Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Copyright © 2018 Forcepoint. | 1
IS CASB YOUR NEW BEST
FRIEND FOR SAFE CLOUD
ADOPTION?
Mike Smart
Security Strategist, Forcepoint
Copyright © 2018 Forcepoint. | 2
SANCTIONED CLOUD APPLICATION ADOPTION
Copyright © 2018 Forcepoint. | 3
Copyright © 2018 Forcepoint. | 3
“By 2017 the CMO
will spend more on
IT than the CIO”
- Gartner (2012)
Up to 40% of IT Spend is
Shadow IT – and it is
expected to grow.
36 cloud services used
on average by employees
600 to 1,000SaaS applications used at a typical company
Copyright © 2018 Forcepoint. | 4
ARE YOU READY FOR THE NEXT WAVE OF SHADOW IT INNOVATION?
Source: chiefmartec.com http://cdn.chiefmartec.com/wp-content/uploads/2016/03/marketing_technology_landscape_2016_3000px.jpg
Copyright © 2018 Forcepoint. | 5
THE NEW CHALLENGE FACING ORGANIZATIONS
SECURITY &
COMPLIANCEINNOVATION
of business decision makers state it is DIFFICULT or
VERY DIFFCULT to promote innovation while maintaining
corporate security and governance
A BALANCING ACT…
56%
Copyright © 2018 Forcepoint. | 6
CSA - TREACHEROUS 12
1. Data Breaches
2. Weak Identity, Credential and Access Management
3. Insecure APIs
4. System and Application Vulnerabilities
5. Account Hijacking
6. Malicious Insiders
7. Advanced Persistent Threats (APTs)
8. Data Loss
9. Insufficient Due Diligence
10. Abuse and Nefarious Use of Cloud Services
11. Denial of Service
12. Shared Technology Issues
Copyright © 2018 Forcepoint. | 7
Pro
vid
er
Ma
na
ge
d
Pro
vid
er
Ma
na
ge
d
THE SHARED SECURITY MODEL
Enterprise ITInfrastructure
(as a Service)
Platform
(as a Service)
Software
(as a Service)
Identity & Access
Management
Client & Endpoint Protection
Data Classification &
Accountability
Identity & Access
Management
Client & Endpoint Protection
Data Classification &
Accountability
Identity & Access
Management
Client & Endpoint Protection
Data Classification &
Accountability
Identity & Access
Management
Client & Endpoint Protection
Data Classification &
Accountability
Databases
Security
Applications
Servers
Virtualization
Operating Systems
Data Centers
Networking
Storage
Databases
Security
Applications
Operating Systems
Databases
Security
Applications
Servers
Virtualization
Operating Systems
Data Centers
Networking
Storage
Databases
Security
Applications
Servers
Virtualization
Operating Systems
Data Centers
Networking
Storage
Cu
sto
me
r M
an
ag
ed
Cu
sto
me
r M
an
ag
ed
Cu
sto
me
r M
an
ag
ed
Cu
sto
me
r M
an
ag
ed
Pro
vid
er
Ma
na
ge
d
Servers
Virtualization
Data Centers
Networking
Storage
Copyright © 2018 Forcepoint. | 8
CASB – IS IT YOUR NEW BEST FRIEND?
CASB
Copyright © 2018 Forcepoint. | 9
ANALYSTS VIEW OF CLOUD ACCESS SECURITY
COMPLIANCE
THREAT
PROTECTION
DATA
SECURITY
VISIBILITY
CASB
Copyright © 2018 Forcepoint. | 10
Authorised users accessing
approved cloud applications from
unmanaged endpoint devices
Authorised users accessing
unsanctioned cloud app (Shadow IT)
from unmanaged endpoint devices
Authorised users accessing
approved cloud apps from managed
endpoint devices
Cybercriminals/malicious insiders
using stolen credentials to access
cloud applications
4 TOP USE-CASES FOR THE WHENEVER, WHEREVER WORKFORCE
1 2
3 4
Copyright © 2018 Forcepoint. | 12
MEDIUM RISK(General Deployment)
HIGER RISK(As Exception)
LOW RISK(Early Adoption)
Shadow IT
Discover Shadow IT
Monitor Users & Data
Strict Policy Enforcement
Data Encryption &
Tokenization
Semi-Real-Time Enforcement
Hard Real-Time Enforcement
ANALYST GUIDANCE FOR CASB ADOPTION
Copyright © 2018 Forcepoint. | 13
CASB
CLOUD APPLICATION SECURITY BROKER DEPLOYMENT OPTIONS
MANAGED
DEVICES
UN-MANAGED
DEVICES
UNSANCTIONED
CLOUD
SANCTIONED CLOUD
AP
I
DL
P
En
cry
pt
To
ke
niz
e
Devic
e
Mgm
t.
