Maximize your cloud app control with Microsoft MCAS and Zscaler

Maximize your cloud app control with Microsoft MCAS and Zscaler
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION0 ZSCALER CONFIDENTIAL INFORMATION Maximize your cloud app control with Microsoft MCAS and Zscaler Dhawal Sharma | Director of Product Management at Zscaler Niv Goldenberg | Group Program Manager at Microsoft
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION1 To ask a question • Type your questions into the chat box in the Webex panel or email us at communications@zscaler.com • We’ll try to get to all questions during the Q&A session. If we do not get to your question, we’ll make sure to follow up afterwards • At the end of the webcast – please let us know how we did! ©2017 Zscaler, Inc. All rights reserved. Ask your question here…
©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. HQ Branch Branch Branch Branch Branch Branch BranchBranch Home, Coffee Shop Airport, Hotel SaaS Open Internet IaaS Cloud and Mobility Break Network Security The Internet is Your New Corporate Network “GE will run 70 percent of its workload in the cloud by 2020” Jim Fowler, CIO “The Internet will be our new corporate network by 2020” Frederik Janssen, Head of Infrastructure “Office 365 was built to be accessed via direct Internet connection” How do you secure a network (Internet) you don’t control? EMEAAPJ
©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Cloud and mobility break network security HQ EMEA Branch APJ Branch Branch Branch Branch Branch BranchBranch Zscaler enables secure network and application transformation NEW SECURITY MODEL Secure the Network Securely connect users to apps Direct to Internet Broadband / Wi-Fi / LTE / 5G NEW NETWORK MODEL OLD SECURITY MODEL Hub-and-Spoke MPLS / VPN OLD NETWORK MODEL Secure the Corporate Network SaaS Open Internet IaaS Home, Coffee Shop Airport, Hotel
On average, an organization has 28 cloud storage apps and 41 collaboration apps routinely used by its employees. On-premises
But Office 365 Deployments are stuck in the slow lane! A deployment survey of over 200 customers had problems accessing business-critical applications including Office 365. 45% Many were plagued by bandwidth and network latency issues on a daily and weekly basis 70%Weekly issues reported 33%Daily issues reported Despite appliance upgrades, after deployment:
©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Categorize Cloud Apps Into Categories • After discovery, categorize cloud services (CSP) using risk ratings and company policies • Separate cloud services into sanctioned, permitted, and restricted services • Enforce appropriate controls for each category Sanctioned Apps Permitted Apps Restricted Apps
©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Zscaler Provides CASB Functions for Inline Content Internet & Shadow Apps (managed devices and on-premise) Allow enterprises to securely enable cloud apps by providing Cloud App Visibility, Content Inspection, Security and Cloud App Compliance Visibility App Logging & Discovery Threat Prevention Stop Malware Data Protection DLP & Encryption Compliance UEBA, Access Controls User Experience Bandwidth Control, Peering Vision HQMobile BranchIOT Inline Policy Controls
© 2017 Riverbed Technology. All rights reserved. 8 Cloud App Security
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION9 Microsoft Cloud Application Security (MCAS) Overview
A comprehensive, intelligent security solution that brings visibility, real-time controls and security to your cloud applications. ControlDiscover Protect Integrates with your SIEM, Identity and Access Management, DLP and Information Protection solutions
Discover and assess risks Protect your information Detect threats Control access in real time Identify cloud apps on your network, gain visibility into shadow IT, and get risk assessments and ongoing analytics. Get granular control over data and use built-in or custom policies for data sharing and data loss prevention. Identify high-risk usage and detect unusual behavior using Microsoft threat intelligence and research. Manage and limit cloud app access based on conditions and session context, including user identity, device, and location. 101010101 010101010 101010101 01011010 10101
Get anomalous usage alerts, new app and trending apps alerts. On-going analytics Discover 15K+ cloud apps in use across your networks and sensitive data they store. Discovery of cloud apps and data Assess cloud app risk based on ~60 security and compliance risk factors. Cloud app risk assessment Protect your employees’ privacy while discovering cloud apps in your environment. Log anonymization Investigate cloud use profiles of specific users, machines, apps and groups. Advanced investigation tools
Control access to cloud apps as well as to sensitive data within these apps based on user, location, device, and app (any SAML-based app, any OS). Context-aware session policies Limit activities performed within user sessions in SaaS apps based on user identity, location, device state, and detected sign-in risk level. Unique integration with Azure Active Directory Enforce browser-based “view only” mode for low-trust sessions. Classify, label, and protect on download. Gain visibility into unmanaged device activity. Investigate & enforce app and data restrictions
Set granular policies to control data in the cloud—either automated or based on file label—using out-of-the-box policies or ones you customize. Granular Data loss prevention (DLP) policies Control and protect sensitive files through policies and governance to comply with regulations (e.g., GDPR, HIPAA, PCI, SOX). Compliance policies Identify policy violations, enforce actions such as quarantine and permissions removal. Policy enforcement Apply protection, including encryption and classification, to files with sensitive information Native protection – at rest and inline
