Let’s not worry about North Korea, China, or Russian NationState hackers until you got your basic security configurations right. Verizon’s DBIR 2017 report says that 76% of the attacks were caused by misconfiguration alone. Gartner recommended in 2011 that a security configuration is a must-have tool. SANS Institute recommends that its #3, #4, and #11 critical security controls, in their version 6.0 (2017), are the configuration of end-devices, vulnerability assessments, and configurations of network respectively.
Although, in theory, we all agree that for the last 15 years, security configuration is critical, why is it still a major cause of the data breach? According to a recent InformationWeek survey of 900 professionals, enforcing security configurations were the 2nd most difficult task to achieve, beating even vulnerability patch management.
In the new IT world of cloud and DevOps, relying on a gold build that we maintain to build critical systems, is not working. Users are using shadow IT or just need to be more productive with new innovations. It is better to align your security configurations and policy management with your fast pace of DevOps, IT, and overall business.
Oracle is announcing a major update to its Management Cloud portfolio, which unifies IT Ops, DevOps with Security Operations. Oracle Configuration and Compliance solution is one of the critical components of this unified platform. The update adds a strong configuration layer to our existing strong platforms that delivers IT ops, SecOps, DevOps, APM use cases. We have built these cloud-based solutions based on our learning and expertise from 40,000 customers that use our management platforms.
Top use cases of Oracle’s cloud-based security configuration solution:
- Configure and monitor user access and authentication
- Remove unused accounts
- Close unused ports
- Enforce configurations and other policies
- Remove unwanted services
- Detect and patch vulnerabilities
This is a cloud-based service leveraging a new way of consuming cloud service through Universal Credit. Oracle with its new product, new business model, is the most comprehensive security configuration management for both your new and old IT. It is also the most affordable solution in the market that covers your old, current, and future IT, including cloud, on-prem, hybrid, and everything in-between.
Oracle’s approach to security configuration management is unique:
- Integrated platform for DevOps, APM, IT ops, and SecOps
- Machine learning based review system
- Automated remediation and adaptive response
- Cloud-based solution for both old and new IT
- Rapid deployment and no learning cycles
- Dynamic assessment of all your assets, users, and data
Lear more here: https://www.oracle.com/cloud/configuration-compliance.html
Sridhar Karnam 