Lo
ggin
g
Ide
ntity
Use
r
Activity
BY
OK
Existing Proxy
No
Visibility
Copyright © 2018 Forcepoint. | 14
CASB
CASB INTEGRATION WITH EXISTING PROXY
MANAGED
DEVICES
UN-MANAGED
DEVICES
UNSANCTIONED
CLOUD
SANCTIONED CLOUD
AP
I
DL
P
En
cry
pt
To
ke
niz
e
Devic
e
Mgm
t.
Lo
ggin
g
Ide
ntity
Use
r
Activity
BY
OK
Existing Proxy
Policy
Logs
Existing Proxy
Copyright © 2018 Forcepoint. | 17
IDENTIFY CLOUD APPLICATIONS IN USE
Copyright © 2018 Forcepoint. | 18
RISK ASSESSMENT METHODOLOGY
https://appdirectory.skyfence.com
Copyright © 2018 Forcepoint. | 19
CASB
CASB INTEGRATION WITH EXISTING PROXY
MANAGED
DEVICES
UN-MANAGED
DEVICES
UNSANCTIONED
CLOUD
SANCTIONED CLOUD
AP
I
DL
P
En
cry
pt
To
ke
niz
e
Devic
e
Mgm
t.
Lo
ggin
g
Ide
ntity
Use
r
Activity
BY
OK
Existing Proxy
Policy
Logs
Existing Proxy
Copyright © 2018 Forcepoint. | 20
CASB
CASB - API
MANAGED
DEVICES
UN-MANAGED
DEVICES
UNSANCTIONED
CLOUD
SANCTIONED CLOUD
AP
I
DL
P
En
cry
pt
To
ke
niz
e
Devic
e
Mgm
t.
Lo
ggin
g
Ide
ntity
Use
r
Activity
BY
OK
Cloud APIs
Existing Proxy
Policy
Logs
API Mode
Existing Proxy
Copyright © 2018 Forcepoint. | 22
MONITOR & AUDIT USER ACTIVITY
Copyright © 2018 Forcepoint. | 23
BENCHMARK CLOUD APPS TO INDUSTRY STANDARDS
Copyright © 2018 Forcepoint. | 24
MEDIUM RISK(General Deployment)
HIGER RISK(As Exception)
LOW RISK(Early Adoption)
Shadow IT
Discover Shadow IT
Monitor Users & Data
Strict Policy Enforcement
Data Encryption &
Tokenization
Semi-Real-Time Enforcement
Hard Real-Time Enforcement
ANALYST GUIDANCE FOR CASB ADOPTION
Copyright © 2018 Forcepoint. | 25
25% Shared
Broadly
THE NEED TO GAIN VISIBILITY & CONTROL OF CRITICAL DATA
18% Uploaded files
contain sensitive data
12.5% Broadly
shared files contain
sensitive data
Business Partners
Personal Email Users
28%
6.2%
Anyone with the link
5.5%
Skyhigh & Symantec 2017
2.7%
Publicly Accessible
Copyright © 2018 Forcepoint. | 26
IDENTIFY SENSITIVE DATA IN CLOUD APPLICATIONS
Copyright © 2018 Forcepoint. | 27
IDENTIFY SENSITIVE DATA IN CLOUD APPLICATIONS
Copyright © 2018 Forcepoint. | 28
IDENTIFY MALWARE IN CLOUD APPLICATIONS
Copyright © 2018 Forcepoint. | 30
CASB
CASB – REVERSE & FORWARD PROXY
Reverse Proxy
MANAGED
DEVICESUN-MANAGED
DEVICES
UNSANCTIONED
CLOUD
SANCTIONED CLOUD
Existing
Proxy
AP
I
DL
P
En
cry
pt
To
ke
niz
e
Devic
e
Mgm
t.
