Workshop: Threat Intelligence - Part 1
(Technology Taxonomy For Cloud Security,Key Components Of Cloud Security Architecture,Blue Print To Build Your Cloud Security Program,Basics Of Cloud Security Access Brokers)
2. Challenges with SaaS/Cloud
• Sanctioned IT: Lack of user behavior visibility,
audit trail, ability to encrypt/secure, ability to
directly prevent threats
• Shadow IT: No visibility or control
3. CASB
• Cloud Access Security Brokers (CASBs) are
security enforcement points between
consumers and service providers that apply
security controls to access cloud services
– Data Security/Encryption
– Visibility
– Threat Protection
– Compliance
Image Source: Cloud Access Security Broker (CASB): A pattern for secure access to cloud services EDUARDO B. FERNANDEZ et al
4. SaaS Security Gaps
Sanctioned SaaS
• Lack of User Behavior visibility
• Lack of Audit trails
• Lack of automated threat
prevention
• Lack of data protection controls
Shadow IT
• No visibility of what’s being
used
• Risk of compliance breaches
• No threat prevention
• No data protection mechanism
5. CASB Use Cases
• Approved SaaS Applications
– CRM, Office Suites, IT Ops management
• Shadow IT
– Discovery, Risk Scoring, Visibility and Compliance
6. CASB Taxonomy
Product Feature
Metrics
Visibility
Deployment
Options
Cloud
On Premise
Hybrid
Content Aware
User
Device
Location
Compliance
Policy
Enforcement
Policy control
DLP
Policy Methods
SIEM Integration
MDM Integration
Data Security
Tokenization
Data Encryption
Threat Prevention
Anomaly
Detection
Shadow IT
Sanctioned Apps
7. CASB Taxonomy - Simpler
Visibility
• Deployment
Options
• Cloud
• On Premise
• Hybrid
• Content
Aware
• User
• Device
• Location
Compliance
• SOCA
• SOC-2
• FIPS 140-2
• ISO 27001 by
Default
• Policy
Enforcement
Policy control
• DLP
• SIEM
Integration
• MDM
Integration
• Policy
Methods
• Single sign
on for Cloud
Apps
Data Security
• Tokenization
• Data
Encryption
• Antimalware
• Sandbox
malware
review
Threat
Prevention
• Anomaly
Detection
• Shadow IT
• Sanctioned
Apps
8. Key Capabilities
• Logging and Auditing
• Alerting
• Authentication
• Access Control
• Encryption and tokenization
• Discovery and risk rating of cloud services
• Uncovering Shadow IT by Auditing
• Detecting risky users and activities
• Protecting by enforcing policies
• Performing continuous monitoring and logging
• Providing data loss prevention (Cloud DLP) capabilities
10. CASB Limitations
• Support for limited number of SaaS apps
• Breaking of functionality
• Interoperability
• Integration with existing security investments
• Performance/Latency challenges
11. Future of CASB
• CASB is not a new/independent security
feature but an evolution to fit the cloud
scenarios.
• CASB in the long run shall get embedded with
the current security technologies like
– SWG, SIEM, Encryption, IDaaS (Additive)
– DLP, EMM, WAM, NGFW (Feature overlap)
12. Now
• Visibility/Compliance focused
• Management focused CASB
• Access Control focused
• Data Security focused
Future
• Integrated with IAM
• Integrated with SWG/DAP/DAG
• Evolve to cloud security
management platforms with
IaaS/PaaS
13. Recommendations
• Understand your CASB requirements well
• All vendors are not good at all
scenarios..Choose wisely..multi vendor
approach
• Understand your use case and threat model
• Support is very important evaluation metric
• Evaluate the product roadmap
• Check the integration capabilities