Managing Identity Applications, Securing Databases with Oracle Management Cloud

Size: px

Start display at page:

Download "Managing Identity Applications, Securing Databases with Oracle Management Cloud"

Darlene McLaughlin
5 years ago
Views:

1 Managing Identity Applications, Securing Databases with Oracle Management Cloud Dan Koloski, Vice President, Oracle Management Cloud Vijay Tatkar, Director, Oracle Management Cloud Sridhar Karnam, Senior Principal Product Manager, Oracle Management Cloud

3 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, timing, and pricing of any features or functionality described for Oracle s products may change and remains at the sole discretion of Oracle Corporation.

4 Program Agenda OMC Benefits and Architecture Identity Dashboards Top Use Cases: Troubleshooting, Alerts, Securing Databases with OMC

Configuration Compliance Tickets & Alerts

Monitoring Log Analytics Configuration &

Orchestration IT Analytics Comprehensive,

5 Oracle Management Cloud END USER EXPERIENCE / ACTIVITY APPLICATION MIDDLE TIER DATA TIER VIRTUALIZATION TIER INFRASTRUCTURE TIER Global threat feeds Cloud access Identity Real users Synthetic users App metrics Transactions Server metrics Diagnostics logs Host metrics VM metrics Container metrics Configuration Compliance Tickets & Alerts Security & Network events Infrastructure Monitoring Log Analytics Configuration & Compliance Application Performance Monitoring Security Monitoring & Analytics Unified SaaS Platform Orchestration IT Analytics Comprehensive, Intelligent Management Platform Zero-effort Operational Insights Automated Preventative & Corrective Actions

OMC Key Capabilities Unified Monitoring Diagnostics Analytics

Log-based metrics Real, Mobile & Synthetic Users Application

analysis (clustering) ML-based performance insights SQL & Exadata

real-time performance diagnostics Data movement Fleet monitoring

Incident Response Configuration & Compliance Identity context

6 OMC Key Capabilities Unified Monitoring Diagnostics Analytics Database Management* Security Infrastructure Application Database Log-based metrics Real, Mobile & Synthetic Users Application performance Logs DB diagnostics and tuning ML-based rootcause analysis (clustering) ML-based performance insights SQL & Exadata Analytics Utilization and capacity planning Data Explorer Deep real-time performance diagnostics Data movement Fleet monitoring and management Audit log analysis Security Monitoring User Behavior Incident Response Configuration & Compliance Identity context Dashboards, Remediation and Automation Copyright 2017, Oracle and/or its affiliates. All rights reserved.

Machine Learning to Monitor Identity Applications Massive Data Volume Terabytes of

metric and log data can be understood by purpose-built ML Need Insights, Not Data We

Is what I m seeing normal or abnormal? What do I need to pay attention to right now?

7 Machine Learning to Monitor Identity Applications Massive Data Volume Terabytes of telemetry generated every day overwhelm humans Data Is Highly-Patterned Unified metric and log data can be understood by purpose-built ML Need Insights, Not Data We know the kinds of questions we want to ask What caused the problem? Is what I m seeing normal or abnormal? What do I need to pay attention to right now? What problem is coming up in the near future? Copyright 2017, Oracle and/or its affiliates. All rights reserved.

Challenges in Managing Identity & Access Applications Maintaining High Performance Identity Systems Full visibility of complete IAM system with context Ability for proactive monitoring Lack of

8 Challenges in Managing Identity & Access Applications Maintaining High Performance Identity Systems Full visibility of complete IAM system with context Ability for proactive monitoring Lack of specificity of information for performance troubleshooting Lack of data and insight about access request transaction latency and throughput Copyright 2018 Oracle and/or its affiliates. All rights reserved.

9 Key Features and Benefits Features: Automated purpose-built discovery, collection, analytics and remediation of IAM system components, underlying infrastructure and diagnostic logs Pre-built Intuitive Dashboards optimized for IAM Applications Unified Operational data includes application metrics, application and server logs and configuration information Business Benefits Maximize Performance of Identity and Access Management Applications Minimize operational effort to identity, diagnose and remediate performance issues Accurate plan for future capacity needs to prevent outages Real-time diagnostics, capacity planning, operational forecasting and business analytics Copyright 2018 Oracle and/or its affiliates. All rights reserved.

10 Identity Components and OOTB Log sources Components Covered Oracle Access Manager Oracle Identity Manager Oracle Identity Governance Oracle Directory Server Enterprise Edition Oracle Unified Directory Identity & Access Manager DMSEventTraceLoggerDestinati on-event Access Bipublisher Entrest Clickhistory Diagnostic Jmsserver:jms.messages Metrics:metricdump* Owsm:diagnostic Directory Services Transaction Access Error Audit Copyright 2015, Oracle and/or its affiliates. All rights reserved.

