logger; import oracle.iam.identity.exception.NoSuchUserException; import oracle.iam.identity.exception.UserLookupException; import oracle.iam.identity.usermgmt.api.UserManager; import oracle.iam.identity.usermgmt.vo.User; import oracle.iam.platform.Platform; import oracle.iam.platform.authz.exception.AccessDeniedException; import oracle.iam.request.exception.RequestServiceException; import oracle.iam.request.vo.Beneficiary; import oracle.iam.request.vo.RequestData; public c
5 comments
Read more

OIM Tuning

Application Module tuning is a critical setting which will affect the UI performance. Following are the recommended application module settings for OIM and these are already set out-of-box (OOB) in later releases of OIM 11g R2. Ensure that these settings are implemented as recommended in your environment. -Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -Djbo.recyclethreshold=60 - Djbo.ampool.timetolive=-1 -Djbo.load.components.lazily=true - Djbo.doconnectionpooling=true -Djbo.txn.disconnect_level=1 - Djbo.connectfailover=false -Djbo.max.cursors=5 - Doracle.jdbc.implicitStatementCacheSize=5 - Doracle.jdbc.maxCachedBufferSize=19 open DOMAIN_HOME/bin/setDomainEnv.sh file for the WebLogic Server instance.find these lines: JAVA_OPTIONS="${JAVA_OPTIONS}" export JAVA_OPTIONS and change it to: JAVA_OPTIONS="-Djbo.ampool.doampooling=true -Djbo.ampool.minavailablesize=1 -Djbo.ampool.maxavailablesize=120 -D
Post a Comment
Read more

What is Application Instance

Application instance is a provisionable entity. It is a combination of IT resource instance (target connectivity and connector configuration) and resource object (provisioning mechanism) . Creating and managing application instances are performed by using the Oracle Identity System Administration. Once Created Application Instance can be requested from the catalog. Application instances can be connected or disconnected.  Connected application  instance -It has a connector defined for the provisioning of entities. Account is created in the target system real time in case of connected Application Instance. Disconnected  application instance - It is used for the provisioning of a disconnected resource, for which  a connector is not defined, and therefore, the provisioning is performed manually by the administrator. A mail trigger system can also be attached which sends the account creation/modification/deletion mails to the application owner.
Post a Comment
Read more