SlideShare a Scribd company logo

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report

Iftikhar Ali Iqbal
Iftikhar Ali Iqbal

This document is a sample report on the POC (proof of concept) document of MVISION Cloud (MVC), McAfee's Cloud Access Security Broker (CASB) solution - formerly Skyhigh Networks. It includes the following: - MVISION Cloud (MVC) Overview - MVISION Cloud (MVC) Architecture - MVISION Cloud (MVC) for Shadow IT -- Observations and Recommendations - MVISION Cloud (MVC) for Sanctioned SaaS -- Observations and Recommendations - MVISION Cloud (MVC) for Sanctioned IaaS -- Observations and Recommendations - End User Experience - Administrator Experience Goes well with the MVC POC document uploaded. Please note all the information is based prior to July 2019.

Technology
1 of 58
Download to read offline
McAfee MVISION Cloud Cloud Access Security Broker (CASB) Iftikhar Ali Iqbal, CISSP, CCSP, CISM https://www.linkedin.com/in/iftikhariqbal/ Valid till July 2019
2 AGENDA Target Partners & RTM 1 2 3 Company Overview & Strategy MVISION Cloud Proof Of Concept (POC) Observations 4 Proof Of Concept (POC) Recommendations
OVERVIEW Company and Portfolio
4 MCAFEE: OVERVIEW • Founded in 1987 • Headquartered in California, United States • Provides Software and Services • Focus is on Consumer and Enterprise Security • 125,000+ Corporate Customers • 120 Countries • 217+ Innovation Alliance Partners • 800+ Security Patents • Solution Offering: • Cloud Security • Device Security • Network Security • Data Protection and Encryption • Intelligent Security Operations • Service Offering: • Technical Support • Professional Services • Education
5 Portfolio Strategy An Integrated And Open Security System Threat Defense Lifecycle Together, Is Far More Powerful Than Sum Of The Parts SECURITY OPERATIONS DEVICE CLOUD MANAGEMENT THREAT INTELLIGENCE ANALYTICS AUTOMATION / ORCHESTRATION INFRASTRUCTURE MCAFEE: STRATEGY
MVISION CLOUD Cloud Access Security Broker (CASB)
7 MVISION CLOUD: CHALLENGES Unmanaged Devices SaaS IaaS/PaaS Enterprise Data Creation and Access in the Cloud Bypasses Existing Network Security Infrastructure#1 Shared Responsibility#2
“Through 2023, at least 99% of cloud security failures will be the customer’s fault.” Steve Riley, Craig Lawson. “Magic Quadrant for Cloud Access Security Brokers.” Gartner, 29 October 2018. “CASB is a required security platform for organizations using cloud services...” Craig Lawson, Neil MacDonald, Brian Lowans. “Market Guide for Cloud Access Security Brokers.” Gartner, 22 October 2015.
9 MVISION CLOUD: THREAT LANDSCAPE McAfee Discovers Knock Knock Hacker Exploiting Compromised Admin Account to hack into Office 365 McAfee Discovers Ghost Writer – S3 Buckets Configured for Write Access open up Customers to Major Vulnerabilities
10 Unmanaged Devices SaaS IaaS/PaaS MVISION Cloud No User Friction Complete Visibility and Policies Across Multiple Cloud Services Real Time Complete Coverage § Data at rest § Data uploaded/downloaded § Data created in cloud § Shared Cloud-to-cloud § Certificate pinned apps MVISION CLOUD: OVERVIEW SHADOW IT PUBLIC API, M CAFEE API PUBLIC API SIEM
11 ThirdPartyIntegration(DXL) Platform Extensibility Visibility Data Security Compliance Threat Protection Common Security Services IaaS and PaaS—Custom AppsSaaS CASB Connect—APIs Long-tail SaaS CASB Proxy—Workload Security Lift-and-shift Custom Apps MVISION CLOUD: THE PLATFORM
12 MVISION CLOUD: TRUSTED PLATFORM
13 NOTE: As of January 2018, MVISION Cloud (Skyhigh Networks) is the now part of McAfee. • Overall Leadership • Innovation Leadership • Market Leadership MVISION CLOUD: QUINTUPLE LEADERSHIP + COMMENDATION
PROOF OF CONCEPT (POC) Objectives
15 POC: REQUIREMENTS VISIBILITY Through Shadow IT discovery, provide a consolidated view of the organization’s cloud service landscape, and details about the users who access data in cloud services from any device or location. Furthermore, it should also provide a cloud service security rating database to check attributes of trustworthiness and associated risks of a Cloud Service Provider (CSP). Enforce Data Loss Prevention policies to prevent unwanted activity based on data discovery, data classification, user groups and collaboration to Sanctioned Software as a Service (SaaS). Controls such as quarantine, block, revocation, delete and view only. DATA SECURITY Demonstrate Governance of usage of cloud services across Sanctioned Software as a Service (SaaS) and Infrastructure as a Services (IaaS). Visibility, control and reporting mechanism should incorporate internal policies, best practices, security standards and regulatory compliance requirements. COMPLIANCE Prevent unmanaged devices and users from accessing cloud services by providing Access Controls. Furthermore, provide detailed Activity Monitoring with embedded user and entity behavior analytics (UEBA) for identifying anomalous behavior. These should be available for Sanctioned Software as a Service (SaaS) and Infrastructure as a Services (IaaS). THREAT PROTECTION
PROOF OF CONCEPT (POC) Shadow IT - Objectives
17 POC: SHADOW IT Discover Cloud Services Discover all SaaS, PaaS, IaaS, and custom applications in use and visually summarizes traffic patterns, access count, and usage over time. Data Center Provide a risk rating for each service based on attributes and be able to modify attribute and weights and add custom attributes to generate personalized ratings. Risk-based Score SaaS IaaS/PaaS Provide a workflow to automatically or manually classify services based on risk criteria and enforces acceptable use policies through coaching and/or blocking (out of scope). Cloud Service Governance Have a clickable drilldown to navigate from service-level upload statistics to granular user-level and event-level statistics with a complete activity feed for additional context. Activity Drilldown Detect if perimeter security allowed high risk services to operate and provide recommendations to close gaps. Cloud Enforcement Gap Analysis LMH 1 TB 970 GB 854 GB Cloud Storage IT Services Cloud StorageDevelopmentCollaboration
PROOF OF CONCEPT (POC) Shadow IT - Observations
19 POC: EXECUTIVE SUMMARY April 26 to May 16 2019 179 Services used with known vulnerability 40 High Risk Services of 2,286 Total Services 75 Services need additional controls Total Data to High Risk Services 6.8 GB Total Services 2,286 Users of High Risk Services 102 Access Attempts to High Risk Services 164.9 K
20 POC: HIGH RISK SERVICES April 26 to May 16 2019 40 High Risk Services of 2,286 Total Services 2 Partially Allowed 5.9 GB Uploaded to Cloud Storage 38 Completely Allowed Inconsistent Egress Policies High Risk Services Allowed by your Perimeter Security 0 Completely Denied bilibili Collaboration 8 WikiSend Cloud Storage 7 18 File Sharing Services Total Data to High Risk Services 6.8 GB Total Services 2,286 Users of High Risk Services 102 Access Attempts to High Risk Services 164.9 K
21 POC: VULNERABLE SERVICES April 26 to May 16 2019 179 Services used with known vulnerability 4 DROWN 0 Heartbleed 4 FREAK/Logjam 141 Cloudbleed 30 POODLE Allows remote attackers to obtain sensitive information Makes it easier for man- in-the-middle attackers to obtain cleartext data Man-in-the-middle attack that could break the security of any website Makes it easier for remote attackers to decrypt TLS ciphertext data Affecting Cloudflare's reverse proxies, which caused their edge servers to return their customer’s sensitive information. Total Data to High Risk Services 6.8 GB Total Services 2,286 Users of High Risk Services 102 Access Attempts to High Risk Services 164.9 K
22 POC: ADDITIONAL CONTROL REQUIREMENTS April 26 to May 16 2019 75 Services need additional controls Total Data to High Risk Services 6.8 GB Total Services 2,286 Users of High Risk Services 102 Access Attempts to High Risk Services 164.9 K
