Cisco Cloud Access Security with Elastica protects you from the hidden threats to cloud apps. It provides new visibility by monitoring your cloud app usage in real time, extends your control into cloud apps, and combats evolving threats through intelligent protection using data science.
Unleash Your Potential - Namagunga Girls Coding Club
Achieve safe cloud app usage with Cisco Cloud Access Security
1. Ben Munroe and Nitin Kumar
Learn how to achieve safe cloud app usage
Cisco Cloud Access
Security with Elastica
2. And you wouldn’t use
email without security
? ?
?
? ?
?
?
??
? ?
You must secure them
You wouldn’t run your
business without email
As your business
adopts cloud apps
Every time you adopt a new technology, you
have to secure it
3. Cloud apps are becoming an essential part of
business
How are you protecting them?
Remote access
Agility and speed
Better collaboration
Improved productivity
Cost effective
Sensitive data leakage
Compliance risksInsider risk
Malware & viruses
4. Understand the risk of cloud apps in your business
Shadow IT
Use of unsanctioned apps
This is a problem because your IT department:
• Can’t see what apps are used
• Aren’t able of identify risky apps
• Are powerless to set informed app controls
of employees admit to using unapproved apps1
72%
of IT depts use 6 or more unapproved apps2
26% of enterprise IT spend in 2015 will be managed
outside of IT departments3
35%
Shadow IT
Use of unsanctioned apps
Source: 1CIO Insight; 2,3Gartner
5. Understand the risk of data usage in cloud apps
Shadow IT
Use of unsanctioned apps
This is a problem because your IT department:
• Can’t stop data leakage and compliance risks
• Aren’t able to block inbound risky content
• Are unable to stop risky users and activities
of organizations lost sensitive data via file sharing1
90%
of apps have risks if not properly used2
72% files per user are broadly shared across
organizations3
185
Shadow Data
Use of sanctioned apps in
unsanctioned ways
Source: 1Ponemon, 2013 Cost of Data Breach Study;
2CIO Insight; 3Elastica
6. Businesses
Don’t count on app providers to secure your
information
App Providers
Cloud Apps
75% of mobile apps fail basic security tests1 … and they can’t control your user behavior
Source: 1: Gartner
8. Cisco with Elastica can help
SaaS Visibility
Monitor cloud app usage in
real time
Extended
Granular Control
Gain control of a cloud-first,
mobile-first world
Intelligent Protection
Combat evolving threats
using data science
9. View activities in real time
IT gains
full visibility into
all cloud app usage
Identify and evaluate
all cloud apps with
their risks
Know how and what
data users share in
real time
See every cloud app
transaction on a
dynamic, intuitive user
interface
Identify malware
SaaS Visibility
10. Manage a cloud-first, mobile-first world
IT control
extends to every
cloud app transaction
Choose what cloud
apps to sanction
Manage data sharing
with global policies
across any cloud app
Take critical actions
through a centralized
SOC style dashboard
Block risky activities in
real time
Extended Granular
Control
11. Combat evolving threats
Stay ahead
of threats using
data science power
Prioritize business-
ready cloud apps
Classify content
dynamically with
semantic analysis
Analyze root cause of
threats with incident
reconstruction
Detect malware and
attacks with machine
learning mechanisms
Intelligent Protection
12. Shadow IT Risk
Assessment Report
Business
Readiness Rating™
Audit Score
Shadow Data
Risk Assessment
After
StreamIQ™
ThreatScore™
ContentIQ™
Reports &
Analysis
Cisco Cloud Access Security
Cloud Apps ? ?
??
?? ?
IO IOI
IO IOI
Protect
IO IOI
IO IOI
Cloud SOC
Policy IO IOI
IO IOI
?
5417
IO IOI
IO IOI
?
?
IO IOI
Audit
Detect
?
Investigate
WSA
BeforeDuring
Elastica CloudSOC™
Other
Appliances
ASA
In collaboration with
Data Account User
Security
Operations
Center
Analyze &
Control
Securlet™
Gateway
My name is ___________ and I’m with Cisco. I’ve been here ___ years. Thanks for taking the time to meet with me today to talk about cloud app security.
T: You know that protecting your business is critical, with new threats lurking in each new technology.
<Click>
Every time you adopt a new technology, you have to adapt your security measures to account for it.
When businesses started using email as a collaboration tool, they realized that data was leaking out of the company and they had to impose security measures.
In this new age of cloud apps, sharing large amounts of data can happen instantly and accidentally, without anybody realizing it happened.
As your business adopts cloud apps, security needs to be a priority.