Lo
ggin
g
Ide
ntity
Use
r
Activity
BY
OK
Forward
Proxy
Copyright © 2018 Forcepoint. | 31
CASB
CASB - API
MANAGED
DEVICES
UN-MANAGED
DEVICES
UNSANCTIONED
CLOUD
SANCTIONED CLOUD
AP
I
DL
P
En
cry
pt
To
ke
niz
e
Devic
e
Mgm
t.
Lo
ggin
g
Ide
ntity
Use
r
Activity
BY
OK
Cloud APIs
Existing Proxy
Policy
Logs
API Mode
Existing Proxy
Copyright © 2018 Forcepoint. | 32
CASB
CASB – REVERSE PROXY
Reverse
Proxy
MANAGED
DEVICES
UN-MANAGED
DEVICES
UNSANCTIONED
CLOUD
SANCTIONED CLOUD
AP
I
DL
P
En
cry
pt
To
ke
niz
e
Devic
e
Mgm
t.
Lo
ggin
g
Ide
ntity
Use
r
Activity
BY
OK
Cloud APIs
Existing Proxy
Policy
Logs
API Mode
Reverse Proxy
Existing Proxy
Copyright © 2018 Forcepoint. | 33
CASB
CASB – FORWARD PROXY
Reverse
Proxy
MANAGED
DEVICES
UN-MANAGED
DEVICES
UNSANCTIONED
CLOUD
SANCTIONED CLOUD
AP
I
DL
P
En
cry
pt
To
ke
niz
e
Devic
e
Mgm
t.
Lo
ggin
g
Ide
ntity
Use
r
Activity
BY
OK
Cloud APIs
Existing Proxy
Forward Proxy
Policy
Logs
API Mode
Forward Proxy
Reverse Proxy
Existing Proxy
Copyright © 2018 Forcepoint. | 34
USER BEHAVIOUR ANALYTICS – TO IDENTIFY HIGH RISK USERS
Copyright © 2018 Forcepoint. | 35
UNDERSTANDING THE RHYTHM OF YOUR EMPLOYEES - CLOUD UEBA
a. Adaptive Access Controls
b. Cloud applications enable employee mobility.
c. Users can, and do, work from several devices – both corporate
managed and BYOD
d. Do you have a BYOD policy or solution? Must be able to protect
both endpoints, managed and unmanaged
IRA - REGIONAL SALES MANAGER
▸ Travels for work often
▸ Has access to company IP
▸ Uses cloud apps on her
personal mobile phone to
access data
Copyright © 2018 Forcepoint. | 36
JULY 22
▸ Working remotely
using public Wi-Fi
on her smart phone
Copyright © 2018 Forcepoint. | 37
JULY 27
▸ Ira is leaving Las Vegas
▸ Her Box acct. is being
accessed from Ukraine
▸ Indicator of account
takeover
Copyright © 2018 Forcepoint. | 38
USER RISK RANKING OF CLOUD USERS
Understand how your users are interacting with cloud hosted data to prevent exfiltration
Be certain solution is capable of monitoring very granular actions in real-time
Look for CASB solutions with automated enforcement to protect against both malicious
insiders and
Risk = Likelihood * Impact
Copyright © 2018 Forcepoint. | 39
UEBA – CLOUD SECURITY, SIMPLIFIED
Copyright © 2018 Forcepoint. | 40
USER ACCESS MANAGEMENT
Copyright © 2018 Forcepoint. | 41
MEDIUM RISK(General Deployment)
HIGER RISK(As Exception)
LOW RISK(Early Adoption)
Shadow IT
Discover Shadow IT
Monitor Users & Data
Strict Policy Enforcement
Data Encryption &
Tokenization
Semi-Real-Time Enforcement
Hard Real-Time Enforcement
ANALYST GUIDANCE FOR CASB ADOPTION
Copyright © 2018 Forcepoint. | 42
CSA - TREACHEROUS 12
1. Data Breaches
2. Weak Identity, Credential and Access Management
3. Insecure APIs
4. System and Application Vulnerabilities
5. Account Hijacking
6. Malicious Insiders
7. Advanced Persistent Threats (APTs)
8. Data Loss
9. Insufficient Due Diligence
10. Abuse and Nefarious Use of Cloud Services
11. Denial of Service
12. Shared Technology Issues
Copyright © 2018 Forcepoint. | 43
HOW CAN CASB HELP IN THEORY?
