SlideShare a Scribd company logo

20-most-common-casb-use-cases-2-.pdf

C
ccnpswicth

The document discusses common use cases for Cloud Access Security Brokers (CASBs). It begins by explaining that CASBs enable organizations to extend their information protection policies from on-premises infrastructure to the cloud. It then lists 20 common CASB use cases organized under the categories of governing usage, securing data, and protecting against threats. For each use case, it provides examples and outlines the functional and deployment requirements needed to implement that use case.

Art & Photos
1 of 24
Download to read offline
The 20 Most Common CASB Use Cases
2 As people and organizations adopt cloud services, Cloud Access Security Brokers (CASBs) have become a must-have for any information security team. CASBs provide critical capabilities such as governing access and activities in sanctioned and unsanctioned cloud services, securing sensitive data and preventing its loss, and protecting against internal and external threats. In short, CASBs enable organizations to extend their information protection policies and programs from their on-premises infrastructure and applications to the cloud. For organizations that are considering deploying CASB, it’s useful to consider the specific use cases they’re likely to address within these broad topic areas as they inform functional and architectural requirements. Here’s a list of the 20 most common CASB use cases.
3 Govern access to Office 365 and other cloud services by device ownership class Monitor privileged accounts and prevent unauthorized activity in IaaS instances Monitor or control users’ activities within Collaboration or Social Media without blocking those services Monitor or control advanced or cross-service activities in real time Protect against password email abuse Monitor or control users’ activities even when they are accessing cloud services from a mobile or desktop app or sync client Prevent data exfiltration from an IT-led to any cloud service Enforce different policies for personal and corporate instances of the same cloud service Monitor sensitive data in Amazon S3 buckets Enforce an activity- or data- level policy across a category of cloud services Enforce conditional activity- level policies Enforce layered policies that include a “base” and “exception” policy Apply encryption based on conditional factors Find and protect sensitive data embedded in images Block or remediate malware in IT-led and en route to/from business-led cloud services Detect and alert on user login anomalies Detect anomalies such as excessive downloads, uploads, or sharing within both IT-led and business-led services Block and quarantine zero-day malware in the cloud Recover from cloud-based ransomware infections Prevent data infiltration involving new employees GOVERN USAGE ..........................7 ................6 ............................................15 ....................4 .......................9 ....................................................5 ...............................8 .........................16 .....................................10 ........................................12 ................................13 ..............................14 ...........................18 ..........................19 ......................20 ...................................21 .......................11 ................................................17 .........................................22 ..........................................23 SECURE DATA PROTECT AGAINST THREATS
4 SECURE DATA Prevent data exfiltration from an IT-led to any cloud service For example, prevent the download of confidential content from a corporate-IT-led service such as Salesforce, Box, or even AWS S3 to a personal Dropbox or other file sharing service Functional Requirements ▸ ▸ See and control usage in both IT-led and business-led services ▸ ▸ Detect sensitive data, e.g., “confidential” ▸ ▸ Identify all unique content in motion and track its movement ▸ ▸ Be aware of context, e.g., activities such as “upload” and “download” ▸ ▸ Correlate users’ identities (e.g., bob@netskope.com = bob123@yahoo.com = bobaran@gmail.com) ▸ ▸ Differentiate between internal and external domains ▸ ▸ Know corporate vs. personal accounts ▸ ▸ Recognize and enforce differing policies between service instances, e.g., corporate and personal ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction ▸ ▸ Surface data exfiltration activities in a user interface that is easy to understand Deployment Requirements ▸ ▸ Forward proxy (monitor and control) 1
5 SECURE DATA Enforce different policies for personal and corporate instances of the same cloud service For example, prevent the upload of regulated information (such as that beholden to FISMA, NERC, or PCI) to any Dropbox EXCEPT for the corporate- IT- led instance of Dropbox Functional Requirements ▸ ▸ Detect sensitive data, e.g., data beholden to FISMA, NERC, or PCI ▸ ▸ Be aware of context, e.g., activities such as “upload” and “download” ▸ ▸ Know corporate vs. personal accounts ▸ ▸ Recognize and enforce differing policies between service instances, e.g., corporate and personal ▸ ▸ See and control usage in both IT-led and business-led services ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ Forward proxy (monitor and control) 2
6 PROTECT AGAINST THREATS Block or remediate malware in IT-led and en route to/ from business-led cloud services For example, detect, quarantine, and block malware being downloaded from any cloud service in real time Functional Requirements ▸ ▸ Inspect, detect, block, and remediate malware in IT-led cloud services ▸ ▸ Inspect, detect, block, and remediate malware en route to/from business-led cloud services ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ API (IT-led only) ▸ ▸ Forward proxy ▸ ▸ Reverse proxy (IT-led only, browser only) 3
7 GOVERN USAGE Functional Requirements ▸ ▸ Understand different authentication protocols and federated identity across Office 365 and other cloud services ▸ ▸ Enforce access and activity policies based on device attributes, including classification of “managed” and “unmanaged” ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction (for forward proxy) Deployment Requirements ▸ ▸ Forward proxy ▸ ▸ Reverse proxy (IT-led only, browser only) Govern access to Office 365 and other cloud services by device ownership class For example, offer web-based email access only to a BYOD device but full suite access to a corporate one 4
8 SECURE DATA Monitor sensitive data in Amazon S3 buckets For example, alert when PCI data is discovered in AWS S3 buckets Functional Requirements ▸ ▸ Cloud DLP that can scan S3 buckets ▸ ▸ Specify all or individual S3 buckets ▸ ▸ Incident management workflow Deployment Requirements ▸ ▸ API (IT-led only) 5
9 GOVERN USAGE Monitor privileged accounts and prevent unauthorized activity in IaaS instances For example, disallow creation, edit, or delete of cloud instances, “buckets,” or “clusters” Functional Requirements ▸ ▸ Be aware of context, e.g., activities such as “create” and “edit” and objects such as “instances” and “buckets” ▸ ▸ Determine identity and control usage by user, group, and other enterprise directory attributes ▸ ▸ See and control usage in both IT-led and business-led services ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ API (IT-led only) ▸ ▸ Forward proxy 6
10 SECURE DATA Functional Requirements ▸ ▸ Be aware of context, e.g., activities such as “upload” and “download” ▸ ▸ Correlate users’ identities (e.g., bob@netskope. com = bob123@yahoo.com = bobaran@gmail. com) ▸ ▸ See and control usage in both IT-led and business- led services ▸ ▸ Integrate with enterprise directory to enforce policies at a group or organizational unit level ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ Forward proxy Enforce an activity- or data-level policy across a category of cloud services For example, block the download of personally-identifiable information (PII) from ANY HR service if the user is outside of the HR team 7
11 GOVERN USAGE Functional Requirements ▸ ▸ Integrate CASB with directory services to focus policy on a specific group, e.g., Investment Banking ▸ ▸ Be aware of context, e.g., activities such as “view,” “post,” and “create” ▸ ▸ See and control usage in both IT-led and business-led services ▸ ▸ Detect data violations using advanced DLP features including regular expressions, custom keyword dictionaries, and Boolean operators to focus on specific risky activities (e.g., for FINRA) or to set policies for a specific group (e.g., Finance) ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ Forward proxy (monitor and control) Monitor or control users’ activities within Collaboration or Social Media without blocking those services For example, block any financial employee from posting “guarantee” or “recommend” alongside a stock ticker or company name on any Collaboration or Social Media service like Slack or Twitter to comply with FINRA and other regulations 8
