Embed Size (px)
Citation preview
FORCEPOINT CASB—APP FUNCTIONALITY MATRIX
© 2017 Forcepoint. Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint. Raytheon is a registered trademark of Raytheon Company. All other trademarks used in this document are the property of their respective owners. [DS_FP_CASB_APP_FUNCT_MATRIX_ENUS]-100058.100317
CLOUD GOVERNANCE CLOUD AUDIT & PROTECTION
CLOUD APP User EntitlementsReview
*Data Governance (Data at Rest)
**User Login Monitoring
***Post-LoginActivity Monitoring
Threat Prevention Data Access Control
Amazon Web Services (AWS)
YES NO YES YES YES YES YES YES YES
Box
Confluence
YES YES YES YES YES YES YES YES YES
YES NO YES YES YES YES YES YES YES
Dropbox YES YES YES YES YES YES (Browser end-
points only)YES
YES (Browser endpoints only)
YES (Browser endpoints only)
Google Apps
- Mail, Calendar, Drive, Docs, Sites, Admin Console
YES YES YES YES YES YES YES YES YES
Jive YES NO YES YES YES YES (Browser
endpoints only)YES
YES (Browser endpoints only)
YES
Microsoft Azure Management Portal
YES NO YES YES YES YES (Browser
endpoints only)YES
YES (Browser endpoints only)
YES
NetSuite
Office 365
YES NO YES YES YES YES (Browser
endpoints only)YES
YES (Browser endpoints only)
YES
- Exchange, Share -Point, OneDrive, Lync, Dynamics, Online Office apps,Desktop Officeapps, Admin Portal
YES YES YES YES YES YES YES YES YES
Salesforce YES NO YES YES YES YES YES YES YES
Workday YES NO YES YES YES YES (Browser
endpoints only)YES
YES (Browser endpoints only)
YES
Zendesk YES NO YES YES YES YES (Browser
endpoints only)YES
YES (Browser endpoints only)
YES
Asana AvailableUpon
RequestNO
Available Upon Request
YES YES YES YES YES YES
ConcurAvailable Upon
RequestNO
Available Upon Request
YES YES YES (Browser
endpoints only)YES
YES (Browser endpoints only)
YES
ExpensifyAvailable Upon
RequestNO
Available Upon Request
YES YES YES (Browser
endpoints only)YES
YES (Browser endpoints only)
YES
FacebookAvailable Upon
RequestNO
Available Upon Request
YES YES YES (Browser
endpoints only)YES
YES (Browser endpoints only)
YES
LinkedInAvailable Upon
RequestNO
Available Upon Request
YES YES YES (Browser
endpoints only)YES
YES (Browser endpoints only)
YES
RemedyforceAvailable Upon
RequestNO
Available Upon Request
YES YES YES YES YES YES
ServiceNowAvailable Upon
RequestNO
Available Upon Request
YES YES YES (Browser
endpoints only)YES
YES (Browser endpoints only)
YES
Success-
FactorsAvailable Upon
RequestNO
Available Upon Request
YES YES YES (Browser
endpoints only)YES
YES (Browser endpoints only)
YES
TwitterAvailable Upon
RequestNO
Available Upon Request
YES YES YES (Browser
endpoints only)YES
YES (Browser endpoints only)
YES
Ultimate (Ultipro)Available Upon
RequestNO
Available Upon Request
YES YES YES (Browser
endpoints only)YES
YES (Browser endpoints only)
YES
ANY CLOUD APPAvailable Upon
RequestNO
Available Upon Request
YES YES YES (Browser
endpoints only)YES
YES (Browser endpoints only)
YES
Identify dormant(i.e., inactive)accounts, orphanedaccounts (e.g.,ex-employees),and external users(e.g., contractors) toreduce operationalcosts & minimizeassociated threats.
Identify and inventorycorporate filesand data stored incloud file-sharingand sync services.Identify which filesand documents aresensitive or containregulated dataand highlight dataowners, sharingpermissions, andwho viewed each file.
Benchmark yourcloud applicationsecurity configurationsagainst a set of industry bestpractices to identifysecurity and compliance gaps.
For cloud access,eliminate need forVPN and enableunique policiesfor managed andunmanaged mobilephones, tablets andlaptops. Enablepolicies to beapplied whetheroriginating frombrowser or richmobile apps.
Real-time activitymonitoring by user,group, location,device, time, anddepartment.
Real-time activitymonitoring byapplication action,data object, andrecord.