23 62 High Risk GDPR of 2,286 Total Services 56 Anonymous Use of 2,286 Total Services POC: HIGH RISK SERVICES BY CATEGORY April 26 to May 16 2019 6.9 GB313 57.1 K 6 Breached in 1 Year of 2,286 Total Services 8 High Risk Collaboration of 2,286 Total Services 0 High Risk IaaS of 2,286 Total Services 12 High Risk Cloud Storage of 2,286 Total Services 38.7 GB794 133.5 K 409.3 GB1,017 1.9 M 5.9 GB31 77 K 237 MB10 619 0 GB0 0 Data TransferredUsers Access Attempts
24 39 Approved McAfee CT of 2,286 Total Services POC: LOW RISK SERVICES BY CATEGORY April 26 to May 16 2019 57 Approved CSA Star of 2,286 Total Services 48 Low Risk Collaboration of 2,286 Total Services 3 Low Risk IaaS of 2,286 Total Services 12 Low Risk Cloud Storage of 2,286 Total Services 2.6 TB39 3.7 M 4.2 TB1,071 5.8 M 1.8 TB1,016 9.1 M 687.8 MB18 4.8 K 8.3 TB1,148 15.2 M Data TransferredUsers Access Attempts
25 POC: LOW RISK SERVICES COMPARISION April 26 to May 16 2019 48 Low Risk Collaboration 3 Low Risk IaaS 12 Low Risk Cloud Storage Services compared have been provided based on several validations made by the McAfee CloudTrust Program and/ or Cloud Security Alliance’s Security Trust Assurance and Risk (STAR) Program. Furthermore, McAfee MVISION Cloud provides discovery and various protection controls across these recommended services for your organization. MVISION Cloud for Box MVISION Cloud for Microsoft Office 365 MVISION Cloud for Slack MVISION Cloud for Exchange Online MVISION Cloud for Amazon Web Services (AWS)
26 POC: UNMATCHED SERVICES April 26 to May 16 2019 3,876 Unmatched Services of 6,162 Total Services 23 GB Uploads to thepiratebay.se 51.8 GB Unmatched Uploads of 2.2518 TB Total Upload Data 6.5 GB Uploads to 74.112.184.85 7.2 GB Uploads to 74.112.185.182 Unmatched Services 824 intranet.rks.com Unmatched Services 735rks-usw.accesscontrol.windows.net Unmatched Services 653 show.rks.com Unmatched Services 474 p.rfihub.com Unmatched Services 462 sync.adaptv.advertising.com URL STATUS CATEGORIZATION REPUTATION http://thepiratebay.se Categorized URL Potential Illegal Software Unverified http://74.112.185.182 Categorized URL Internet Services Minimal Risk http://74.112.184.85 Categorized URL Personal Network Storage Minimal Risk http://intranet.rks.com Categorized URL Blogs/Wiki Minimal Risk http://rks-usw.accesscontrol.windows.net Categorized URL Software/Hardware Minimal Risk http://show.rks.com Categorized URL Blogs/Wiki Minimal Risk http://sync.adaptv.advertising.com Categorized URL Internet Services Minimal Risk http://p.rfihub.com Categorized URL Content Server Minimal Risk Categorization information based on McAfee Web Gateway 7.x Customer URL Ticketing System* *For more information you can visit https://www.trustedsource.org/en/feedback/url or McAfee Threat Center (https://www.mcafee.com/enterprise/en-us/threat-center.html)
PROOF OF CONCEPT (POC) Shadow IT - Recommendations
28 Vulnerable Services • Find out who's using these services, and what information was shared with them. • Coach employees on lower-risk sanctioned or permitted alternatives. Additional Control Requirements • Although some services have a severity of medium or low risk, they would require additional control based on risky attributes. • Use the risk-based scoring of cloud services to identify them and assess them as per your risk appetite. Low Risk Services • Compare known good services that can be easily adopted by the organization for less user friction and with security controls • Validations can be made via the McAfee CloudTrust Program and/ or Cloud Security Alliance’s Security Trust Assurance and Risk (STAR) Program. • Discovery and various protection controls can be provided by MVISION Cloud for Sanctioned SaaS/IaaS. High Risk Services • Block high risk services, and coach your employees to use lower-risk sanctioned or permitted alternatives. • Ensure acceptable use governance policies are fully enforced by existing SWGs/NGFWs, and to ensure that there is no proxy leakage. Comprehensive Approach • Integrate with Active Directory to gather additional context of which cloud services are used based on users, departments, locations, etc. • Integrate with existing SWGs/NGFWs to enforce real-time governance policies by ensuring no proxy leakage. • With McAfee Web Gateway (MWG)’s, auto-classification of High Risk services by MVISION Cloud can be used to provide Closed Loop Remediation (CLR). POC: RECOMMENDATIONS
29 POC: EXECUTIVE SUMMARY (+21 Days) April 26 to Jun 6 2019 179 Services used with known vulnerability 47 High Risk Services of 2,313 Total Services 75 Services need additional controls Total Data to High Risk Services 35.5 GB Total Services 2,313 Users of High Risk Services 129 Access Attempts to High Risk Services 295.6 K +27 +28.7 GB +130.7 K+27 +7
PROOF OF CONCEPT (POC) Sanctioned SaaS - Objectives
31 POC: SANCTIONED SAAS Data Loss Prevention Discover & prevent sensitive data from being stored in Sanctioned SaaS. Prevent sharing of sensitive data with unauthorized parties.Collaboration Control Gain visibility into Sanctioned SaaS usage and accelerate post-incident forensic investigations by capturing a comprehensive audit trail of all activity (out of scope). Activity Monitoring Protect corporate data from unauthorized access by enforcing granular, context-aware access policies such as preventing download of sensitive data from Sanctioned SaaS to unmanaged devices. Access Control Automatically build models of typical user behavior and identifies behavior that may be indicative of a threat, such as Insider Threats, Compromised Accounts and Privileged User Threats. User Behavior Analytics Malware Detection Block known malware signatures, sandbox suspicious files, and identify behavior indicative of malware data exfiltration or ransomware activity (out of scope). Incident Management Response Provide a unified interface to triage, resolve incidents and response through autonomous remediation
PROOF OF CONCEPT (POC) Sanctioned SaaS - Observations
33 POC: EXECUTIVE SUMMARY May 22 to Jun 5 2019 Services 4 Microsoft Exchange Online Microsoft OneDrive Microsoft SharePoint Online Google Drive Data Loss Prevention 84 Activity Monitoring 948 Cloud Access Control 354 840 – O365 108 – G Suite of 948 Activities 351 – O365 3 – G Suite of 354 Access Violations 58 – OneDrive 12 – SharePoint 5 – Exchange 9 – Google Drive of 84 Policy Violations
34 46 LOGIN SUCCESS 43 DATA UPLOAD 643 SERVICE USAGE POC: ACTIVITY MONITORING 0 ANOMALIES 5 DATA DELETE 64 DATA ACCESS 1 DATA UPDATE 7 DATA SHARING iai@iaispace.com 189 actions Services Data Loss Prevention 84 Activity Monitoring 948 Cloud Access Control 3544 May 22 to Jun 5 2019 Microsoft Exchange Online Microsoft OneDrive Microsoft SharePoint Online Google Drive 11 DATA UPDATES 42 DATA DOWNLOAD 840 – O365 108 – G Suite of 948 Activities 88 ADMINISTRATION iai@iairecord.com 98 actions 7 – O365 4 – G Suite of 11 users
35 POC: CLOUD ACCESS CONTROL 127 High Severity of 354 Access Violations 127H 0M 224L 20 Times Unmanaged Devices Used to Access Desktop17 Mobile3 11 Download Attempts on Unmanaged Devices Desktop9 Mobile2 Services Data Loss Prevention 84 Activity Monitoring 948 Cloud Access Control 3544 May 22 to Jun 5 2019 Microsoft Exchange Online Microsoft OneDrive Microsoft SharePoint Online Google Drive 351 – O365 3 – G Suite of 354 Access Violations 0H 0M 3L
36 POC: DATA LOSS PREVENTION 74 High Severity of 84 Incidents 74H 10M 0L OneDrive 49 31 Invited Collaborators Of 84 Incidents Enabled Shared Link5 Email5 Modified31 Invited Collaborators31 Services Data Loss Prevention 84 Activity Monitoring 948 Cloud Access Control 3544 May 22 to Jun 5 2019 Microsoft Exchange Online Microsoft OneDrive Microsoft SharePoint Online Google Drive 58 – OneDrive 12 – SharePoint 5 – Exchange 9 – Google Drive of 84 Policy Violations On-Demand Scan3 Uploaded7 Role Change of Collaborators2
37 POC: CONNECTED APPS May 22 to Jun 5 2019 7 Applications Blocked1 Allowed1 Under Audit1 Unassigned4
PROOF OF CONCEPT (POC) Sanctioned SaaS - Recommendations