12 SECURE DATA Functional Requirements ▸ ▸ Be aware of context, e.g., activities such as “share” ▸ ▸ See and control usage in both IT-led and business- led services ▸ ▸ Differentiate between internal and external domains ▸ ▸ Enforce “set-it-once” policies across categories of services ▸ ▸ Detect and enforce policies by IP address, network location, or geolocation ▸ ▸ Integrate with enterprise directory to enforce policies at a group or organizational unit level ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ Forward proxy ▸ ▸ Reverse proxy (IT-led only, browser only) Enforce conditional activity-level policies For example, block the sharing of content by a corporate ‘insider’ with anyone outside of the organization from ANY Cloud Storage service if it is the organization’s financial reporting quiet period 9
13 SECURE DATA Functional Requirements ▸ ▸ Support for policies with “allow” and “block” actions ▸ ▸ Support for category-level policies ▸ ▸ Differentiate between instances of cloud services Deployment Requirements ▸ ▸ Forward proxy ▸ ▸ Reverse proxy (IT-led only, browser only) Enforce layered policies that include a “base” and “exception” policy For example, prevent the upload of confidential data to ANY Cloud Storage service except corporate IT- led Google Drive 10
14 SECURE DATA Functional Requirements ▸ ▸ Be aware of context, e.g., activities such as “upload” ▸ ▸ See and control usage in both IT-led and business- led services ▸ ▸ Apply strong encryption to sensitive content with enterprise key management ▸ ▸ Integrate with KMIP-compliant, on-premises key manager ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ Forward proxy ▸ ▸ Reverse proxy (IT-led only, browser only) Apply encryption based on conditional factors For example, apply strong encryption with enterprise key management to confidential intellectual property such as next- generation product designs 11
15 PROTECT AGAINST THREATS Functional Requirements ▸ ▸ Correlate users’ identities (e.g., bob@netskope.com = bob123@yahoo.com = bobaran@gmail.com) ▸ ▸ See usage in both IT-led and business-led services ▸ ▸ Use machine learning to detect cloud behavior anomalies ▸ ▸ Detect IP addresses, network location, or geo- location ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ API (IT-led only) ▸ ▸ Reverse proxy (IT-led only, browser only) ▸ ▸ Forward proxy Detect and alert on user login anomalies For example, detect users logging into a cloud service from two different locations with the same credentials, indicating a potentially compromised account 12
16 PROTECT AGAINST THREATS Functional Requirements ▸ ▸ Be aware of context, e.g., activities such as “download” and “share” ▸ ▸ See and control usage in both IT-led and business- led services ▸ ▸ Use machine learning and rules to detect anomalies that could signal risky behavior, non-compliance, data exposure, or even malware ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ API (IT-led only) ▸ ▸ Forward proxy ▸ ▸ Reverse proxy (IT-led only, browser only) Detect anomalies such as excessive downloads, uploads, or sharing within both IT-led and business-led services For example, detect excessive download of sensitive customer data from Salesforce 13
17 GOVERN USAGE Functional Requirements ▸ ▸ Be aware of context, e.g., activities such as “edit,” “sync,” and “save” ▸ ▸ See and control usage in both IT-led and business-led (including ecosystem) apps ▸ ▸ Identify and control integration with ecosystem services ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ Forward proxy (monitor and control) 17 Monitor or control advanced or cross-service activities in real time For example, “Edit in Box,” “Save to Dropbox” from Slack, or enforce which services can integrate and share data with your G Suite 14
18 PROTECT AGAINST THREATS Functional Requirements ▸ ▸ Cloud DLP with OCR (Optical Character Recognition) capability ▸ ▸ Ability to scan IT-led cloud services with OCR- supported cloud DLP ▸ ▸ Ability to apply OCR to cloud traffic to and from business-led cloud services Deployment Requirements ▸ ▸ API (IT-led only) ▸ ▸ Forward proxy ▸ ▸ Reverse proxy (IT-led only, browser only) Find and protect sensitive data embedded in images For example, find and stop patient data embedded in an x-ray image being uploaded to a personal cloud servicecloud service 15
19 PROTECT AGAINST THREATS Functional Requirements ▸ ▸ Support for cloud-based inspection with dynamic analysis using a cloud-based sandbox ▸ ▸ Support for multiple threat intelligence mechanisms including external and internal ▸ ▸ Support quarantine workflows that are malware- centric Deployment Requirements ▸ ▸ API (IT-led only) ▸ ▸ Forward proxy ▸ ▸ Reverse proxy (IT-led only, browser only) Block and quarantine zero-day malware in the cloud For example, detect and quarantine new strains of malware present in IT-led cloud services and block this type of malware en route to and from business-led cloud services 16
20 PROTECT AGAINST THREATS Functional Requirements ▸ ▸ Use 70 different signals to identify unauthorized encryption ▸ ▸ Integration with cloud storage apps like OneDrive to enable “roll-back” functionality ▸ ▸ A streamlined UI to enable an intuitive workflow for rolling back infected content to pre-infected state Deployment Requirements ▸ ▸ API (IT-led only) ▸ ▸ Recover from cloud-based ransomware infections For example, alert when a ransomware infection has taken place and provide a seamless workflow to recover from the infection 17
21 PROTECT AGAINST THREATS Functional Requirements ▸ ▸ Integrate “new employee” policy with enterprise directory ▸ ▸ Use custom keyword dictionary to delineate sensitive competitor documents ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ API (IT-led only) ▸ ▸ Forward proxy ▸ ▸ Reverse proxy (IT-led only, browser only) ▸ ▸ ▸ ▸ Prevent data infiltration involving new employees For example, block new employees from uploading confidential data from their previous employer to their new company’s IT-led cloud service 18
22 GOVERN USAGE Functional Requirements ▸ ▸ Cloud DLP with custom keyword dictionaries to incorporate any variation of keyword that may signal that a password is being shared ▸ ▸ Cloud DLP support for business-led webmail accounts (hundreds) ▸ ▸ Support for category-level policies with specific support for webmail ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ Forward proxy ▸ ▸ Reverse proxy (IT-led only, browser only) ▸ ▸ ▸ ▸ Protect against password email abuse For example, block passwords being sent via any webmail app 19
23 GOVERN USAGE Functional Requirements ▸ ▸ Inspect and control cloud traffic even when it originates from a mobile or desktop app or sync client ▸ ▸ See and control usage in both IT-led and business-led services ▸ ▸ Enforce policy action such as block, coach, or justify in real time ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction (for forward proxy) Deployment Requirements ▸ ▸ Forward proxy (monitor and control) ▸ ▸ ▸ ▸ Monitor or control users’ activities (even when they are accessing cloud services from a mobile or desktop app or sync client) For any of the real-time use cases that require a forward proxy, support should be extended to mobile apps, desktop apps, and sync clients 20
©2018 Netskope, Inc. All rights reserved. Netskope is a registered trademark and Netskope Active, Netskope Discovery, Cloud Confidence Index, and SkopeSights are trademarks of Netskope, Inc. All other trademarks are trademarks of their respective owners. 01/18 EB-198-1 GOVERN USAGE SECURE DATA PROTECT AGAINST THREATS ▸ ▸ Monitor or control users’ activities even when they are accessing cloud services from a mobile or desktop app or sync client ▸ ▸ Govern access to Office 365 and other cloud services by device ownership class ▸ ▸ Monitor privileged accounts and prevent unauthorized activity in IaaS instances ▸ ▸ Monitor or control users’ activities within Collaboration and Social Media without blocking those services ▸ ▸ Monitor or control advanced or cross-service activities in real time ▸ ▸ Prevent data exfiltration from a sanctioned to an unsanctioned service ▸ ▸ Enforce different policies for personal and corporate instances of the same cloud service ▸ ▸ Enforce an activity- or data-level policy across a category of services ▸ ▸ Enforce conditional activity- level policies ▸ ▸ Enforce layered policies that include a “base” and “exception” policy ▸ ▸ Apply encryption based on conditional factors ▸ ▸ Block or remediate malware in sanctioned and en route to/from unsanctioned cloud services, even in mobile and desktop apps and sync clients ▸ ▸ Detect and alert on user login anomalies ▸ ▸ Detect anomalies such as excessive downloads, uploads, or sharing, within both sanctioned and unsanctioned services ▸ ▸ Prevent data infiltration involving new employees