1. Data Breaches
2. Weak Identity, Credential and Access Management
3. Insecure APIs
4. System and Application Vulnerabilities
5. Account Hijacking
6. Malicious Insiders
7. Advanced Persistent Threats (APTs)
8. Data Loss
9. Insufficient Due Diligence
10. Abuse and Nefarious Use of Cloud Services
11. Denial of Service
12. Shared Technology Issues
Copyright © 2018 Forcepoint. | 44
Pro
vid
er
Ma
na
ge
d
Pro
vid
er
Ma
na
ge
d
THE SHARED SECURITY MODEL
Enterprise ITInfrastructure
(as a Service)
Platform
(as a Service)
Software
(as a Service)
Identity & Access
Management
Client & Endpoint Protection
Data Classification &
Accountability
Identity & Access
Management
Client & Endpoint Protection
Data Classification &
Accountability
Identity & Access
Management
Client & Endpoint Protection
Data Classification &
Accountability
Identity & Access
Management
Client & Endpoint Protection
Data Classification &
Accountability
Databases
Security
Applications
Servers
Virtualization
Operating Systems
Data Centers
Networking
Storage
Databases
Security
Applications
Operating Systems
Databases
Security
Applications
Servers
Virtualization
Operating Systems
Data Centers
Networking
Storage
Databases
Security
Applications
Servers
Virtualization
Operating Systems
Data Centers
Networking
Storage
Cu
sto
me
r M
an
ag
ed
Cu
sto
me
r M
an
ag
ed
Cu
sto
me
r M
an
ag
ed
Cu
sto
me
r M
an
ag
ed
Pro
vid
er
Ma
na
ge
d
Servers
Virtualization
Data Centers
Networking
Storage
CA
SB
-M
an
ag
ed
Copyright © 2018 Forcepoint. | 45
CASB – IS IT YOUR NEW BEST FRIEND?
CASB
Copyright © 2018 Forcepoint. | 46
4 TOP USE-CASES FOR THE WHENEVER, WHEREVER WORKFORCE
1Authorised users accessing approved cloud
applications from unmanaged endpoint devices 2Authorised users accessing approved cloud apps
from managed endpoint devices
3Authorised users accessing unsanctioned
cloud app (Shadow IT) from unmanaged
endpoint devices 4Cybercriminals/malicious insiders using stolen
credentials to access cloud applications
Implement Data Protection & User access controls
based on device, destination, user or application
Understand user risk & behaviour
Enforce application-based controls
Apply data protection policies to prevent loss or theft of data
Detect malicious code embedded in documents in cloud storage
Discover Cloud App use from proxies & firewall
Manage unsanctioned cloud app use
Block High risk cloud app access from network
Employ UEBA to detect anomalies and protect & remediate
account takeover threats in real-time
Identify high risk user patterns and apply security polices to
trigger remediation actions (Like account blocking)
Detect unsanctioned application use putting data at risk
Copyright © 2018 Forcepoint. | 47
ELIMINATE SECURITY BLIND SPOTS FOR ANY CLOUD APPS
VISIBILITY
Insight into what apps are being used by
employees
Granular view of how employees are
using apps
ENFORCEMENT
Automated threat prevention and
context-aware policy enforcement
RISK ASSESSMENT
Contextual risk of apps, users,
and security configurations
ACCOUNT TAKE OVER DATA PROTECTION DEVICE ACCESS CONTROL
ACCOUNT CONTROL & MONITORING AUDIT OF USER ACTIVITIES
FORCEPOINT CASB
Copyright © 2018 Forcepoint. | 48
NEXT STEPS
Introducing the Office 365 Cloud Threat Assessment
Cloud Threat Assessment Report details cloud-application risk posture:• Cloud usage patterns. How potentially harmful activities happen in cloud applications across your organization.
• Geographical usage. Which countries your data is traveling to and from (you may be surprised).
• Privileged users. Do you have more administrators than you need?
• Dormant users. Are you overspending on unused licenses?
• Riskiest users. Who are your riskiest users and why?
Copyright © 2018 Forcepoint. | 49
Thank you
Mike Smart
Questions?