39 Data Loss Prevention • Prevent unauthorized data from being collaborated on except for trusted partners with specific permission levels. • Discover and prevent regulated and high-value data from being stored in cloud services using content and context based rules. Access Control • Block downloads of data to unauthorized (unmanaged/personal) devices by performing certificate checks. • You can also block access to cloud services from unauthorized devices or view but no download policy. Activity Monitoring • Detect compromised accounts and insider/privileged user threats by leveraging machine learning which builds user behavior models. • Cross-reference activities across various cloud services in order detect anomalies + incorporate false positive feedback. • Capture an audit trail of all user activity (automatically categorized) with geolocation analytics for forensic investigation. Data Classification • Data owned by the organization and who is the data owner • How the data is being created, where is it being stored, how is it used and collaborated and with whom. • Helps understand if there are any regulatory compliance or jurisdictional requirements associated with the data. Comprehensive Approach • Integrate with Active Directory to enforce user or group-based policies based on user and custom attributes. • For Data Loss Prevention, integrate with on-premise DLP for complete coverage. • Integrate with SIEM via syslog to populate policy violations. POC: RECOMMENDATIONS
PROOF OF CONCEPT (POC) Sanctioned IaaS - Objectives
41 POC: SANCTIONED IAAS Security Configuration and Compliance Audit Audit and monitor the security configurations of all your IaaS services to detect and correct misconfigurations to reduce risk and comply with internal/external policies. Gain visibility into usage across managed and unmanaged IaaS accounts and accelerate post-incident forensic investigations by capturing a comprehensive audit trail of all activity. Activity Monitoring Prevent unauthorized regulated data from being stored in IaaS storage services.Data Loss Prevention Automatically build models of typical user behavior and identifies behavior that may be indicative of a threat, such as Insider Threats, Compromised Accounts and Privileged User Threats. User Behavior Analytics Malware Detection Block known malware signatures, sandbox suspicious files, and identify behavior indicative of malware data exfiltration or ransomware activity (out of scope). Incident Management Response Provide a unified interface to triage, resolve incidents and response through autonomous remediation
PROOF OF CONCEPT (POC) Sanctioned IaaS - Observations
43 POC: EXECUTIVE SUMMARY May 22 to May 30 2019 Data Loss Prevention 7 Activity Monitoring 1,448 Services 2 Amazon Web Services Microsoft Azure Security Configuration Audit 160 0 – AWS 7 – Azure of 7 Policy Violations 1,353 – AWS 97 – Azure of 1,448 Activities 146 – AWS 14 – Azure of 160 Audit Violations
44 POC: ACTIVITY MONITORING May 22 to May 30 2019 Data Loss Prevention 7 Activity Monitoring 1,448 Services 2 Amazon Web Services Microsoft Azure Security Configuration Audit 160 1,353 – AWS 97 – Azure of 1,448 Activities 0 ANOMALIES 1 DATA DELETE 5 DATA ACCESS 108 ADMINISTRATION 20 DATA UPDATES 10 USER ACCOUNT CREATION 1,302 SERVICE USAGE 4 LOGIN SUCCESS 3 – AWS 4 – Azure of 7 users iaispace-s3 1,277 actions admin 79 actions
45 POC: SECURITY CONFOGIRATION AUDIT May 22 to May 30 2019 Data Loss Prevention 7 Activity Monitoring 1,448 Services 2 Amazon Web Services Microsoft Azure Security Configuration Audit 160 146 – AWS 14 – Azure of 160 Audit Violations 36 High Severity of 160 Audit Violations 9 Services affected of 9 Total Services 64 Non-compliant with CIS Benchmarks 32H 73M 41L 4H 8M 2L CloudTrail4 S310 IAM11 EC216 Web Services105 Subscriptions2 Storage Accounts2 Network Security Group3 Security Center7 LEVEL 233 LEVEL 128 LEVEL 13
46 POC: DATA LOSS PREVENTION May 22 to May 30 2019 Data Loss Prevention 7 Activity Monitoring 1,448 Services 2 Amazon Web Services Microsoft Azure Security Configuration Audit 160 0 – AWS 7 – Azure of 7 Policy Violations 4 High Severity of 7 Policy Violations 0H 0M 0L 4H 3M 0L
PROOF OF CONCEPT (POC) Sanctioned IaaS - Recommendations
48 Data Loss Prevention • Discover regulated and high-value data from being stored in cloud services using content and context based rules. • Run scheduled on-demand scan to detect violations Security Configuration Audit • Run scheduled on-demand scans to detect security violations and misconfigurations of your cloud services. • Scans based on CIS benchmarks, Security Center (Azure) and McAfee best practices should be reviewed for incidents and remediation steps. Activity Monitoring • Detect compromised accounts and insider/privileged user threats by leveraging machine learning which builds user behavior models. • Cross-reference activities across various cloud services in order detect anomalies + incorporate false positive feedback. • Capture an audit trail of all user activity (automatically categorized) with geolocation analytics for forensic investigation. Data Classification • Data owned by the organization and who is the data owner • How the data is being created, where is it being stored, how is it used and collaborated and with whom. • Helps understand if there are any regulatory compliance or jurisdictional requirements associated with the data. Comprehensive Approach • Integrate with Active Directory to get additional context on users, departments, locations, etc • Integrate with SIEM via syslog to populate policy violations. POC: RECOMMENDATIONS
49 Thank You Iftikhar Ali Iqbal, CISSP, CCSP, CISM https://www.linkedin.com/in/iftikhariqbal/
PROOF OF CONCEPT (POC) Sanctioned SaaS – End User Experience
51 May 19 to May 22 2019 BUSINESS LOGIC SERVICES SharePoint Online, OneDrive, Exchange Online USERS Everyone RULES Redirect Managed Clients (Device Certificates) EXCEPTIONS - RESPONSE Allow Service Activities POC: CLOUD ACCESS CONTROL MVISION Cloud
52 May 19 to May 22 2019 BUSINESS LOGIC SERVICES SharePoint Online, OneDrive, Exchange Online USERS Everyone RULES Unmanaged Clients trying to Download EXCEPTIONS - RESPONSE Block Downloads POC: CLOUD ACCESS CONTROL MVISION Cloud
53 May 19 to May 22 2019 BUSINESS LOGIC SERVICES SharePoint Online, OneDrive USERS Everyone RULES High Severity for Credit Card Data EXCEPTIONS - RESPONSE Quarantine for High Severity | Send Email to User MVISION Cloud POC: DATA LOSS PREVENTION
54 May 19 to May 22 2019 BUSINESS LOGIC SERVICES Exchange Online USERS Everyone RULES High Severity for Credit Card Data | Daily Scan EXCEPTIONS - RESPONSE Monitor for High Severity | Send Email to Admin MVISION Cloud POC: ON-DEMAND SCAN
55 May 19 to May 22 2019 BUSINESS LOGIC SERVICES SharePoint Online, OneDrive USERS Everyone RULES High Severity for Collaborated Confidential (classification) Files EXCEPTIONS - RESPONSE Block for High Severity | Send Email to Admin POC: CONTENT COLLABORATION MVISION Cloud
PROOF OF CONCEPT (POC) Sanctioned IaaS – Admin Experience
57 POC: RECOMMENDATIONS – ACTIVITY MONITORING Monitor the activity of the users within your organization and detect risk trends for the entire organization over time. Break down individual usage over activity, time, users, and role development. Users with administrative access have the greatest access to sensitive data and user information, ensure they have only the necessary access and permissions to perform the required job.
58 POC: RECOMMENDATIONS – SECURITY AUDIT CONFIGURATION Regularly run security audit configuration scans. Review incidents and make remediations based on your requirements such as company security policy, best practices and benchmarks. After taking remediation measures run scan again to ensure that same violations are not being produced. Remediation strategy could be based on resolving High Severity incidents first, resolve all incidents affecting CIS Level benchmarks (High, Medium and Low) or as per organization’s risk appetite. MVISION Cloud provides remediation steps within the incident details.

