Solution overview
Oracle Cloud Infrastructure (OCI) is an Infrastructure as a Service (IaaS) providing a set of complementary cloud services that enable you to build and run a wide range of applications and services in a highly available hosted environment. OCI offers high-performance compute capabilities (as physical hardware instances) and storage capacity in a flexible overlay virtual network that is securely accessible from your on-premises network.
At the basis of OCI is the Virtual Cloud Network (VCN), a virtual version of a traditional network—including subnets, route tables, and gateways—on which your instances run. You can configure the VCN with an optional internet gateway to handle public traffic, and an optional IPSec VPN connection or FastConnect to securely extend your on-premises network.
As the VCN becomes larger—more subnets, instances, and security rules—it becomes harder to visualize the full inventory of the deployment and the access it provides. As the VCN
connects other VCNs, virtual networks and legacy physical networks it gets even more difficult to understand if you have access misconfigurations that could expose cloud resources to the internet; where any attackers could reach; and what access a given host has.
Unify physical, virtual, and cloud security
With RedSeal’s cloud security solution your OCI VCN, other clouds, private cloud and physical networks become a unified security architecture—capable of being modeled, tested, and measured for cybersecurity risks. Once integrated with your Oracle VCN, RedSeal gives you the means to visualize your cloud inventory—how many VCNs, subnets, internet gateways, dynamic routing gateways, and instances exist within your tenancy —and assess the security controls of your cloud-based assets as well as your connected corporate datacenter. You’ll be able to analyze both east-west and north-south traffic as well as micro-segmentation. RedSeal can also drill-into the VCN ruleset providing the user with the specific rules that apply to an individual host. This feature makes it easy for security teams to understand whether any assets are exposed to the internet and to ensure that only authorized access is allowed. Moreover, with RedSeal, security and network teams can verify that cloud deployments (including 3rd party devices deployed in a service chain) comply with industry best practices and make sure their vulnerabilities are properly prioritized based on access.
Discover, Investigate, and Act Upon Your Cloud and Hybrid Architectures
The integration of OCI’s VCN with RedSeal’s cloud security solution provides your team the much-needed visibility and context for prioritizing vulnerabilities, accelerating incident investigation, managing compliance, and improving the overall resilience of your infrastructure.
RedSeal models the following OCI components to visualize and simplify management of your network security framework and traffic flow:
- Virtual Cloud Network (VCN)
- Internet gateway
- Dynamic routing gateway, including VPN connectivity
- Subnets
- Instances (workloads or hosts)
- Security lists
- Network security groups
RedSeal can even unify your security architecture across a hybrid multi-cloud environment. RedSeal models your OCI tenancy’s fabric along with those from other cloud providers (AWS, Azure, GCP) and your private cloud and physical assets. This provides a single comprehensive model to view and query your entire network.
RedSeal-OCI uses
- Understand your Oracle cloud attack surface and the location of
security controls - Determine unintended access that exposes critical Oracle cloud
resources - Meet external and internal compliance mandates
- Comply with security best practices
- Focus on vulnerabilities with the most impact
