ELI5: OCI CloudGuard
I like it when complex things are made simple. And the strange thing is, whilst most of what is in the cloud isn’t really all that complex, the hyperscalers seem to do a really good job of simultaneously giving you too much information and not enough (this is the one thing they all seem to have in common!)
I just want to know how something works. Like, conceptually.
I put together the functional diagram above to capture the high-level function of OCI CloudGuard for a customer and figured it’d be worth sharing in the event it helps others who are seeking to communicate how a functional CloudGuard flow is constructed. For those that are unfamiliar, CloudGuard is (roughly) the OCI equivalent of Azure Defender for Cloud CSPM and AWS Security Hub. So here is my ELI5 (Explain Like I’m 5… thanks Reddit) for OCI Cloud Guard:
Targets: Associate an OCI compartment (and its included resources) with a set of Detector and Responder Recipes
Detector Recipes: A set of posture checks performed against the target resources
领英推荐
Problem: A problem is logged when a resource fails an enabled posture check (e.g. a Public IP address is assigned to a resource). Problems can have user defined severity levels.
Responder Recipes: Define a set of treatments for problems (i.e. notify or remediate)
Events: When a problem is logged, the responder emits an Event to OCI Events - a standardised messaging bus across OCI services
Notification: Rules in the OCI Events service can be configured to trigger on Events raised by the CloudGuard service which publish a message to a Topic.
Subscribers: Consumers of messages published to a Topic. These consumers are services in themselves which do things like Send an Email, triggering a Serverless Function to make an API call or alert a pager service.
Hope it helps!
Finance & Technology Integration | Wealth Management | Unlock Tech-Driven Growth
1 年It's also probably worth adding in Instance Principal Authentication. I find this a game changer.. especially when you use the PL/SQL SDK. Now that's impressive. Scott
Enterprise Solutions Architect | Data, Infrastructure and Cloud | Oracle Cloud Infrastructure Specialist
1 年Thanks Tom. I’m a visual person too.
Principal Cyber Security Consultant
1 年A great diagram Tom. There’s also the ability to ingest custom logs using the “Log Insight Detector” to extend out of the box detectors. And there’s detectors for Fusion App’s allowing you to gain insight into the security of your Oracle SaaS applications.