User manually classifies a file in Office apps, Cloud App Security reads classification from the file to give admins visibility to cloud activities on this data: Upload, sharing & download. Sharing control based on user input Proxy automatically encrypts files labeled as “internal” upon download to non-corporate owned devices Prevent corporate data leakage based on classification
Assess risk in each transaction and identify anomalies in your cloud environment that may indicate a breach. Behavioral analytics Enhance behavioral analytics with insights from the Microsoft Intelligent Security Graph to identify anomalies and attacks. Threat intelligence Customize detections based on your findings. Customization Gain useful insights from user, file, activity, and location logs. Pivot on users, file, activities and locations. Advanced investigation & multiple views Remediate threats and security issues with a single click. Single-click remediation
Why Cloud App Security is different Discover SaaS apps & assess risk Identify more than 15,000 apps and assess their risk based on 60 different parameters, including regulatory compliance. Gain unified information protection Set granular control policies and enforce them on your cloud apps and data—whether from Microsoft or other vendors—using powerful remediation actions. Control and limit access in real time Set granular access- and activity-level policies, such as allowing access from an unmanaged device while blocking downloads of sensitive data. Support your compliance journey with key regulations Discover and control data in the cloud with granular policies to help you comply with regulations such as Payment Card Industry (PCI) and General Data Protection Regulation (GDPR). Detect & mitigate ransomware attacks Identify potential ransomware activity with a built-in template that can search for unique file extensions, suspend suspect users, and prevent further encryption of user files. Integrate with your existing SIEM & DLP solutions Preserve your usual workflow and set a consistent policy across on-premises and cloud activities while automating security procedures.
©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION18 MCAS and Zscaler Use Cases
©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Users: Identify and Control Restricted Apps Protect users and data using closed loop control (Zscaler) Restricted Apps Discover risky cloud usage (Zscaler + Microsoft Cloud App Security)
©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Users and Data: Securely Enable Permitted Apps Permitted Apps DLP to block sensitive data (e.g. Source code uploaded to GitHub) (Zscaler) Granular visibility (e.g. GitHub repositories in use) (Microsoft Cloud App Security) Visibility into mobile users (e.g. GitHub use from a coffee shop) (Zscaler) Granular DLP (e.g. Allow uploads to permitted GitHub repositories, block uploads to others) (Zscaler & Microsoft Cloud App Security) Detect and prevent malware (e.g. malware distributed via personal email) (Zscaler)
©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Data: Securely Enable Adoption of Sanctioned Apps Sanctioned Apps Enforce DLP and collaboration controls (e.g. Prevent sharing files from OneDrive with unauthorized domains) (Microsoft Cloud App Security) Encrypt data using customer-controlled keys (e.g. Encrypt PII within Salesforce) (Microsoft Cloud App Security) Audit data and configuration, identify violations (Microsoft Cloud App Security) Enforce access control policies on managed/unmanaged devices (e.g. Block download of a Salesforce report to an unmanaged device) (Zscaler + Microsoft Cloud App Security) UEBA to protect against malicious insiders, negligent use, and compromised accounts (e.g. Download customer list from Salesforce) (Microsoft Cloud App Security) Data exfiltration by malware and malicious insiders to shadow apps (e.g. Download customer list from Salesforce and upload to ZippyShare) (Zscaler) Predictable user experience (e.g. Guaranteed bandwidth for O365 vs. YouTube) (Zscaler)
©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Zscaler and MCAS Integration
©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Setting up Zscaler & Microsoft Cloud App Security Integration Microsoft Cloud App Security Tenant Bonding Tenant Bonding SSO Zscaler NSS Log Forwarding Create Unsanctioned App PolicyAPI Polling Unsanctioned Apps URL category SSO Enforce Policy End User PAC/ZApp Planned with 5.6
©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Solution Demo
©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Thank You! Questions and Next Steps 25 Dhawal Sharma Director, Product Management at Zscaler dhawal@zscaler.com Zscaler Cloud App Control zscaler.com/cloudapp Microsoft Cloud App Security aka.ms/Cloudappsecurity Overcoming the Challenges of Architecting for the Cloud Slow Office 365 Deployment? Let Zscaler help you get in the fast lane! zscaler.com/webcasts Niv Goldenberg Group Program Manager at Microsoft Niv.Goldenberg@microsoft.com Learn more about Microsoft Cloud App Security zscaler.com/webcasts Other On-Demand Webcasts
©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. June 25-27, 2018 The Cosmopolitan, Las Vegas Register at zenithlive.zscaler.com Join the conversation at community.zscaler.com

Check these out next

Maximize your cloud app control with Microsoft MCAS and Zscaler

Recommended

More Related Content

Slideshows for you(20)

Similar to Maximize your cloud app control with Microsoft MCAS and Zscaler(20)

Recently uploaded(20)

Maximize your cloud app control with Microsoft MCAS and Zscaler

Editor's Notes