11 Increased Visibility in IAM A Quick look at Dashboards Single-Pane view of the entire environment

12 Unified Dashboard Set Time duration selection Average Authentication and Authorization Latency Authentication and Authorization Failures Overview Breakdown of Log Volume by Log Sources Quick Identification of Potential Issues Signatures from millions of log events Average App Server and Database Response Time

13 OAM Dashboard Heartbeat Status reported from Access Logs Authentication Latency Vs Target (3 sec) Authorization Latency Vs Target (0.5 sec) Authentication Failures By Policy with drill down to specific events Authorization Failures By User with drill down to specific events

14 OAM Dashboard Breakdown of Authorization policy by Initiator for easier drill down Authorization Requests trend by OAM Servers Authorization latency trend LDAP Operations trend by OAM Servers LDAP Operation latency and success rate trend

15 OIM Dashboard Breakdown by time and exception for provisioning errors

Widgets based on Custom Log sources: SQL Queries Summary of Admin Role Assignment to various users in OIM with the spread based on the number of users.

16 Widgets based on Custom Log sources: SQL Queries Summary of Admin Role Assignment to various users in OIM with the spread based on the number of users. Summary of Applications provisioned to users spread across provisioning status. Summary of Roles/Entitlements assigned to users with details of the access policy being used for users.

17 ODSEE Analytics Dashboard Identify Failing Authentications (status 49) Time duration selection Entry Count Top Client IPs for ODSEE Users that most frequently authenticate Quickly identify inefficient searches Highlighting etime outliers

18 Securing Databases with OMC Before an issue occurs

Why Database Security Monitoring is Tough with

Skilled resource gap/ shortage Is it DBA/

On-prem tools are complex and clunky Increased

security spending with their most profitable

19 Why Database Security Monitoring is Tough with SIEM? SIEM has blind spots around Databases Skilled resource gap/ shortage Is it DBA/ Security Analyst s Problem? On-prem tools are complex and clunky Increased security cost 34% of organizations do not align security spending with their most profitable lines of business. Source: PWC global state of information security survey report

20 Overview of OMC Security Monitoring & Analytics Cloud-native Built on integrated OMC platform Continuous monitoring, analyticsdriven, and self-learning Automated response Has identity context ML models, rules, and correlation for high fidelity threat detection

21 OOTB Log Sources for Oracle DBs & Exadata Trace Logs ASM Logs Clusterware Logs Files Syslog Alert Logs Listener Logs Audit Tables Exadata ExaWatcher Message Logs OS Tables OSWatcher Secure Logs Custom Cell Alert Logs 21

22 Sample Use Cases Database Domain Specific A third party database application has trojan code which is activated by c&c Rouge system administrator creates a dblink from test to production database as a prelude to data exfiltration DBA places tablespace in transportable mode in order to copy to offline location DBA access database at strange time from strange location Datapump access from strange location at strange time Higher than successful logins against privileged accounts in a given timeframe TNS listener sees traffic from unusual location Login in to database host / listener host from unusual place at unusual time

anomalous activities Monitor other databases such as DB2, SQL Server audit logs Correlate AVDF

23 SMA Analyzing AVDF Audit Log Correlate user behavior of data access with other hosts, applications, and investigate to detect anomaly Run ML models on AVDF and related logs to detect anomalous activities Monitor other databases such as DB2, SQL Server audit logs Correlate AVDF logs with AV, DLP, proxy, compliance scans, & vulnerability scans Provide a macro view of security with AVDF logs

25 Basic Security for Database Assessment Same content as DBSAT assessment Use Configuration and Compliance Service from OMC to download and run the assessment on your Database Uncover vulnerabilities, unpatched systems, performance blockers, misconfigurations, unencrypted instances, and access report on your Oracle Database

26 Summary Increase applications uptime Improved Performance Troubleshooting Proactive Monitoring Enhance security of your databases Reduce operational and maintenance costs

28 Other Events of interest Customer Panel. PKN6465: Modern Management and Security in Action Wednesday, Oct 24, 03:30 PM - 04:15 PM Yerba Buena Center for the Arts (YBCA) Theater PRO4284: Automatically Find and Fix Insecure Database settings with OMC Thursday, Oct 25, 10:00am -10:45 Marriott Marquis Golden Gate A Visit us at The Exchange (Demogrounds) in Moscone South We are in Systems Management, Database and Security areas

29 For More Information Cloud.oracle.com/management Cloud.oracle.com/security #MgmtCloud