Embed Size (px)
Citation preview
Netskope © 2015, Optiv Security Inc. © 2015
5 Highest-Impact CASB Use Cases
Bob Gilbert, Chief EvangelistNetskope
Netskope © 2015, Optiv Security Inc. © 2015 2
“By 2017, organizations that have made a strategic decision to invest in cloud applications for mission-critical workloads will consider CASBs to be an essential security
control.”
© 2016 Netskope. All Rights Reserved.
3© 2016 Netskope. All Rights Reserved.
What is a Cloud Access Security Broker?
• Defined by Gartner in 2012;• Cloud-based or on-premises;• Sits between user and cloud app;• Visibility and control of cloud apps as
they are accessed;• Example policies: Authorization,
encryption, tokenization, logging, alerting, authentication
4© 2016 Netskope. All Rights Reserved.
Gartner’s Four Pillars of CASB
VISIBILITY
DATA SECURITY
COMPLIANCE
THREAT PROTECTION
5
What is driving the need for a CASB?
Netskope © 2015, Optiv Security Inc. © 2015
There are 22,000 enterprise apps today (and
growing).
© 2016 Netskope. All Rights Reserved. 7
917 Apps Per Enterprise – It’s Easy to Buy and Use Them!
10%
70%
20%
Mos
tly U
nsan
ctio
ned
San
ctio
ned
IT-led
Business-led
User-led
© 2016 Netskope. All Rights Reserved. 8
How Much of Your Business Data is in the Cloud?
30%
Data Breaches
Failed Audits =Fines, Penalties
Loss or Theft of IPor Sensitive Data
Loss of Reputation, Business Disruption
© 2016 Netskope. All Rights Reserved. 9
© 2016 Netskope. Company Confidential 10
Four ways users interact with cloud apps (Office 365 example)
WebBrowser
MobileApp
AppEcosystem
SyncClient
© 2016 Netskope. Company Confidential 11
Safe cloud enablement starts with covering all sources
Browser
SyncClient
MobileApp
AppEcosystem
• Are risky activities taking place?
• Is sensitive data leaking? Where?
• Do users with unmanaged devices have the same level of access as users with managed devices?
• What is your exposure to threats such as malware or ransomware?
5 Highest-Impact CASB Use Cases
Use Case #1Discover cloud
apps, find sensitive data, and assess risk
14
1. Find all cloud apps and report on enterprise-readiness of each cloud app using 45+ criteria
2. Report on sensitive data being shared publicly and outside your company
3. Deployment requirements typically include logs, TAP mode, or inline for apps and APIs for data
CASB Requirements
Use Case #2Prevent data exfiltration
from sanctioned to unsanctioned
cloud apps
Source: AT&T Cybersecurity Insights
16
CASB Requirements1. Inline deployment options to
get access to both sanctioned and unsanctioned cloud traffic
2. Ability to decode details in real-time about activity and data
3. Ability to associate personal and corporate cloud app account credentials
4. Ability to correlate events and perform anomaly detection
5. Need to see cloud usage details from browsers, sync clients, and mobile apps
Use Case #3Allow cloud apps
instead being forced to block them outright
18
1. See detail about real-time activities across all cloud apps
2. Support for category-level policies such as ‘social media’
3. Cloud DLP engine to focus your policy on specific data and use cases
4. Ability to apply context to your policies
CASB Requirements
Use Case #4Provide granular access control for
managed and unmanaged
devices
20
1. Ability to classify managed vs. unmanaged devices
2. Ability to set policies based on device classification
3. Support for granular policies based on device classification
CASB Requirements
Use Case #5
Find malware in sanctioned
apps, remediate, and reverse attack
fan-out
22
1. Ability to scan sanctioned cloud apps for various malware types and quarantine the files
2. Ability to replace the eradicated malware with a tombstone file, letting the user know of the action taken
CASB Requirements
The Leading Cloud Access Security Broker
Allow cloud apps instead being forced to block them outright
Prevent data exfiltration across all cloud apps
Discover cloud apps, find sensitive data, and assess risk
Provide granular access control for managed and unmanaged devices Find malware in sanctioned apps, remediate, and reverse attack fan-outDon’t leave users in the dark, coach them on safe usage
✓✓✓✓✓✓
Netskope © 2015, Optiv Security Inc. © 2015
THANK YOU!