Recommended

casb_by_.pptx
casb_by_.pptxcasb_by_.pptx
casb_by_.pptx
shahnawaz_pirates
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB
Samrat Das
 
The 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityThe 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud Security
VAST
 
Azure Forensics & Incident Response
Azure Forensics & Incident ResponseAzure Forensics & Incident Response
Azure Forensics & Incident Response
Christopher Doman
 
Security and Compliance with SharePoint and Office 365
Security and Compliance with SharePoint and Office 365Security and Compliance with SharePoint and Office 365
Security and Compliance with SharePoint and Office 365
Richard Harbridge
 
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Karim Vaes
 
Protect your Data even under breach
Protect your Data even under breachProtect your Data even under breach
Protect your Data even under breach
CloudMask inc.
 
The 15 best cloud security practices
The 15 best cloud security practices The 15 best cloud security practices
The 15 best cloud security practices
Cloudride LTD
 

Recommended

casb_by_.pptx
casb_by_.pptxcasb_by_.pptx
casb_by_.pptx
shahnawaz_pirates
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB
Samrat Das
 
The 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityThe 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud Security
VAST
 
Azure Forensics & Incident Response
Azure Forensics & Incident ResponseAzure Forensics & Incident Response
Azure Forensics & Incident Response
Christopher Doman
 
Security and Compliance with SharePoint and Office 365
Security and Compliance with SharePoint and Office 365Security and Compliance with SharePoint and Office 365
Security and Compliance with SharePoint and Office 365
Richard Harbridge
 
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Karim Vaes
 
Protect your Data even under breach
Protect your Data even under breachProtect your Data even under breach
Protect your Data even under breach
CloudMask inc.
 