Recommended

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...Iftikhar Ali Iqbal
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)Iftikhar Ali Iqbal
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWSAmazon Web Services
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security FundamentalsLorenzo Barbieri
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 

Recommended

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...Iftikhar Ali Iqbal
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)Iftikhar Ali Iqbal
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWSAmazon Web Services
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security FundamentalsLorenzo Barbieri
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR ModernizationApache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR ModernizationKai Wähner
 
Empower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMEmpower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMElasticsearch
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsVignesh Ganesan I Microsoft MVP
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and ManagementAllen Brokken
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud SecurityAWS Riyadh User Group
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceVignesh Ganesan I Microsoft MVP
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
 
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...Amazon Web Services
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapDATA SECURITY SOLUTIONS
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
SOC Certification Runbook Template
SOC Certification Runbook TemplateSOC Certification Runbook Template
SOC Certification Runbook TemplateMark S. Mahre
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptxSandeshUprety4
 
Cloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack OverviewCloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack OverviewValdez Ladd MBA, CISSP, CISA,
 
Multi Cloud Architecture Approach
Multi Cloud Architecture ApproachMulti Cloud Architecture Approach
Multi Cloud Architecture ApproachMaganathin Veeraragaloo
 

More Related Content

What's hot

PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR ModernizationApache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR ModernizationKai Wähner
 
Empower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMEmpower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMElasticsearch
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsVignesh Ganesan I Microsoft MVP
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and ManagementAllen Brokken
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceVignesh Ganesan I Microsoft MVP
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
 
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...Amazon Web Services
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapDATA SECURITY SOLUTIONS
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
SOC Certification Runbook Template
SOC Certification Runbook TemplateSOC Certification Runbook Template
SOC Certification Runbook TemplateMark S. Mahre
 

What's hot (20)

PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR ModernizationApache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
 
Empower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMEmpower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEM
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM Architecture
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)
 
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
Using Amazon VPC Flow Logs for Predictive Security Analytics (NET319) - AWS r...
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmap
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
 
SOC Certification Runbook Template
SOC Certification Runbook TemplateSOC Certification Runbook Template
SOC Certification Runbook Template
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
 

Similar to McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report

Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranGSTF
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Samrat Das
 
The Journey to the Hybrid Multi Cloud
The Journey to the Hybrid Multi CloudThe Journey to the Hybrid Multi Cloud
The Journey to the Hybrid Multi CloudIdan Tohami
 
Strengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersStrengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersCloudflare
 
Oracle Cloud Computing Strategy
Oracle Cloud Computing StrategyOracle Cloud Computing Strategy
Oracle Cloud Computing StrategyRex Wang
 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125Gabor Bokor
 
Welcome to the Multi-cloud world
Welcome to the Multi-cloud worldWelcome to the Multi-cloud world
Welcome to the Multi-cloud worldLew Tucker
 
Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...
Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...
Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...Cisco Canada
 
F5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облакаF5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облакаBAKOTECH
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
mcafee-cloud-acceleration-and-risks.pdf
mcafee-cloud-acceleration-and-risks.pdfmcafee-cloud-acceleration-and-risks.pdf
mcafee-cloud-acceleration-and-risks.pdfAndreBolo1
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...Amazon Web Services
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloudpatmisasi
 
Cloud Application Security --Symantec
Cloud Application Security --Symantec Cloud Application Security --Symantec
Cloud Application Security --SymantecAbhishek Sood
 

