Platform

Company

Resources

Contact

Schedule a Demo

Back to partners

Native for OCI

Turn OCI's built-in security controls into active, operational defenses across every compartment in your tenancy.

Express intent in plain language. Native compiles it into IAM policies, Security Zones, Network Security Groups, and the rest of OCI's native enforcement primitives, then keeps them aligned as your tenancy evolves.

Active defense, built on OCI's own architecture

OCI ships a rigorous set of native security primitives. Compartments. IAM policies with conditions. Security Zones. Network Security Groups. Vault. Data Safe. Cloud Guard. The building blocks for active defense are already in your tenancy.

Native is the Cloud Security Control Plane that operates them. It models your OCI tenancy into zones, maps every principal and access path, and runs continuous gap analysis against what OCI is actually enforcing today. Where enforcement is missing, partial, or drifted, Native generates the right IAM policy, Security Zone recipe, or network control, simulates the impact against your Audit log history, and deploys through Terraform via the OCI provider, Resource Manager, or the Native console.

You get a perimeter, segmentation, and baseline protections that hold across every compartment, enforced by OCI itself.

DESCRIBE YOUR SECURITY INTENTIONS

CUSTOMER

INPUT

CUSTOMER

INPUT

SECURITY INTENT

NATIVE CORE PROCESSING ENGINE

Live ENVIRONMENT IMPACT

CI/CD PIPELINE

IMPACT

CI/CD PIPELINE

IMPACT

CI/CD PIPELINE

IMPACT

IMPACT SIMULATION

Oracle Cloud

SCPs & RCPs

SECURITY ZONES

Permissions Boundaries

IAM Deny Policies

Network ACLs

Quota Policies

BEDROCK POLICIEs

Network Security Groups

Building blocks for secure architecture

NATIVE ENFORCEMENT

Secure Architecture Modeling

Zone MAPPING

Actors placed in zones:

Production, Vendor, CI/CD, Internet, Data, AI Services

Gap analysis

GAP

Recommended building blocks vs. installed controls.

Gaps = work to be done

Plans

Auto-generated journeys from zone gaps. Each closes a specific arch. gap

Slack

Teams

Amazon SNS

Google Chat

+ MORE

POLICY CHANGE REQUESTS

BLOCKED ACTIONS INFORMATION

CLOUD PROVIDER updates

CHANGES TO BUSINESS REQUIREMENTS

Exception Mangement

Drift Detection

OPERATIONAL LAYER

ORGANIZATIONAL INTELLIGENCE

dATA INGESTION

ACTOR DISCOVERY

ENVIRONMENT ToPOLOGY

Effective policy analysis

Cloud USAGE PROFILES

What Native unlocks on OCI

Enforce a real data perimeter.

Native composes IAM policy conditions, Network Sources, Service Gateways, and private endpoints into a perimeter that holds across every compartment. No path from the public internet to regulated data, enforced by OCI, not detected after the fact.

Contain blast radius across compartments.

Hard segmentation between production, non-production, sandbox, and security tooling. Enforced at the tenancy and compartment hierarchy so a compromise can't move laterally.

Govern OCI Generative AI and AI agents.

Define what models your agents can call, what data they can reach, and what they can act on. Boundaries enforced through IAM policies and resource controls, regardless of inherited permissions.

Operationalize CIS OCI and PCI controls.

Map CIS OCI Foundations Benchmark, NIST 800-53, ISO 27001, and PCI DSS controls to enforceable IAM policies and Security Zone recipes. Audit-ready without remediation cycles.

Simulate before you ship.

Replay 90 days of OCI Audit logs against a proposed policy. See exactly which principals and actions would have been blocked before anything reaches production. (Patented.)

Deeply integrated with OCI

Native integrates directly with the OCI services you already run:

Identity and governance.

OCI IAM, IAM Domains, IAM policies and conditions, Compartments, Security Zones, Network Sources.

Networking and data perimeter.

Network Security Groups, Security Lists, Service Gateway, Private Endpoints, VCN flow logs.

Data and keys.

OCI Vault, Key Management, Data Safe, Object Storage policies, Database security.

Observability and audit.

OCI Audit, Cloud Guard, Logging, Logging Analytics.

AI and emerging services.

OCI Generative AI Service, AI Agents, agent identity and tool boundaries.

How it works on OCI

Discover.

Native auto-discovers your tenancy, every compartment in the hierarchy, and every resource. Maps zones, principals, and access paths.

Define.

Express intent in natural language at any scope: "Production compartments can't expose Object Storage to the public internet." "Only the data-platform group can read PII Autonomous Database instances."

Simulate.

Native replays Audit log history against the proposed IAM policies, Security Zone recipes, and network controls. You see every action that would have been blocked, before anything ships.

Deploy.

Push controls through Terraform (OCI provider), Resource Manager, OCI CLI, or directly from the Native console. Rollback is built in.

Operationalize.

When OCI ships new services or features, Native tracks them and surfaces drift. Engineering teams get clear notifications when their actions are blocked, with the justification path documented.

FAQs

No. Native operates through OCI-native APIs and the provider's own enforcement primitives. There's nothing to install in your workloads.

IAM policies and conditions, Security Zones, Network Security Groups, Network Sources, Vault policies, Object Storage policies, and more. The full list is in our docs.

Yes. Native replays your OCI Audit logs against any proposed control and shows you exactly which principals and actions would have been affected.

Yes. Cloud Guard and Data Safe detect. Native enforces. Native closes the gaps those tools surface so you stop seeing the same findings recur.

Yes, including private offers with Universal Credits burndown.

Schedule a Demo