The 15 best cloud security practices
The 15 best cloud security practices The 15 best cloud security practices
The 15 best cloud security practices
Cloudride LTD
 
SaaS Platform Securing
SaaS Platform SecuringSaaS Platform Securing
SaaS Platform Securing
Leo TechnoSoft
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
Raj Sarode
 
Security Quick Tour
Security Quick TourSecurity Quick Tour
Security Quick Tour
Active Base
 
Implementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudImplementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloud
Ajit Bhingarkar
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
Alert Logic
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASB
Kyle Watson
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerMaximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and Zscaler
Zscaler
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerMaximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and Zscaler
Ankit Dua
 
Aruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_final
Aruba, a Hewlett Packard Enterprise company
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
IBM Security
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
CloudPassage
 
Service now is a software platform that supports IT service manag.docx
Service now is a software platform that supports IT service manag.docxService now is a software platform that supports IT service manag.docx
Service now is a software platform that supports IT service manag.docx
edgar6wallace88877
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
Shah Sheikh
 
13 Tips for Cloud Security
13 Tips for Cloud Security13 Tips for Cloud Security
13 Tips for Cloud Security
Peak 10
 
SaaS Security.pptx
SaaS Security.pptxSaaS Security.pptx
SaaS Security.pptx
chelsi33
 
saassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfsaassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdf
SahilSingh316535
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
Iftikhar Ali Iqbal
 
Cloud Security (CASB) for Slack
Cloud Security (CASB) for SlackCloud Security (CASB) for Slack
Cloud Security (CASB) for Slack
Sachin Yadav
 
Sap basis and_security_administration
Sap basis and_security_administrationSap basis and_security_administration
Sap basis and_security_administration
Anil Kumar Reddy Cheppalli
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Amazon Web Services
 
SHIVNA SAHITYIKI OCTOBER DECEMBER 2023 II.pdf
SHIVNA SAHITYIKI OCTOBER DECEMBER 2023 II.pdfSHIVNA SAHITYIKI OCTOBER DECEMBER 2023 II.pdf
SHIVNA SAHITYIKI OCTOBER DECEMBER 2023 II.pdf
Shivna Prakashan
 
Mr. Brainwash ❤️ Beautiful Girl _ FRANK FLUEGEL GALERIE.pdf
Mr. Brainwash ❤️ Beautiful Girl _ FRANK FLUEGEL GALERIE.pdfMr. Brainwash ❤️ Beautiful Girl _ FRANK FLUEGEL GALERIE.pdf
Mr. Brainwash ❤️ Beautiful Girl _ FRANK FLUEGEL GALERIE.pdf
Frank Fluegel
 

More Related Content

Similar to 20-most-common-casb-use-cases-2-.pdf

SaaS Platform Securing
SaaS Platform SecuringSaaS Platform Securing
SaaS Platform Securing
Leo TechnoSoft
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
Raj Sarode
 
Security Quick Tour
Security Quick TourSecurity Quick Tour
Security Quick Tour
Active Base
 
Implementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudImplementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloud
Ajit Bhingarkar
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
Alert Logic
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASB
Kyle Watson
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerMaximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and Zscaler
Zscaler
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerMaximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and Zscaler
Ankit Dua
 
Aruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_final
Aruba, a Hewlett Packard Enterprise company
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
IBM Security
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
CloudPassage
 
Service now is a software platform that supports IT service manag.docx
Service now is a software platform that supports IT service manag.docxService now is a software platform that supports IT service manag.docx
Service now is a software platform that supports IT service manag.docx
edgar6wallace88877
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
Shah Sheikh
 
13 Tips for Cloud Security
13 Tips for Cloud Security13 Tips for Cloud Security
13 Tips for Cloud Security
Peak 10
 
SaaS Security.pptx
SaaS Security.pptxSaaS Security.pptx
SaaS Security.pptx
chelsi33
 
saassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfsaassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdf
SahilSingh316535
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
Iftikhar Ali Iqbal
 
Cloud Security (CASB) for Slack
Cloud Security (CASB) for SlackCloud Security (CASB) for Slack
Cloud Security (CASB) for Slack
Sachin Yadav
 
Sap basis and_security_administration
Sap basis and_security_administrationSap basis and_security_administration
Sap basis and_security_administration
Anil Kumar Reddy Cheppalli
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Amazon Web Services
 

Similar to 20-most-common-casb-use-cases-2-.pdf (20)

SaaS Platform Securing
SaaS Platform SecuringSaaS Platform Securing
SaaS Platform Securing
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Security Quick Tour
Security Quick TourSecurity Quick Tour
Security Quick Tour
 
Implementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudImplementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloud
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
 
63 Requirements for CASB
63 Requirements for CASB63 Requirements for CASB
63 Requirements for CASB
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerMaximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and Zscaler
 
Maximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and ZscalerMaximize your cloud app control with Microsoft MCAS and Zscaler
Maximize your cloud app control with Microsoft MCAS and Zscaler
 
Aruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_final
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
 
Service now is a software platform that supports IT service manag.docx
Service now is a software platform that supports IT service manag.docxService now is a software platform that supports IT service manag.docx
Service now is a software platform that supports IT service manag.docx
 
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah SheikhISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
ISACA Journal Publication - Does your Cloud have a Secure Lining? Shah Sheikh
 
13 Tips for Cloud Security
13 Tips for Cloud Security13 Tips for Cloud Security
13 Tips for Cloud Security
 
SaaS Security.pptx
SaaS Security.pptxSaaS Security.pptx
SaaS Security.pptx
 
saassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfsaassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdf
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
 
Cloud Security (CASB) for Slack
Cloud Security (CASB) for SlackCloud Security (CASB) for Slack
Cloud Security (CASB) for Slack
 
Sap basis and_security_administration
Sap basis and_security_administrationSap basis and_security_administration
Sap basis and_security_administration
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
 

Recently uploaded

SHIVNA SAHITYIKI OCTOBER DECEMBER 2023 II.pdf
SHIVNA SAHITYIKI OCTOBER DECEMBER 2023 II.pdfSHIVNA SAHITYIKI OCTOBER DECEMBER 2023 II.pdf
SHIVNA SAHITYIKI OCTOBER DECEMBER 2023 II.pdf
Shivna Prakashan
 
Mr. Brainwash ❤️ Beautiful Girl _ FRANK FLUEGEL GALERIE.pdf
Mr. Brainwash ❤️ Beautiful Girl _ FRANK FLUEGEL GALERIE.pdfMr. Brainwash ❤️ Beautiful Girl _ FRANK FLUEGEL GALERIE.pdf
Mr. Brainwash ❤️ Beautiful Girl _ FRANK FLUEGEL GALERIE.pdf
Frank Fluegel
 