Similar to McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report (20)

Cloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack OverviewCloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack Overview
 
Multi Cloud Architecture Approach
Multi Cloud Architecture ApproachMulti Cloud Architecture Approach
Multi Cloud Architecture Approach
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton Ravindran
 
Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB Cloud Access Security Brokers - CASB
Cloud Access Security Brokers - CASB
 
The Journey to the Hybrid Multi Cloud
The Journey to the Hybrid Multi CloudThe Journey to the Hybrid Multi Cloud
The Journey to the Hybrid Multi Cloud
 
Strengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersStrengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providers
 
Oracle Cloud Computing Strategy
Oracle Cloud Computing StrategyOracle Cloud Computing Strategy
Oracle Cloud Computing Strategy
 
CSA & GRC Stack
CSA & GRC StackCSA & GRC Stack
CSA & GRC Stack
 
wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125wp-security-dbsec-cloud-3225125
wp-security-dbsec-cloud-3225125
 
Losing Control to the Cloud
Losing Control to the CloudLosing Control to the Cloud
Losing Control to the Cloud
 
Welcome to the Multi-cloud world
Welcome to the Multi-cloud worldWelcome to the Multi-cloud world
Welcome to the Multi-cloud world
 
Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...
Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...
Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...
 
F5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облакаF5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облака
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and Applications
 
mcafee-cloud-acceleration-and-risks.pdf
mcafee-cloud-acceleration-and-risks.pdfmcafee-cloud-acceleration-and-risks.pdf
mcafee-cloud-acceleration-and-risks.pdf
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Cloud Application Security --Symantec
Cloud Application Security --Symantec Cloud Application Security --Symantec
Cloud Application Security --Symantec
 

More from Iftikhar Ali Iqbal

McAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
McAfee - McAfee Application Control (MAC) - Whitelisting - TechbookMcAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
McAfee - McAfee Application Control (MAC) - Whitelisting - TechbookIftikhar Ali Iqbal
 
McAfee - McAfee Application Control (MAC) - Whitelisting - Proposal
McAfee - McAfee Application Control (MAC) - Whitelisting - ProposalMcAfee - McAfee Application Control (MAC) - Whitelisting - Proposal
McAfee - McAfee Application Control (MAC) - Whitelisting - ProposalIftikhar Ali Iqbal
 
McAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingMcAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingIftikhar Ali Iqbal
 
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)Iftikhar Ali Iqbal
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMIftikhar Ali Iqbal
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Iftikhar Ali Iqbal
 
Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Iftikhar Ali Iqbal
 
Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Iftikhar Ali Iqbal
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentIftikhar Ali Iqbal
 
Symantec Messaging Gateway - Technical Proposal (General)
Symantec Messaging Gateway - Technical Proposal (General)Symantec Messaging Gateway - Technical Proposal (General)
Symantec Messaging Gateway - Technical Proposal (General)Iftikhar Ali Iqbal
 
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Iftikhar Ali Iqbal
 
Symantec Portfolio - Sales Play
Symantec Portfolio - Sales PlaySymantec Portfolio - Sales Play
Symantec Portfolio - Sales PlayIftikhar Ali Iqbal
 

More from Iftikhar Ali Iqbal (13)

McAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
McAfee - McAfee Application Control (MAC) - Whitelisting - TechbookMcAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
McAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
 
McAfee - McAfee Application Control (MAC) - Whitelisting - Proposal
McAfee - McAfee Application Control (MAC) - Whitelisting - ProposalMcAfee - McAfee Application Control (MAC) - Whitelisting - Proposal
McAfee - McAfee Application Control (MAC) - Whitelisting - Proposal
 
McAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingMcAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - Whitelisting
 
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
 
McAfee - Portfolio Overview
McAfee - Portfolio OverviewMcAfee - Portfolio Overview
McAfee - Portfolio Overview
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)
 
Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)
 
Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept Document
 
Symantec Messaging Gateway - Technical Proposal (General)
Symantec Messaging Gateway - Technical Proposal (General)Symantec Messaging Gateway - Technical Proposal (General)
Symantec Messaging Gateway - Technical Proposal (General)
 
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
 
Symantec Portfolio - Sales Play
Symantec Portfolio - Sales PlaySymantec Portfolio - Sales Play
Symantec Portfolio - Sales Play
 