T: I bet people in your company are using cloud apps you’ve never even heard of.
<Click>
Cloud apps revolutionize the way your employees can do their work. They enable BYOD, are inherently mobile, and can be up and running in minutes - driving cloud app adoption at unprecedented rates.
But along with the benefits, these cloud apps also carry unseen dangers: data leakage, targeted malware, insider threats, and compliance failures.
T: There’s a new risk with every click.
<Click>
You may have heard about Shadow IT – the problem of employees using unsanctioned apps, bypassing IT security controls. Your business owners may be approving cloud apps for entire departments to use – Salesforce or Box for example – rolling out a new tool without the IT security team knowing anything about it. Your IT team can’t see what apps are used, can’t identify risky apps, and are powerless to set informed app controls.
T: But the problem isn’t just knowing which cloud apps are used. The real danger lies in how those cloud apps are used.
<Click>
Every cloud app has massive amounts of data flowing through. Even sanctioned apps can be used in unsanctioned ways, creating Shadow Data. Even if you know what apps you’re using, you can’t see and control all the ways data is flowing to and from those apps. On average, every user has two thousand files shared across cloud apps, and 185 of those files are broadly shared, either across the organization, externally, or even publically.
This creates serious compliance risks. Imagine the amount of data your IT security has no control over. If you’re required to meet certain data compliance standards like PII, PCI, or PHI, you need to know your data is safe.
The files your users bring into the organization through cloud apps also create risks. Just like other technologies, hackers target cloud app users with weak passwords on their accounts, or target your users with malware meant to take advantage of the sharing potential of cloud apps. For every file shared once, the recipient may share that file to a countless number of others within seconds. Sometimes your own employees create the biggest risks – unintentionally or not.
T: Another customer put it this way: if I can get a hold of Shadow IT, I look like a hero. But Shadow Data could kill me.
<Click>
Maybe you think that using cloud apps delegates the security responsibility to providers. While some cloud app providers do build great security into the cloud app, not all do. In fact, 75% of mobile apps fail basic security tests. And because an average business uses a few hundred cloud apps regularly, your data is not as secure as it should be.
Now, even if they do provide security – they can’t control any risky behavior of your users. The way your users share files through those apps has no restrictions. Even one disgruntled employee with broad security permissions could do irreparable damage to your company’s reputation by using cloud apps inappropriately. Roughly 60% of data breaches are caused by insiders either abusing their access to company information, or making an innocent mistake.
T: Either way, your business is exposed.
<Click>
And that’s something you need to address. You are responsible for protecting your business.
With 5% of employees creating 85% of the cloud app exposure risks, you need to be able to find those users and protect against their risky behavior. You need to see into the cloud to find which files are being shared, who has access, and how sensitive those files are.
T: If you can’t see your cloud apps and the way they’re used, you can’t control them. And if you can’t control them, you aren’t protecting your business.
<Click>
We can help.
We’ve partnered with Elastica to help you:
Gain visibility to all the cloud apps in your business, and how they’re used
Control which apps are used, along with user behavior
Protect against any threats in real time
You get to see everything, control it all, and protect it easily. Suddenly you’re not in the dark.
T: Let’s talk about what this means for you.
<Click>
SaaS visibility means you get to see everything happening in your environment.
You need to know about every single cloud app used by your business – and how safe they are. Not only does Cloud Access Security do that, it lets you view that right down to the level of what files are being shared and how risky they are and whether any malware is attacking your business.
The best part? You get to use a dynamic, intuitive user interface that works like a traditional SOC, but is powered by the cloud to provide beautiful visuals for each data point. This means it’s easy to consume and highlight the most important things to pay attention to. I’ll talk with you more about that in a minute.
T: Once you can see into your environment, you can do something about it.
<Click>
Today, your employees are doing business globally on a variety of devices. A data breach can go viral just as quickly as a YouTube video, and once the data is out of your business, it can be shared millions of times over without your knowledge and outside of your control.
You need to get down to the most granular level to create policies that enforce which cloud apps your employees use, how they share data across any device or cloud app, and act on risks as soon as they happen, all without overextending IT resources.
T: We make it all easy and intuitive for you by using data science.
<Click>
You’re probably thinking that with all the data we’ve talked about, and the amount of data sharing going through these apps, it’ll be hard to watch and control it all. But with data science powering a cloud platform, the solution does the hardest part for you. It continuously monitors cloud apps in your environment and learns levels of normal user behavior for your business in order to highlight user anomalies.