Maryoku_Yummy_Episode_01_Storyboard example_01
Maryoku_Yummy_Episode_01_Storyboard example_01Maryoku_Yummy_Episode_01_Storyboard example_01
Maryoku_Yummy_Episode_01_Storyboard example_01
acostaanimation
 
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka Kalyan Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka Kalyan Matka➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka Kalyan Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka Kalyan Matka
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
The Evolution and Impact of Hip Hop a cultural and artistic
The Evolution and Impact of Hip Hop a cultural and artisticThe Evolution and Impact of Hip Hop a cultural and artistic
The Evolution and Impact of Hip Hop a cultural and artistic
applemusic056
 
Matka Guessing Satta Matta Matka Kalyan Chart Indian Matka Dpboss
Matka Guessing Satta Matta Matka Kalyan Chart Indian Matka DpbossMatka Guessing Satta Matta Matka Kalyan Chart Indian Matka Dpboss
Matka Guessing Satta Matta Matka Kalyan Chart Indian Matka Dpboss
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Kalyan chart DP boss guessing matka number
Kalyan chart DP boss guessing matka numberKalyan chart DP boss guessing matka number
Kalyan chart DP boss guessing matka number
➑➌➋➑➒➎➑➑➊➍
 
Satta matka guessing matka Kalyan chart
Satta matka guessing matka Kalyan chartSatta matka guessing matka Kalyan chart
Satta matka guessing matka Kalyan chart
Kalyan matka
 
ARNAUVALERY RECORD STORE SCAVENGER HUNT.
ARNAUVALERY RECORD STORE SCAVENGER HUNT.ARNAUVALERY RECORD STORE SCAVENGER HUNT.
ARNAUVALERY RECORD STORE SCAVENGER HUNT.
ValeryArnau
 
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
VTV FULL SCRIPT ------------------------
VTV FULL SCRIPT ------------------------VTV FULL SCRIPT ------------------------
VTV FULL SCRIPT ------------------------
ssathiyanishanth8
 
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
A Brief Introduction About Hanying Chen_
A Brief Introduction About Hanying Chen_A Brief Introduction About Hanying Chen_
A Brief Introduction About Hanying Chen_
Hanying Chen
 
Call Girls Ahmedabad 7426014248 Independent Call Girl Service Ahmedabad
Call Girls Ahmedabad 7426014248 Independent Call Girl Service AhmedabadCall Girls Ahmedabad 7426014248 Independent Call Girl Service Ahmedabad
Call Girls Ahmedabad 7426014248 Independent Call Girl Service Ahmedabad
namratasinha41
 
哪里购买(ucr毕业证书)美国加州大学河滨分校毕业证研究生文凭证书原版一模一样
哪里购买(ucr毕业证书)美国加州大学河滨分校毕业证研究生文凭证书原版一模一样哪里购买(ucr毕业证书)美国加州大学河滨分校毕业证研究生文凭证书原版一模一样
哪里购买(ucr毕业证书)美国加州大学河滨分校毕业证研究生文凭证书原版一模一样
a0pr7yf1
 
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
➒➌➍➑➊➑➏➍➋➒ Sattamatka satta matka sattamatka results
➒➌➍➑➊➑➏➍➋➒ Sattamatka satta matka sattamatka results➒➌➍➑➊➑➏➍➋➒ Sattamatka satta matka sattamatka results
➒➌➍➑➊➑➏➍➋➒ Sattamatka satta matka sattamatka results
➒➌➍➑➊➑➏➍➋➒ Satta Matka Satta result marka result
 
Have a Nice Day Scene 3 .pdf
Have a Nice Day Scene 3 .pdfHave a Nice Day Scene 3 .pdf
Have a Nice Day Scene 3 .pdf
ElenaKrasteva9
 
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 

Recently uploaded (20)

SHIVNA SAHITYIKI OCTOBER DECEMBER 2023 II.pdf
SHIVNA SAHITYIKI OCTOBER DECEMBER 2023 II.pdfSHIVNA SAHITYIKI OCTOBER DECEMBER 2023 II.pdf
SHIVNA SAHITYIKI OCTOBER DECEMBER 2023 II.pdf
 
Mr. Brainwash ❤️ Beautiful Girl _ FRANK FLUEGEL GALERIE.pdf
Mr. Brainwash ❤️ Beautiful Girl _ FRANK FLUEGEL GALERIE.pdfMr. Brainwash ❤️ Beautiful Girl _ FRANK FLUEGEL GALERIE.pdf
Mr. Brainwash ❤️ Beautiful Girl _ FRANK FLUEGEL GALERIE.pdf
 
Maryoku_Yummy_Episode_01_Storyboard example_01
Maryoku_Yummy_Episode_01_Storyboard example_01Maryoku_Yummy_Episode_01_Storyboard example_01
Maryoku_Yummy_Episode_01_Storyboard example_01
 
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka Kalyan Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka Kalyan Matka➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka Kalyan Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka Kalyan Matka
 
The Evolution and Impact of Hip Hop a cultural and artistic
The Evolution and Impact of Hip Hop a cultural and artisticThe Evolution and Impact of Hip Hop a cultural and artistic
The Evolution and Impact of Hip Hop a cultural and artistic
 
Matka Guessing Satta Matta Matka Kalyan Chart Indian Matka Dpboss
Matka Guessing Satta Matta Matka Kalyan Chart Indian Matka DpbossMatka Guessing Satta Matta Matka Kalyan Chart Indian Matka Dpboss
Matka Guessing Satta Matta Matka Kalyan Chart Indian Matka Dpboss
 
Kalyan chart DP boss guessing matka number
Kalyan chart DP boss guessing matka numberKalyan chart DP boss guessing matka number
Kalyan chart DP boss guessing matka number
 
Satta matka guessing matka Kalyan chart
Satta matka guessing matka Kalyan chartSatta matka guessing matka Kalyan chart
Satta matka guessing matka Kalyan chart
 
ARNAUVALERY RECORD STORE SCAVENGER HUNT.
ARNAUVALERY RECORD STORE SCAVENGER HUNT.ARNAUVALERY RECORD STORE SCAVENGER HUNT.
ARNAUVALERY RECORD STORE SCAVENGER HUNT.
 
