Oracle Cloud Infrastructure OCI Gen-2 Cloud Security – Part V (Edge Security Services)

So far, I have discussed generic concepts, IAM, Networking and Key Management pertaining to OCI Gen-2 Cloud. In this part I am going to discuss the Edge Security Service that is available in Oracle Cloud Infrastructure OCI Gen-2 Cloud. OCI Edge Dyn Security services protect Applications and APIs in the multi-cloud environments.

Oracle Dyn Web Application Security services intelligently defend the websites, cloud instances, systems and applications from a complex and evolving cyber threat landscape. It utilises machine learning and adaptive automation to combat cyber-attacks to organisations from DDoS and OWASP Top 10 to Bots and API-level attacks.

Data Breaches

When you do not have proper security put in place ‘Data Breaches’ happen as a result. The 2018 Verizon Data Breaches Investigations Report shows the biggest contributors are Denial of Service and Web Applications. This is depicted in the figure 1 below:

Figure 1: %age and count of incidents per pattern (n=53,308)
%age and count of breaches per pattern (n=2,216)

Web Application Attacks are the primary cause of data breaches today. Insufficient web application security is the primary risk that must be solved by specific technology and best approaches.

Oracle Cloud Infrastructure comprises of the Core Infrastructure and the Edge Infrastructure. In the Core Infrastructure there are basic or core services such as Compute, Database, Block Storage, Object Storage, Networking and Identity and Access Management running. In the Edge Services there are Edge Networking, Domain Name Resolution, Distributed Content, Messaging, Traffic Steering and Edge Security services running. This is depicted in the figure 2 below:

Figure 2: OCI Core infrastructure and Edge Services

This feature provides the Edge Security including Application Security, DDoS protection and Domain Name Resolution. It provides the deep monitoring of real-time internet health and global application protection including DDoS attacks. Oracle Dyn Zenedge is a cloud based distributed edge, protecting all areas of attack to infrastructure from the internet. It has got three pillars of security – Name Resolution, Application and API stack protection and Network security. The figure 3 presents the comprehensive edge security services by Oracle Dyn security.

Figure 3: Integrated Cloud based Applications security and monitoring

DNS

DNS is the directory that maps the name you can remember to the IP you cannot. Organisations can outsource their DNS to offload attack altogether. Oracle Dyn service provides the milli-seconds world wide DNS response time making it a consistent industry-leading performance. There are 240 billion data elements collected daily making Oracle Dyn a most comprehensive internet performance dataset. It is battle-tested reliable and secure. There are 18 Point-of-Presence Anycast managed DNS networks with 4 Data Centres with multiple Tier 1 Transit Providers. There is DDoS mitigation and scrubbing built-in with industry leading core to edge propagation time of 2 seconds.

Application and API Security

Oracle Dyn Zenedge Web Application Firewall and DDoS services are provided that can prevent fake or malicious requests to origin. Figure 3 clearly depicts that API and Applications can be protected by Web Application Firewall. Oracle Dyn WAF solution protects against all the threats that are mentioned in the OWASP (The open web application security protection) Top 10. It protects against DDoS, Malicious BOTS, WAF threats, Malware, and API threats. This is depicted in figure 4 below:

Figure 4: OCI Dyn protection

Network Security

Oracle Edge Security services filters bad traffic before it enters organisation’s network. It provides layer 3 and layer 4 high-capacity network protection. It also provides the automatic cloud-based detection to mitigation in less than a minute which is the same SLA as on-premise solutions. It is designed for DDoS network protection of ISPs, data centers, hosting providers and large enterprise networks. OCI Edge Security Services dashboard is quite intuitive with many machine learning and analytics features built-in to help human intensive operations. Figure 5 below depicts Application Firewall, Caching, Bots and Access Control features in a dashboard:

Figure 5: OCI Edge Security Services Dashboard

Summary

This concludes the fifth and final part of the series with the OCI Edge Security Services with features such as DNS, Networking, Web Application and API Security.

We have seen in this 5 part series, at a high level, some generic and some specific security services associated with Oracle Cloud Infrastructure OCI Gen-2 Cloud. OCI Gen-2 Cloud offers end-to-end security from lower networking layer through to infrastructure and platform layers.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s