5 Best Practices for Using Prisma Cloud with Oracle Cloud Infrastructure

Aug 14, 2024
4 minutes
... views

Prisma Cloud by Palo Alto Networks supports Oracle Cloud Infrastructure
with industry-leading cloud-native security for global customers.

As the leading cybersecurity provider, Palo Alto Networks partners with Oracle Cloud Infrastructure (OCI) and its next-generation cloud to offer industry-leading cloud-native security for OCI.

Using Prisma Cloud with OCI can give you full cloud visibility and compliance support on all OCI resource inventories and governance.

Prisma Cloud has added new policies for OCI, updated CIS, and expanded Oracle cloud regions support in recent months. Let’s look at some best practice involving these new policies and support for OCI.

#1: Stay Secure on OCI with the Latest CIS Version 2.0 Controls

The CIS Benchmark for OCI, created through a community consensus on best practices, offers secure configuration guidelines for Oracle Cloud Infrastructure. Prisma Cloud supports users by providing checks that validate the OCI CIS recommendations.

Prisma Cloud supports the latest CIS OCI version 2.0, incorporating new controls and maps its policies to these controls to enhance overall security coverage for our customers.

You can view OCI-associated policies in the Prisma Cloud console under Compliance > Standards. You can also generate reports for immediate viewing or download and should schedule recurring reports to track compliance with the CIS OCI version 2.0 standard over time.

#2: Select the Best Oracle Cloud Regions to Deploy Your Apps in OCI

Deploying your application in a region where it’s most frequently used ensures faster operation due to proximity to resources. Conversely, deploying in distant regions helps mitigate regional risks such as severe weather or earthquakes and can help your organization meet legal, tax and business or social requirements.

Prisma Cloud supports multiple Oracle cloud regions worldwide, allowing customers to securely access local cloud resources and data. Supported global regions include San Jose, Chicago, Madrid, Paris, Milan, Sao Paulo, Tokyo, Seoul and others.

To review the list of supported regions in the Prisma Cloud console, go to Inventory > Assets, and select the Cloud Region filter.

Prisma Cloud users easily onboard many Oracle cloud regions
Figure 1. Users can easily onboard many Oracle cloud regions around the world with Prisma Cloud.

#3: Turn On Virtual Cloud Network Subnet Flow Logging in OCI

Prisma Cloud policy detects and alerts customers when virtual cloud network (VCN) subnets have flow logs disabled. Without VCN flow logs enabled, you can’t gain visibility into network traffic on OCI, which means you can’t capture information about the IP traffic to and from network interfaces.

Best practices recommend that you enable VCN flow logs on each of your subnets to monitor traffic within your virtual network and identify anomalous activity.

#4: Protect Sensitive Data on OCI by Deploying OAC Instances within a VCN

Prisma Cloud detects Oracle Analytics Cloud (OAC) instances not restricted to specific sources or not deployed within a VCN. Restricting OAC access to corporate IP addresses or VCNs helps customers reduce the risk of unauthorized access on OCI, enhancing the protection of sensitive data and maintaining data integrity.

As a best practice, Prisma Cloud assists in deploying new OAC instances within a VCN, ensuring that existing instances have access control rules configured to allow only approved sources.

#5: Enable OCI Cloud Guard to Help Protect Your OCI Tenancy

Prisma Cloud detects when OCI Cloud Guard isn’t enabled in the root compartment of a tenancy. OCI Cloud Guard is an essential service that identifies misconfigured resources and insecure activities within an OCI tenancy. Customers should enable Cloud Guard to gain visibility and promptly address misconfigurations that could pose security threats.

Secure Your OCI Workloads and Resources with Prisma Cloud

Prisma Cloud Console shows security alerts for OCI
Figure 2. Prisma Cloud Console shows you security alerts for OCI in a single pane of glass.

Palo Alto Networks is a trusted Oracle Partner Network (OPN) Partner and an Oracle Cloud Marketplace seller. The Prisma Cloud platform offers Code to CloudTM security and seamless compliance for Oracle Cloud Infrastructure (OCI), as well as for other major cloud service providers.

To learn more, browse our OCI datasheet or start a free 30-day trial today.

 


Subscribe to Cloud Native Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.