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
 
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
 
VTV FULL SCRIPT ------------------------
VTV FULL SCRIPT ------------------------VTV FULL SCRIPT ------------------------
VTV FULL SCRIPT ------------------------
 
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing
 
A Brief Introduction About Hanying Chen_
A Brief Introduction About Hanying Chen_A Brief Introduction About Hanying Chen_
A Brief Introduction About Hanying Chen_
 
Call Girls Ahmedabad 7426014248 Independent Call Girl Service Ahmedabad
Call Girls Ahmedabad 7426014248 Independent Call Girl Service AhmedabadCall Girls Ahmedabad 7426014248 Independent Call Girl Service Ahmedabad
Call Girls Ahmedabad 7426014248 Independent Call Girl Service Ahmedabad
 
哪里购买(ucr毕业证书)美国加州大学河滨分校毕业证研究生文凭证书原版一模一样
哪里购买(ucr毕业证书)美国加州大学河滨分校毕业证研究生文凭证书原版一模一样哪里购买(ucr毕业证书)美国加州大学河滨分校毕业证研究生文凭证书原版一模一样
哪里购买(ucr毕业证书)美国加州大学河滨分校毕业证研究生文凭证书原版一模一样
 
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
 
➒➌➍➑➊➑➏➍➋➒ Sattamatka satta matka sattamatka results
➒➌➍➑➊➑➏➍➋➒ Sattamatka satta matka sattamatka results➒➌➍➑➊➑➏➍➋➒ Sattamatka satta matka sattamatka results
➒➌➍➑➊➑➏➍➋➒ Sattamatka satta matka sattamatka results
 
Have a Nice Day Scene 3 .pdf
Have a Nice Day Scene 3 .pdfHave a Nice Day Scene 3 .pdf
Have a Nice Day Scene 3 .pdf
 
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
➒➌➎➏➑➐➋➑➐➐ Satta Matka Dpboss Matka Guessing Indian Matka
 