Recently uploaded

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report

  • 1. McAfee MVISION Cloud Cloud Access Security Broker (CASB) Iftikhar Ali Iqbal, CISSP, CCSP, CISM https://www.linkedin.com/in/iftikhariqbal/ Valid till July 2019
  • 2. 2 AGENDA Target Partners & RTM 1 2 3 Company Overview & Strategy MVISION Cloud Proof Of Concept (POC) Observations 4 Proof Of Concept (POC) Recommendations
  • 4. 4 MCAFEE: OVERVIEW • Founded in 1987 • Headquartered in California, United States • Provides Software and Services • Focus is on Consumer and Enterprise Security • 125,000+ Corporate Customers • 120 Countries • 217+ Innovation Alliance Partners • 800+ Security Patents • Solution Offering: • Cloud Security • Device Security • Network Security • Data Protection and Encryption • Intelligent Security Operations • Service Offering: • Technical Support • Professional Services • Education
  • 5. 5 Portfolio Strategy An Integrated And Open Security System Threat Defense Lifecycle Together, Is Far More Powerful Than Sum Of The Parts SECURITY OPERATIONS DEVICE CLOUD MANAGEMENT THREAT INTELLIGENCE ANALYTICS AUTOMATION / ORCHESTRATION INFRASTRUCTURE MCAFEE: STRATEGY
  • 6. MVISION CLOUD Cloud Access Security Broker (CASB)
  • 7. 7 MVISION CLOUD: CHALLENGES Unmanaged Devices SaaS IaaS/PaaS Enterprise Data Creation and Access in the Cloud Bypasses Existing Network Security Infrastructure#1 Shared Responsibility#2
  • 8. “Through 2023, at least 99% of cloud security failures will be the customer’s fault.” Steve Riley, Craig Lawson. “Magic Quadrant for Cloud Access Security Brokers.” Gartner, 29 October 2018. “CASB is a required security platform for organizations using cloud services...” Craig Lawson, Neil MacDonald, Brian Lowans. “Market Guide for Cloud Access Security Brokers.” Gartner, 22 October 2015.
  • 9. 9 MVISION CLOUD: THREAT LANDSCAPE McAfee Discovers Knock Knock Hacker Exploiting Compromised Admin Account to hack into Office 365 McAfee Discovers Ghost Writer – S3 Buckets Configured for Write Access open up Customers to Major Vulnerabilities
  • 10. 10 Unmanaged Devices SaaS IaaS/PaaS MVISION Cloud No User Friction Complete Visibility and Policies Across Multiple Cloud Services Real Time Complete Coverage § Data at rest § Data uploaded/downloaded § Data created in cloud § Shared Cloud-to-cloud § Certificate pinned apps MVISION CLOUD: OVERVIEW SHADOW IT PUBLIC API, M CAFEE API PUBLIC API SIEM
  • 11. 11 ThirdPartyIntegration(DXL) Platform Extensibility Visibility Data Security Compliance Threat Protection Common Security Services IaaS and PaaS—Custom AppsSaaS CASB Connect—APIs Long-tail SaaS CASB Proxy—Workload Security Lift-and-shift Custom Apps MVISION CLOUD: THE PLATFORM
  • 13. 13 NOTE: As of January 2018, MVISION Cloud (Skyhigh Networks) is the now part of McAfee. • Overall Leadership • Innovation Leadership • Market Leadership MVISION CLOUD: QUINTUPLE LEADERSHIP + COMMENDATION
  • 14. PROOF OF CONCEPT (POC) Objectives
  • 15. 15 POC: REQUIREMENTS VISIBILITY Through Shadow IT discovery, provide a consolidated view of the organization’s cloud service landscape, and details about the users who access data in cloud services from any device or location. Furthermore, it should also provide a cloud service security rating database to check attributes of trustworthiness and associated risks of a Cloud Service Provider (CSP). Enforce Data Loss Prevention policies to prevent unwanted activity based on data discovery, data classification, user groups and collaboration to Sanctioned Software as a Service (SaaS). Controls such as quarantine, block, revocation, delete and view only. DATA SECURITY Demonstrate Governance of usage of cloud services across Sanctioned Software as a Service (SaaS) and Infrastructure as a Services (IaaS). Visibility, control and reporting mechanism should incorporate internal policies, best practices, security standards and regulatory compliance requirements. COMPLIANCE Prevent unmanaged devices and users from accessing cloud services by providing Access Controls. Furthermore, provide detailed Activity Monitoring with embedded user and entity behavior analytics (UEBA) for identifying anomalous behavior. These should be available for Sanctioned Software as a Service (SaaS) and Infrastructure as a Services (IaaS). THREAT PROTECTION
  • 16. PROOF OF CONCEPT (POC) Shadow IT - Objectives
  • 17. 17 POC: SHADOW IT Discover Cloud Services Discover all SaaS, PaaS, IaaS, and custom applications in use and visually summarizes traffic patterns, access count, and usage over time. Data Center Provide a risk rating for each service based on attributes and be able to modify attribute and weights and add custom attributes to generate personalized ratings. Risk-based Score SaaS IaaS/PaaS Provide a workflow to automatically or manually classify services based on risk criteria and enforces acceptable use policies through coaching and/or blocking (out of scope). Cloud Service Governance Have a clickable drilldown to navigate from service-level upload statistics to granular user-level and event-level statistics with a complete activity feed for additional context. Activity Drilldown Detect if perimeter security allowed high risk services to operate and provide recommendations to close gaps. Cloud Enforcement Gap Analysis LMH 1 TB 970 GB 854 GB Cloud Storage IT Services Cloud StorageDevelopmentCollaboration
  • 18. PROOF OF CONCEPT (POC) Shadow IT - Observations
  • 19. 19 POC: EXECUTIVE SUMMARY April 26 to May 16 2019 179 Services used with known vulnerability 40 High Risk Services of 2,286 Total Services 75 Services need additional controls Total Data to High Risk Services 6.8 GB Total Services 2,286 Users of High Risk Services 102 Access Attempts to High Risk Services 164.9 K
  • 20. 20 POC: HIGH RISK SERVICES April 26 to May 16 2019 40 High Risk Services of 2,286 Total Services 2 Partially Allowed 5.9 GB Uploaded to Cloud Storage 38 Completely Allowed Inconsistent Egress Policies High Risk Services Allowed by your Perimeter Security 0 Completely Denied bilibili Collaboration 8 WikiSend Cloud Storage 7 18 File Sharing Services Total Data to High Risk Services 6.8 GB Total Services 2,286 Users of High Risk Services 102 Access Attempts to High Risk Services 164.9 K
  • 21. 21 POC: VULNERABLE SERVICES April 26 to May 16 2019 179 Services used with known vulnerability 4 DROWN 0 Heartbleed 4 FREAK/Logjam 141 Cloudbleed 30 POODLE Allows remote attackers to obtain sensitive information Makes it easier for man- in-the-middle attackers to obtain cleartext data Man-in-the-middle attack that could break the security of any website Makes it easier for remote attackers to decrypt TLS ciphertext data Affecting Cloudflare's reverse proxies, which caused their edge servers to return their customer’s sensitive information. Total Data to High Risk Services 6.8 GB Total Services 2,286 Users of High Risk Services 102 Access Attempts to High Risk Services 164.9 K
  • 22. 22 POC: ADDITIONAL CONTROL REQUIREMENTS April 26 to May 16 2019 75 Services need additional controls Total Data to High Risk Services 6.8 GB Total Services 2,286 Users of High Risk Services 102 Access Attempts to High Risk Services 164.9 K
  • 23. 23 62 High Risk GDPR of 2,286 Total Services 56 Anonymous Use of 2,286 Total Services POC: HIGH RISK SERVICES BY CATEGORY April 26 to May 16 2019 6.9 GB313 57.1 K 6 Breached in 1 Year of 2,286 Total Services 8 High Risk Collaboration of 2,286 Total Services 0 High Risk IaaS of 2,286 Total Services 12 High Risk Cloud Storage of 2,286 Total Services 38.7 GB794 133.5 K 409.3 GB1,017 1.9 M 5.9 GB31 77 K 237 MB10 619 0 GB0 0 Data TransferredUsers Access Attempts
