Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Microsoft Cloud App SecurityEnterprise-grade security
for your cloud apps
January 2017
František Fait
Technology Solution Professional
Enterprise Mobility Suite
Identity and access
management
Azure Active
Directory
Mobile device and
app management
Intune
Information
protection
Azure Rights
Management
User and entity
behavioral analytics
Advanced Threat
Analytics
Cloud and SaaS
app security
Cloud App
Security
Bring enterprise-grade
visibility, control, and
protection to your
cloud applications.
Intune
Azure Rights
Management and
Secure Islands
Protect your users, devices, and apps
Detect problems early with visibility
and threat analytics
Protect your data, everywhere
Extend enterprise-grade security
to your cloud and SaaS apps
Manage identity with hybrid
integration to protect application
access from identity attacks
Advanced Threat Analytics
Microsoft Cloud App Security
Azure Active Directory
Identity Protection
• User chooses apps (unsanctioned, shadow IT)
• User can access resources from anywhere
• Data is shared by user and cloud apps
• IT has limited visibility and protection
• Only sanctioned apps are installed
• Resources accessed via managed devices/networks
• IT had layers of defense protecting internal apps
• IT has a known security perimeter
Life with cloudLife before cloud
On-premises
Storage, corp data Users
of enterprises indicated security as a top challenge holding back SaaS adoption*
73%
SaaS adoption challenge
• Cloud Security Alliance (CSA) survey, Cloud Adoption, Practices and Priorities Survey Report 2015** http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report
>80% of employees admit to using non-approved SaaS apps in their jobs**
80%
How do I know what apps
are used in my environment?
Shadow IT
How do I ensure appropriate
access to my cloud apps?
Access control
Visibility/reporting
How do I gain visibility into
cloud apps and usage?
How do I prevent
data leakage?
Data protectionThreat prevention
How do I know if my users
have been breached?
How do I address
regulatory mandates?
Compliance
Based on Adallom acquisition
Cloud-delivered service bringing
visibility and control to cloud apps
Comprehensive and proven protection
Committed to supporting third-party
cloud applications
No agents required on
user devices for discovery
Comprehensive controls
for your sanctioned apps
Enterprise-grade: simple
to deploy and manage
Builds on broader Microsoft
security platform
Deeply integrated with
Office 365
Threat detection draws from
Microsoft’s security intelligence
DiscoveryGain complete visibility and
context for cloud usage and
shadow IT—no agents required
Data controlShape your cloud environment with
granular controls and policy setting
for access, data sharing, and DLP
Threat protectionIdentify high-risk usage and security
incidents, detect abnormal user
behavior, and prevent threats
Integrate with existing security, mobility, and encryption solutions
Discovery
• Discover 13,000+ cloud apps in use—no agents required
• Identify all users, IP addresses, top apps, top users
Shadow IT discovery Risk scoring
• Get an automated risk score driven by 60+ parameters
• See each app’s risk assessment based on its security mechanisms and compliance regulations
• Ongoing risk detection, powerful reporting, and analytics on users, usage patterns, upload/download traffic, and transactions
• Ongoing anomaly detection for discovered apps
Ongoing analytics
DLP and data sharingPolicy definition
• Set granular-control security policies for your approved apps
• Use out-of-the-box policies or customize your own
• Prevent data loss both inline and at rest
• Govern data in the cloud, such as files stored in cloud drives, attachments, or within cloud apps
• Use pre-defined templates or extend existing DLP policies
Policy enforcement
• Identify policy violations, investigate on a user, file, activity level
• Enforce actions such as quarantine and permissions removal
• Block sensitive transactions, limit sessions for unmanaged devices
Data control
• Identify anomalies in your cloud environment which may be indicative of a breach
• Leverage behavioral analytics (each user’s interaction with SaaS apps) to assess risk in each transaction
Behavioral analytics Attack detection
• Identify and stop known attack pattern activities originating from risky sources with threat prevention enhanced with vast Microsoft threat intelligence
• Coming soon: send any file through real-time behavioral malware analysis
Threat prevention
Discovery
• Use traffic logs to discover and analyze which cloud apps are in use
• Manually or automatically upload log files for analysis from your firewalls and proxies
Sanctioning and un-sanctioning
• Sanction or block apps in your organization using the cloud app catalog
App connectors
• Leverage APIs provided by various cloud app providers
• Connect an app and extend protection by authorizing access to the app. Cloud App Security queries the app for activity logs and scans data, accounts, and cloud content
App connectors
Cloud discoveryProtected
Cloud apps
Cloud traffic
Cloud traffic logs
Firewalls
Proxies
Your organization from any location
API
Cloud App Security
Salesforce ServiceNow
Dropbox
AWS Box
Okta
Google Apps
Office 365
Cloud App Security portal demoMechanics video
Cloud App Security
Cross-SaaS solution (April 2016)
• Shadow IT discovery
• Advanced visibility, data
control, and protection
• Threat detection and
prevention
Office 365 Advanced
Security Management
Enhanced visibility and control for
Office 365 (Q3 2016)
• Discovery for apps with similar
functionality to Office 365
• App permissions and control
• Advanced security alerts
Next stepsVisit our product page at www.cloudappsecurity.com (live in April 2016) for more
information and to request a demo