20-most-common-casb-use-cases-2-.pdf

  • 2. 2 As people and organizations adopt cloud services, Cloud Access Security Brokers (CASBs) have become a must-have for any information security team. CASBs provide critical capabilities such as governing access and activities in sanctioned and unsanctioned cloud services, securing sensitive data and preventing its loss, and protecting against internal and external threats. In short, CASBs enable organizations to extend their information protection policies and programs from their on-premises infrastructure and applications to the cloud. For organizations that are considering deploying CASB, it’s useful to consider the specific use cases they’re likely to address within these broad topic areas as they inform functional and architectural requirements. Here’s a list of the 20 most common CASB use cases.
  • 3. 3 Govern access to Office 365 and other cloud services by device ownership class Monitor privileged accounts and prevent unauthorized activity in IaaS instances Monitor or control users’ activities within Collaboration or Social Media without blocking those services Monitor or control advanced or cross-service activities in real time Protect against password email abuse Monitor or control users’ activities even when they are accessing cloud services from a mobile or desktop app or sync client Prevent data exfiltration from an IT-led to any cloud service Enforce different policies for personal and corporate instances of the same cloud service Monitor sensitive data in Amazon S3 buckets Enforce an activity- or data- level policy across a category of cloud services Enforce conditional activity- level policies Enforce layered policies that include a “base” and “exception” policy Apply encryption based on conditional factors Find and protect sensitive data embedded in images Block or remediate malware in IT-led and en route to/from business-led cloud services Detect and alert on user login anomalies Detect anomalies such as excessive downloads, uploads, or sharing within both IT-led and business-led services Block and quarantine zero-day malware in the cloud Recover from cloud-based ransomware infections Prevent data infiltration involving new employees GOVERN USAGE ..........................7 ................6 ............................................15 ....................4 .......................9 ....................................................5 ...............................8 .........................16 .....................................10 ........................................12 ................................13 ..............................14 ...........................18 ..........................19 ......................20 ...................................21 .......................11 ................................................17 .........................................22 ..........................................23 SECURE DATA PROTECT AGAINST THREATS
  • 4. 4 SECURE DATA Prevent data exfiltration from an IT-led to any cloud service For example, prevent the download of confidential content from a corporate-IT-led service such as Salesforce, Box, or even AWS S3 to a personal Dropbox or other file sharing service Functional Requirements ▸ ▸ See and control usage in both IT-led and business-led services ▸ ▸ Detect sensitive data, e.g., “confidential” ▸ ▸ Identify all unique content in motion and track its movement ▸ ▸ Be aware of context, e.g., activities such as “upload” and “download” ▸ ▸ Correlate users’ identities (e.g., bob@netskope.com = bob123@yahoo.com = bobaran@gmail.com) ▸ ▸ Differentiate between internal and external domains ▸ ▸ Know corporate vs. personal accounts ▸ ▸ Recognize and enforce differing policies between service instances, e.g., corporate and personal ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction ▸ ▸ Surface data exfiltration activities in a user interface that is easy to understand Deployment Requirements ▸ ▸ Forward proxy (monitor and control) 1
  • 5. 5 SECURE DATA Enforce different policies for personal and corporate instances of the same cloud service For example, prevent the upload of regulated information (such as that beholden to FISMA, NERC, or PCI) to any Dropbox EXCEPT for the corporate- IT- led instance of Dropbox Functional Requirements ▸ ▸ Detect sensitive data, e.g., data beholden to FISMA, NERC, or PCI ▸ ▸ Be aware of context, e.g., activities such as “upload” and “download” ▸ ▸ Know corporate vs. personal accounts ▸ ▸ Recognize and enforce differing policies between service instances, e.g., corporate and personal ▸ ▸ See and control usage in both IT-led and business-led services ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ Forward proxy (monitor and control) 2
  • 6. 6 PROTECT AGAINST THREATS Block or remediate malware in IT-led and en route to/ from business-led cloud services For example, detect, quarantine, and block malware being downloaded from any cloud service in real time Functional Requirements ▸ ▸ Inspect, detect, block, and remediate malware in IT-led cloud services ▸ ▸ Inspect, detect, block, and remediate malware en route to/from business-led cloud services ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ API (IT-led only) ▸ ▸ Forward proxy ▸ ▸ Reverse proxy (IT-led only, browser only) 3
  • 7. 7 GOVERN USAGE Functional Requirements ▸ ▸ Understand different authentication protocols and federated identity across Office 365 and other cloud services ▸ ▸ Enforce access and activity policies based on device attributes, including classification of “managed” and “unmanaged” ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction (for forward proxy) Deployment Requirements ▸ ▸ Forward proxy ▸ ▸ Reverse proxy (IT-led only, browser only) Govern access to Office 365 and other cloud services by device ownership class For example, offer web-based email access only to a BYOD device but full suite access to a corporate one 4
  • 8. 8 SECURE DATA Monitor sensitive data in Amazon S3 buckets For example, alert when PCI data is discovered in AWS S3 buckets Functional Requirements ▸ ▸ Cloud DLP that can scan S3 buckets ▸ ▸ Specify all or individual S3 buckets ▸ ▸ Incident management workflow Deployment Requirements ▸ ▸ API (IT-led only) 5
  • 9. 9 GOVERN USAGE Monitor privileged accounts and prevent unauthorized activity in IaaS instances For example, disallow creation, edit, or delete of cloud instances, “buckets,” or “clusters” Functional Requirements ▸ ▸ Be aware of context, e.g., activities such as “create” and “edit” and objects such as “instances” and “buckets” ▸ ▸ Determine identity and control usage by user, group, and other enterprise directory attributes ▸ ▸ See and control usage in both IT-led and business-led services ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ API (IT-led only) ▸ ▸ Forward proxy 6
  • 10. 10 SECURE DATA Functional Requirements ▸ ▸ Be aware of context, e.g., activities such as “upload” and “download” ▸ ▸ Correlate users’ identities (e.g., bob@netskope. com = bob123@yahoo.com = bobaran@gmail. com) ▸ ▸ See and control usage in both IT-led and business- led services ▸ ▸ Integrate with enterprise directory to enforce policies at a group or organizational unit level ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ Forward proxy Enforce an activity- or data-level policy across a category of cloud services For example, block the download of personally-identifiable information (PII) from ANY HR service if the user is outside of the HR team 7
  • 11. 11 GOVERN USAGE Functional Requirements ▸ ▸ Integrate CASB with directory services to focus policy on a specific group, e.g., Investment Banking ▸ ▸ Be aware of context, e.g., activities such as “view,” “post,” and “create” ▸ ▸ See and control usage in both IT-led and business-led services ▸ ▸ Detect data violations using advanced DLP features including regular expressions, custom keyword dictionaries, and Boolean operators to focus on specific risky activities (e.g., for FINRA) or to set policies for a specific group (e.g., Finance) ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ Forward proxy (monitor and control) Monitor or control users’ activities within Collaboration or Social Media without blocking those services For example, block any financial employee from posting “guarantee” or “recommend” alongside a stock ticker or company name on any Collaboration or Social Media service like Slack or Twitter to comply with FINRA and other regulations 8