Prevent accounttakeovers by automatically detectinganomalous activitiesand either blocking,alerting, or enforcingmulti-factorauthentication toensure accountsecurity. Visibility and control over access from risky IP addresses, such as Tor networks, anonymous proxies, and malicious IPs.
Apply granular policiesrestricting accessto specific dataobjects and actions(e.g., uploading sensitivedocuments,changing userpermissions, configuringsensitivesecurity settings)based on role orother parameter.
Provide real-timevisibility and controlover uploads,downloads, andsharing of sensitivedata based onvarious criteria (e.g.,keywords, phrases,regular expressions,dictionaries, etc.)for 100+ file types.Includes ICAPintegration with3rd-party DLPsolutions.
App Security &Configuration Review
Endpoint AccessControl (Mobile &other endpoints)
Data Leak Prevention(Data in Motion)
FORCEPOINT CASB—APP FUNCTIONALITY MATRIX
© 2017 Forcepoint. Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint. Raytheon is a registered trademark of Raytheon Company. All other trademarks used in this document are the property of their respective owners. [DS_FP_CASB_APP_FUNCT_MATRIX_ENUS]-100058.100317
* Fields available for Data Governance
File Owner
Modification
Data Types
Sharing Status
Time
File Name
ICAP Connectors (3rd-party analysis)
File type
File Sensitivity Status
File Path
File Size
Occurrences The total number of matched data types
The last time this file was inspectedLast Inspected
Shared With
Policies Policies that were triggered
The creation time of the sensitive file
The access time of the sensitive file
Creation Time
Access Time
Data Types Details
The data type rules detected in this document
Data Policies The data type policies detected in this document
*** Fields available for Post-Login Activity Monitoring
Action The action that was performed (e.g., download, view, modify, delete)
Data Object The Application Data Object (e.g., SFDC:Opportunity, AWS:EC2 instance)
Record The name of the instance that is associated with the action (e.g., name of file, ID of AWS EC2instance)
Data Types The data types detected in the activity
Category The categories of the detected data types
Data Types Occurrences
The total number of matched data types
Data Types Details
The data type rules
Data Policies The data types policies
Is Sensitive Data
Was sensitive data detected in this alert
Data flow direction (upload or download)
The size of the file that was uploaded or
Direction
File Sizedownloaded
** Fields available for Login Activity Monitoring
Time The time of the event
Account The login name
Agent User Name
User’s operating system login (we know it if desktop agent is used)
Full Name The full name of the user (from AD)
Title The title of the user (from AD)
Department The department of the user (from AD)
Asset The cloud application name
Client Location The geographic location of the user
Client Type Type of endpoint (laptop, desktop, mobile phone, tablet...)
Device OS Type of OS (iOS, Android…)
Device ID Unique ID for each device
Device Status Managed or Unmanaged
Source IP IP address from where access is attempted
Device Locale The locale of the client browser
User Agent The user agent of the browser
Admin The admin of the cloud app
Host The name of the end user host
Session ID Unique session ID number
URL Cloud app URL
Service Location
Location from where cloud app service provider operates
Server IP Cloud application IP
Status Whether a policy is enabled or disabled
Anomaly Examples include Suspicious data access, Unusual endpoint access, Unusual location access, Suspicious data export, Access from external network
Severity Severity levels include Low, Medium, & High
Rule Security Rule triggered by the activity
Mitigation Mitigation options include Alert, Block, & Verify Identity
External Whether user is accessing cloud app from an external network
Authentication Cloud app authentication type
Service Type Cloud application component used (OneDrive, Lync, etc.)
Event ID Unique ID of the activity
Source IP Reputation
The client IP reputation categories
IP Chain The client IP chain as described by the XFF header
Tor Networks Tor network IPs in the client IP chain
Anonymous Proxies
Anonymous proxy IPs in the client IP chain
Malicious IPs Malicious IPs in the client IP chain
Feature Without Agent With Agent
Inspect all activities initiated from a browser
Yes Yes
Inspect all activities initiated from a native thick client (i.e., non-browser)
No(except mobile
email clients and Outlook clients)
Yes
Enforce BYOD access policies (e.g., distinguish between corporate-owned and personal devices)
No(except mobile
email clients and Outlook clients)
Yes
The account marked as file owner in the cloud service
Was this file matched for sensitive content by a 3rd-party DLP vendor
Was this file marked as sensitive or clean during the last scan
A list of users and groups this file is shared with
The sharing status of the file (external, internal, not shared)
The data types detected in the file
Last modification time of the file
The name of the file
The type of sensitive file
The path of the sensitive file
The size of the sensitive file