  • 24. 24 39 Approved McAfee CT of 2,286 Total Services POC: LOW RISK SERVICES BY CATEGORY April 26 to May 16 2019 57 Approved CSA Star of 2,286 Total Services 48 Low Risk Collaboration of 2,286 Total Services 3 Low Risk IaaS of 2,286 Total Services 12 Low Risk Cloud Storage of 2,286 Total Services 2.6 TB39 3.7 M 4.2 TB1,071 5.8 M 1.8 TB1,016 9.1 M 687.8 MB18 4.8 K 8.3 TB1,148 15.2 M Data TransferredUsers Access Attempts
  • 25. 25 POC: LOW RISK SERVICES COMPARISION April 26 to May 16 2019 48 Low Risk Collaboration 3 Low Risk IaaS 12 Low Risk Cloud Storage Services compared have been provided based on several validations made by the McAfee CloudTrust Program and/ or Cloud Security Alliance’s Security Trust Assurance and Risk (STAR) Program. Furthermore, McAfee MVISION Cloud provides discovery and various protection controls across these recommended services for your organization. MVISION Cloud for Box MVISION Cloud for Microsoft Office 365 MVISION Cloud for Slack MVISION Cloud for Exchange Online MVISION Cloud for Amazon Web Services (AWS)
  • 26. 26 POC: UNMATCHED SERVICES April 26 to May 16 2019 3,876 Unmatched Services of 6,162 Total Services 23 GB Uploads to thepiratebay.se 51.8 GB Unmatched Uploads of 2.2518 TB Total Upload Data 6.5 GB Uploads to 74.112.184.85 7.2 GB Uploads to 74.112.185.182 Unmatched Services 824 intranet.rks.com Unmatched Services 735rks-usw.accesscontrol.windows.net Unmatched Services 653 show.rks.com Unmatched Services 474 p.rfihub.com Unmatched Services 462 sync.adaptv.advertising.com URL STATUS CATEGORIZATION REPUTATION http://thepiratebay.se Categorized URL Potential Illegal Software Unverified http://74.112.185.182 Categorized URL Internet Services Minimal Risk http://74.112.184.85 Categorized URL Personal Network Storage Minimal Risk http://intranet.rks.com Categorized URL Blogs/Wiki Minimal Risk http://rks-usw.accesscontrol.windows.net Categorized URL Software/Hardware Minimal Risk http://show.rks.com Categorized URL Blogs/Wiki Minimal Risk http://sync.adaptv.advertising.com Categorized URL Internet Services Minimal Risk http://p.rfihub.com Categorized URL Content Server Minimal Risk Categorization information based on McAfee Web Gateway 7.x Customer URL Ticketing System* *For more information you can visit https://www.trustedsource.org/en/feedback/url or McAfee Threat Center (https://www.mcafee.com/enterprise/en-us/threat-center.html)
  • 27. PROOF OF CONCEPT (POC) Shadow IT - Recommendations
  • 28. 28 Vulnerable Services • Find out who's using these services, and what information was shared with them. • Coach employees on lower-risk sanctioned or permitted alternatives. Additional Control Requirements • Although some services have a severity of medium or low risk, they would require additional control based on risky attributes. • Use the risk-based scoring of cloud services to identify them and assess them as per your risk appetite. Low Risk Services • Compare known good services that can be easily adopted by the organization for less user friction and with security controls • Validations can be made via the McAfee CloudTrust Program and/ or Cloud Security Alliance’s Security Trust Assurance and Risk (STAR) Program. • Discovery and various protection controls can be provided by MVISION Cloud for Sanctioned SaaS/IaaS. High Risk Services • Block high risk services, and coach your employees to use lower-risk sanctioned or permitted alternatives. • Ensure acceptable use governance policies are fully enforced by existing SWGs/NGFWs, and to ensure that there is no proxy leakage. Comprehensive Approach • Integrate with Active Directory to gather additional context of which cloud services are used based on users, departments, locations, etc. • Integrate with existing SWGs/NGFWs to enforce real-time governance policies by ensuring no proxy leakage. • With McAfee Web Gateway (MWG)’s, auto-classification of High Risk services by MVISION Cloud can be used to provide Closed Loop Remediation (CLR). POC: RECOMMENDATIONS
  • 29. 29 POC: EXECUTIVE SUMMARY (+21 Days) April 26 to Jun 6 2019 179 Services used with known vulnerability 47 High Risk Services of 2,313 Total Services 75 Services need additional controls Total Data to High Risk Services 35.5 GB Total Services 2,313 Users of High Risk Services 129 Access Attempts to High Risk Services 295.6 K +27 +28.7 GB +130.7 K+27 +7
  • 30. PROOF OF CONCEPT (POC) Sanctioned SaaS - Objectives
  • 31. 31 POC: SANCTIONED SAAS Data Loss Prevention Discover & prevent sensitive data from being stored in Sanctioned SaaS. Prevent sharing of sensitive data with unauthorized parties.Collaboration Control Gain visibility into Sanctioned SaaS usage and accelerate post-incident forensic investigations by capturing a comprehensive audit trail of all activity (out of scope). Activity Monitoring Protect corporate data from unauthorized access by enforcing granular, context-aware access policies such as preventing download of sensitive data from Sanctioned SaaS to unmanaged devices. Access Control Automatically build models of typical user behavior and identifies behavior that may be indicative of a threat, such as Insider Threats, Compromised Accounts and Privileged User Threats. User Behavior Analytics Malware Detection Block known malware signatures, sandbox suspicious files, and identify behavior indicative of malware data exfiltration or ransomware activity (out of scope). Incident Management Response Provide a unified interface to triage, resolve incidents and response through autonomous remediation
  • 32. PROOF OF CONCEPT (POC) Sanctioned SaaS - Observations
  • 33. 33 POC: EXECUTIVE SUMMARY May 22 to Jun 5 2019 Services 4 Microsoft Exchange Online Microsoft OneDrive Microsoft SharePoint Online Google Drive Data Loss Prevention 84 Activity Monitoring 948 Cloud Access Control 354 840 – O365 108 – G Suite of 948 Activities 351 – O365 3 – G Suite of 354 Access Violations 58 – OneDrive 12 – SharePoint 5 – Exchange 9 – Google Drive of 84 Policy Violations
  • 34. 34 46 LOGIN SUCCESS 43 DATA UPLOAD 643 SERVICE USAGE POC: ACTIVITY MONITORING 0 ANOMALIES 5 DATA DELETE 64 DATA ACCESS 1 DATA UPDATE 7 DATA SHARING iai@iaispace.com 189 actions Services Data Loss Prevention 84 Activity Monitoring 948 Cloud Access Control 3544 May 22 to Jun 5 2019 Microsoft Exchange Online Microsoft OneDrive Microsoft SharePoint Online Google Drive 11 DATA UPDATES 42 DATA DOWNLOAD 840 – O365 108 – G Suite of 948 Activities 88 ADMINISTRATION iai@iairecord.com 98 actions 7 – O365 4 – G Suite of 11 users
  • 35. 35 POC: CLOUD ACCESS CONTROL 127 High Severity of 354 Access Violations 127H 0M 224L 20 Times Unmanaged Devices Used to Access Desktop17 Mobile3 11 Download Attempts on Unmanaged Devices Desktop9 Mobile2 Services Data Loss Prevention 84 Activity Monitoring 948 Cloud Access Control 3544 May 22 to Jun 5 2019 Microsoft Exchange Online Microsoft OneDrive Microsoft SharePoint Online Google Drive 351 – O365 3 – G Suite of 354 Access Violations 0H 0M 3L
  • 36. 36 POC: DATA LOSS PREVENTION 74 High Severity of 84 Incidents 74H 10M 0L OneDrive 49 31 Invited Collaborators Of 84 Incidents Enabled Shared Link5 Email5 Modified31 Invited Collaborators31 Services Data Loss Prevention 84 Activity Monitoring 948 Cloud Access Control 3544 May 22 to Jun 5 2019 Microsoft Exchange Online Microsoft OneDrive Microsoft SharePoint Online Google Drive 58 – OneDrive 12 – SharePoint 5 – Exchange 9 – Google Drive of 84 Policy Violations On-Demand Scan3 Uploaded7 Role Change of Collaborators2