  • 12. 12 SECURE DATA Functional Requirements ▸ ▸ Be aware of context, e.g., activities such as “share” ▸ ▸ See and control usage in both IT-led and business- led services ▸ ▸ Differentiate between internal and external domains ▸ ▸ Enforce “set-it-once” policies across categories of services ▸ ▸ Detect and enforce policies by IP address, network location, or geolocation ▸ ▸ Integrate with enterprise directory to enforce policies at a group or organizational unit level ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ Forward proxy ▸ ▸ Reverse proxy (IT-led only, browser only) Enforce conditional activity-level policies For example, block the sharing of content by a corporate ‘insider’ with anyone outside of the organization from ANY Cloud Storage service if it is the organization’s financial reporting quiet period 9
  • 13. 13 SECURE DATA Functional Requirements ▸ ▸ Support for policies with “allow” and “block” actions ▸ ▸ Support for category-level policies ▸ ▸ Differentiate between instances of cloud services Deployment Requirements ▸ ▸ Forward proxy ▸ ▸ Reverse proxy (IT-led only, browser only) Enforce layered policies that include a “base” and “exception” policy For example, prevent the upload of confidential data to ANY Cloud Storage service except corporate IT- led Google Drive 10
  • 14. 14 SECURE DATA Functional Requirements ▸ ▸ Be aware of context, e.g., activities such as “upload” ▸ ▸ See and control usage in both IT-led and business- led services ▸ ▸ Apply strong encryption to sensitive content with enterprise key management ▸ ▸ Integrate with KMIP-compliant, on-premises key manager ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ Forward proxy ▸ ▸ Reverse proxy (IT-led only, browser only) Apply encryption based on conditional factors For example, apply strong encryption with enterprise key management to confidential intellectual property such as next- generation product designs 11
  • 15. 15 PROTECT AGAINST THREATS Functional Requirements ▸ ▸ Correlate users’ identities (e.g., bob@netskope.com = bob123@yahoo.com = bobaran@gmail.com) ▸ ▸ See usage in both IT-led and business-led services ▸ ▸ Use machine learning to detect cloud behavior anomalies ▸ ▸ Detect IP addresses, network location, or geo- location ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ API (IT-led only) ▸ ▸ Reverse proxy (IT-led only, browser only) ▸ ▸ Forward proxy Detect and alert on user login anomalies For example, detect users logging into a cloud service from two different locations with the same credentials, indicating a potentially compromised account 12
  • 16. 16 PROTECT AGAINST THREATS Functional Requirements ▸ ▸ Be aware of context, e.g., activities such as “download” and “share” ▸ ▸ See and control usage in both IT-led and business- led services ▸ ▸ Use machine learning and rules to detect anomalies that could signal risky behavior, non-compliance, data exposure, or even malware ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ API (IT-led only) ▸ ▸ Forward proxy ▸ ▸ Reverse proxy (IT-led only, browser only) Detect anomalies such as excessive downloads, uploads, or sharing within both IT-led and business-led services For example, detect excessive download of sensitive customer data from Salesforce 13
  • 17. 17 GOVERN USAGE Functional Requirements ▸ ▸ Be aware of context, e.g., activities such as “edit,” “sync,” and “save” ▸ ▸ See and control usage in both IT-led and business-led (including ecosystem) apps ▸ ▸ Identify and control integration with ecosystem services ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ Forward proxy (monitor and control) 17 Monitor or control advanced or cross-service activities in real time For example, “Edit in Box,” “Save to Dropbox” from Slack, or enforce which services can integrate and share data with your G Suite 14
  • 18. 18 PROTECT AGAINST THREATS Functional Requirements ▸ ▸ Cloud DLP with OCR (Optical Character Recognition) capability ▸ ▸ Ability to scan IT-led cloud services with OCR- supported cloud DLP ▸ ▸ Ability to apply OCR to cloud traffic to and from business-led cloud services Deployment Requirements ▸ ▸ API (IT-led only) ▸ ▸ Forward proxy ▸ ▸ Reverse proxy (IT-led only, browser only) Find and protect sensitive data embedded in images For example, find and stop patient data embedded in an x-ray image being uploaded to a personal cloud servicecloud service 15
  • 19. 19 PROTECT AGAINST THREATS Functional Requirements ▸ ▸ Support for cloud-based inspection with dynamic analysis using a cloud-based sandbox ▸ ▸ Support for multiple threat intelligence mechanisms including external and internal ▸ ▸ Support quarantine workflows that are malware- centric Deployment Requirements ▸ ▸ API (IT-led only) ▸ ▸ Forward proxy ▸ ▸ Reverse proxy (IT-led only, browser only) Block and quarantine zero-day malware in the cloud For example, detect and quarantine new strains of malware present in IT-led cloud services and block this type of malware en route to and from business-led cloud services 16
  • 20. 20 PROTECT AGAINST THREATS Functional Requirements ▸ ▸ Use 70 different signals to identify unauthorized encryption ▸ ▸ Integration with cloud storage apps like OneDrive to enable “roll-back” functionality ▸ ▸ A streamlined UI to enable an intuitive workflow for rolling back infected content to pre-infected state Deployment Requirements ▸ ▸ API (IT-led only) ▸ ▸ Recover from cloud-based ransomware infections For example, alert when a ransomware infection has taken place and provide a seamless workflow to recover from the infection 17
  • 21. 21 PROTECT AGAINST THREATS Functional Requirements ▸ ▸ Integrate “new employee” policy with enterprise directory ▸ ▸ Use custom keyword dictionary to delineate sensitive competitor documents ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ API (IT-led only) ▸ ▸ Forward proxy ▸ ▸ Reverse proxy (IT-led only, browser only) ▸ ▸ ▸ ▸ Prevent data infiltration involving new employees For example, block new employees from uploading confidential data from their previous employer to their new company’s IT-led cloud service 18
  • 22. 22 GOVERN USAGE Functional Requirements ▸ ▸ Cloud DLP with custom keyword dictionaries to incorporate any variation of keyword that may signal that a password is being shared ▸ ▸ Cloud DLP support for business-led webmail accounts (hundreds) ▸ ▸ Support for category-level policies with specific support for webmail ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction Deployment Requirements ▸ ▸ Forward proxy ▸ ▸ Reverse proxy (IT-led only, browser only) ▸ ▸ ▸ ▸ Protect against password email abuse For example, block passwords being sent via any webmail app 19
  • 23. 23 GOVERN USAGE Functional Requirements ▸ ▸ Inspect and control cloud traffic even when it originates from a mobile or desktop app or sync client ▸ ▸ See and control usage in both IT-led and business-led services ▸ ▸ Enforce policy action such as block, coach, or justify in real time ▸ ▸ Decrypt SSL and decode the unpublished API to understand the transaction (for forward proxy) Deployment Requirements ▸ ▸ Forward proxy (monitor and control) ▸ ▸ ▸ ▸ Monitor or control users’ activities (even when they are accessing cloud services from a mobile or desktop app or sync client) For any of the real-time use cases that require a forward proxy, support should be extended to mobile apps, desktop apps, and sync clients 20
  • 24. ©2018 Netskope, Inc. All rights reserved. Netskope is a registered trademark and Netskope Active, Netskope Discovery, Cloud Confidence Index, and SkopeSights are trademarks of Netskope, Inc. All other trademarks are trademarks of their respective owners. 01/18 EB-198-1 GOVERN USAGE SECURE DATA PROTECT AGAINST THREATS ▸ ▸ Monitor or control users’ activities even when they are accessing cloud services from a mobile or desktop app or sync client ▸ ▸ Govern access to Office 365 and other cloud services by device ownership class ▸ ▸ Monitor privileged accounts and prevent unauthorized activity in IaaS instances ▸ ▸ Monitor or control users’ activities within Collaboration and Social Media without blocking those services ▸ ▸ Monitor or control advanced or cross-service activities in real time ▸ ▸ Prevent data exfiltration from a sanctioned to an unsanctioned service ▸ ▸ Enforce different policies for personal and corporate instances of the same cloud service ▸ ▸ Enforce an activity- or data-level policy across a category of services ▸ ▸ Enforce conditional activity- level policies ▸ ▸ Enforce layered policies that include a “base” and “exception” policy ▸ ▸ Apply encryption based on conditional factors ▸ ▸ Block or remediate malware in sanctioned and en route to/from unsanctioned cloud services, even in mobile and desktop apps and sync clients ▸ ▸ Detect and alert on user login anomalies ▸ ▸ Detect anomalies such as excessive downloads, uploads, or sharing, within both sanctioned and unsanctioned services ▸ ▸ Prevent data infiltration involving new employees