Using our Business Readiness RatingTM, it’s easy to compare apps tailored to your security requirements. StreamIQTM examines and interprets all cloud app traffic and turns it into data that makes sense, to highlight risky behavior or attacks within seconds. The average time to remediate a data breach manually is often hours or even days. With our automated process, the average remediation time is a mere 16 seconds. And if an attack should happen, our solution can analyze the incident using historical data to figure out where the problem originated, which enables you to cut off the problem at the source before it can spread further.
T: You get to choose exactly which features you want, and which cloud apps to cover.
<Click>
Cisco and Elastica have partnered together to deliver the enablement of the cloud without the security risks. The Elastica CloudSOC platform is build on four principal applications: Audit, Detect, Protect and Investigate to give protection across the full attack continuum: before, during and after.
The process starts by pulling traffic logs from CWS, WSA, ASA or other security appliances. This information is examined and displayed in the Audit app, giving you visibility into your Shadow IT. Suddenly, you have visibility into every app your organization uses. See the Business Readiness Rating of every app tailored to your business specifications. Then, just go to your SOC and methodically block any app not safe for your business.
Once you’ve determined what apps you want to use for you business, you can connect to granular user account information through an Elastica Securelet or the Gateway. Detect, Protect, and Investigate help you dive into Shadow Data. Detect helps you spot risky behavior, Protect enables global policies across any cloud app to stop that behavior, and Investigate helps you get to the root cause of an issue.
All of this takes place through a single, intuitive, and dynamic interface that you can view from any browser.
T: Lets take a deeper look at each step.
<Click>
Now let us look at the use cases…
First I want to highlight the current architecture. There are three main ways in which Elastica can pull out information from a client.
1. The first is using what they call a Securlet, which are essentially APIs for certain cloud apps.
2. Next is the Cloud Access Gateway which provides additional visbility to cloud apps
3. Lastly is Elastica's log extraction which supports a number of import methods which we'll also discuss shortly.
On the right you see the 4 Elastica Apps, or products. This can be equated to CWS's Web Filtering, Spyware, and Virus offerings. I'll go ahead and briefly touch on each offering:
-Audit: Provides total visibility to cloud apps and provides all informaiton to prevent a malicious event from happeing
-Detect and Protect go hand in hand. They provide detailed information on risk information on a particular app.
-Protect provides the ability for an administrator to take action on data within cloud apps.
-Investigate is an analytic stuite which allows administrators to peroform post incident analysis and determine where vulnerabilities exist.
-The first function is what we currently have setup in our lab, we're sending access log traffic directly from our WSA via SCP to the Elastica Cloud. In the second method, if a device does not support SCP or SFTP we can setup whats called a SpanVA which is essentially a virtual appliance that collects syslogs.
The last thing I want to cover for this use case are the current requirements in order for Audit to work with a WSA. Currently Elastica supports Access Log and W3C Access Log. Again, these logs can be pushed a number of different ways including SCP. Note that the minimum version supported currently is Async OS 7.7. Lastly, the image to the write shows the criteria required on the WSA for log push to successfully work. Now lets take a look to see what kind of data we get from our WSA--->Demo 1
For the next use case I want to show how we can remediate and control certain types of activity with a cloud app. For our demo we've setup a corporate Box account. Now as I mentioned earlier two of the ways to obtain visibility and apply control of cloud apps are using either a Securlet or Gateway. The important thing to remember about Securlet are that they are essentially API tools designed to work with a limited amount of Cloud Apps. Now in the next use case using a Securlet for Box I want to highlight the other Elastica apps, mainly the Protect functionality.-->Demo 2: Remediate
In this next use case, a customer wants to apply acceptable use policy to the organization’s Box cloud storage. [click]
The customer purchases only the Securelet for Box and has nothing to deploy or install on their end-points, no logs are required to gain visibility into the cloud application’s use. Content classification, policy application, and analytics are all supported via the API.
Now I quickly want to go back to discuss the Cloud Access Gateway. The key thing to note here is most of the control done in cloud apps can be done by either the Securlet or Gateway. There are some key differences however.
Now in order to setup a gateway there are two redirect components, proxy chaining and PAC file. In our demo we'll be using a PAC file. The other two components to focus on are the SSO Helper which is installed as a browser plug-in and Gateway Certificate. The SSO Helper redirects a user accessing a cloud app to Elastica's SSO page, similiar to the EasyID or SAML features in CWS. Once the user autheticates it then redirects them back to the cloud app. The certificate is used for HTTPS inspection.
Lastly I want to touch on the foward looking architecure. As mentioned earlier, proxy chanining is an option instead of PAC. This integration is roadmapped for CWS solutions. Again, the Audit functionality for CWS is also roadmapped for August 2nd.