Keep Your Data Secure
Throughout the
Cloud Lifecycle

Oracle Cloud Infrastructure Security—
Oracle Cloud Guard and Oracle Security Zones

A holistic picture of security
and risk posture management
with Oracle Cloud Guard

Oracle Cloud Guard is a unified security solution that provides a global and centralized approach to customer asset protection, and acts as the command center for Oracle cloud security posture management.

Oracle Cloud Guard acts as an aggregator that collects a wide range of data—including log, event, and threat intelligence data—from different sources, both native and nonnative, across Oracle Cloud Infrastructure. The source data is polled frequently and fed into a detection and correlation engine for additional insights, such as details about a specific user or network address.

If Oracle Cloud Guard detects any misconfigured resources or insecure activity drifts with a detector, it generates what are called security problems to be flagged for response. Detector recipes can be configured with additional conditional logic, and they’re designed to be deployed out of the box, or customized to meet individual detection scenarios. Security problems are put into a queue that can be filtered by risk level, compartment, problem type, and more.

Administrators can refer to recommendations to remediate specific problem types, and they can automate remediation using the responder’s recipes. With this capability, Oracle Cloud Guard provides a high-level overview of your security posture in Oracle Cloud Infrastructure. It offers the toolkit needed to automate the remediation of trivial security problems, but the granularity to dig deeper into more complex issues helping you scale your security operations team.

Oracle Cloud Guard base concepts

  • Public instance
  • Tor client log-in
  • Public bucket


A detector is a Cloud Guard component that identifies problems based on configuration or activity.

Correlation engine


A problem is any action or setting on a resource that could potentially cause a security problem.

  • Stop instance
  • Suspend user
  • Disable bucket


A responder takes an automated action to resolve a security problem.