  • 37. 37 POC: CONNECTED APPS May 22 to Jun 5 2019 7 Applications Blocked1 Allowed1 Under Audit1 Unassigned4
  • 38. PROOF OF CONCEPT (POC) Sanctioned SaaS - Recommendations
  • 39. 39 Data Loss Prevention • Prevent unauthorized data from being collaborated on except for trusted partners with specific permission levels. • Discover and prevent regulated and high-value data from being stored in cloud services using content and context based rules. Access Control • Block downloads of data to unauthorized (unmanaged/personal) devices by performing certificate checks. • You can also block access to cloud services from unauthorized devices or view but no download policy. Activity Monitoring • Detect compromised accounts and insider/privileged user threats by leveraging machine learning which builds user behavior models. • Cross-reference activities across various cloud services in order detect anomalies + incorporate false positive feedback. • Capture an audit trail of all user activity (automatically categorized) with geolocation analytics for forensic investigation. Data Classification • Data owned by the organization and who is the data owner • How the data is being created, where is it being stored, how is it used and collaborated and with whom. • Helps understand if there are any regulatory compliance or jurisdictional requirements associated with the data. Comprehensive Approach • Integrate with Active Directory to enforce user or group-based policies based on user and custom attributes. • For Data Loss Prevention, integrate with on-premise DLP for complete coverage. • Integrate with SIEM via syslog to populate policy violations. POC: RECOMMENDATIONS
  • 40. PROOF OF CONCEPT (POC) Sanctioned IaaS - Objectives
  • 41. 41 POC: SANCTIONED IAAS Security Configuration and Compliance Audit Audit and monitor the security configurations of all your IaaS services to detect and correct misconfigurations to reduce risk and comply with internal/external policies. Gain visibility into usage across managed and unmanaged IaaS accounts and accelerate post-incident forensic investigations by capturing a comprehensive audit trail of all activity. Activity Monitoring Prevent unauthorized regulated data from being stored in IaaS storage services.Data Loss Prevention Automatically build models of typical user behavior and identifies behavior that may be indicative of a threat, such as Insider Threats, Compromised Accounts and Privileged User Threats. User Behavior Analytics Malware Detection Block known malware signatures, sandbox suspicious files, and identify behavior indicative of malware data exfiltration or ransomware activity (out of scope). Incident Management Response Provide a unified interface to triage, resolve incidents and response through autonomous remediation
  • 42. PROOF OF CONCEPT (POC) Sanctioned IaaS - Observations
  • 43. 43 POC: EXECUTIVE SUMMARY May 22 to May 30 2019 Data Loss Prevention 7 Activity Monitoring 1,448 Services 2 Amazon Web Services Microsoft Azure Security Configuration Audit 160 0 – AWS 7 – Azure of 7 Policy Violations 1,353 – AWS 97 – Azure of 1,448 Activities 146 – AWS 14 – Azure of 160 Audit Violations
  • 44. 44 POC: ACTIVITY MONITORING May 22 to May 30 2019 Data Loss Prevention 7 Activity Monitoring 1,448 Services 2 Amazon Web Services Microsoft Azure Security Configuration Audit 160 1,353 – AWS 97 – Azure of 1,448 Activities 0 ANOMALIES 1 DATA DELETE 5 DATA ACCESS 108 ADMINISTRATION 20 DATA UPDATES 10 USER ACCOUNT CREATION 1,302 SERVICE USAGE 4 LOGIN SUCCESS 3 – AWS 4 – Azure of 7 users iaispace-s3 1,277 actions admin 79 actions
  • 45. 45 POC: SECURITY CONFOGIRATION AUDIT May 22 to May 30 2019 Data Loss Prevention 7 Activity Monitoring 1,448 Services 2 Amazon Web Services Microsoft Azure Security Configuration Audit 160 146 – AWS 14 – Azure of 160 Audit Violations 36 High Severity of 160 Audit Violations 9 Services affected of 9 Total Services 64 Non-compliant with CIS Benchmarks 32H 73M 41L 4H 8M 2L CloudTrail4 S310 IAM11 EC216 Web Services105 Subscriptions2 Storage Accounts2 Network Security Group3 Security Center7 LEVEL 233 LEVEL 128 LEVEL 13
  • 46. 46 POC: DATA LOSS PREVENTION May 22 to May 30 2019 Data Loss Prevention 7 Activity Monitoring 1,448 Services 2 Amazon Web Services Microsoft Azure Security Configuration Audit 160 0 – AWS 7 – Azure of 7 Policy Violations 4 High Severity of 7 Policy Violations 0H 0M 0L 4H 3M 0L
  • 47. PROOF OF CONCEPT (POC) Sanctioned IaaS - Recommendations
  • 48. 48 Data Loss Prevention • Discover regulated and high-value data from being stored in cloud services using content and context based rules. • Run scheduled on-demand scan to detect violations Security Configuration Audit • Run scheduled on-demand scans to detect security violations and misconfigurations of your cloud services. • Scans based on CIS benchmarks, Security Center (Azure) and McAfee best practices should be reviewed for incidents and remediation steps. Activity Monitoring • Detect compromised accounts and insider/privileged user threats by leveraging machine learning which builds user behavior models. • Cross-reference activities across various cloud services in order detect anomalies + incorporate false positive feedback. • Capture an audit trail of all user activity (automatically categorized) with geolocation analytics for forensic investigation. Data Classification • Data owned by the organization and who is the data owner • How the data is being created, where is it being stored, how is it used and collaborated and with whom. • Helps understand if there are any regulatory compliance or jurisdictional requirements associated with the data. Comprehensive Approach • Integrate with Active Directory to get additional context on users, departments, locations, etc • Integrate with SIEM via syslog to populate policy violations. POC: RECOMMENDATIONS
  • 49. 49 Thank You Iftikhar Ali Iqbal, CISSP, CCSP, CISM https://www.linkedin.com/in/iftikhariqbal/
  • 50. PROOF OF CONCEPT (POC) Sanctioned SaaS – End User Experience
  • 51. 51 May 19 to May 22 2019 BUSINESS LOGIC SERVICES SharePoint Online, OneDrive, Exchange Online USERS Everyone RULES Redirect Managed Clients (Device Certificates) EXCEPTIONS - RESPONSE Allow Service Activities POC: CLOUD ACCESS CONTROL MVISION Cloud
  • 52. 52 May 19 to May 22 2019 BUSINESS LOGIC SERVICES SharePoint Online, OneDrive, Exchange Online USERS Everyone RULES Unmanaged Clients trying to Download EXCEPTIONS - RESPONSE Block Downloads POC: CLOUD ACCESS CONTROL MVISION Cloud
  • 53. 53 May 19 to May 22 2019 BUSINESS LOGIC SERVICES SharePoint Online, OneDrive USERS Everyone RULES High Severity for Credit Card Data EXCEPTIONS - RESPONSE Quarantine for High Severity | Send Email to User MVISION Cloud POC: DATA LOSS PREVENTION
  • 54. 54 May 19 to May 22 2019 BUSINESS LOGIC SERVICES Exchange Online USERS Everyone RULES High Severity for Credit Card Data | Daily Scan EXCEPTIONS - RESPONSE Monitor for High Severity | Send Email to Admin MVISION Cloud POC: ON-DEMAND SCAN
  • 55. 55 May 19 to May 22 2019 BUSINESS LOGIC SERVICES SharePoint Online, OneDrive USERS Everyone RULES High Severity for Collaborated Confidential (classification) Files EXCEPTIONS - RESPONSE Block for High Severity | Send Email to Admin POC: CONTENT COLLABORATION MVISION Cloud
  • 56. PROOF OF CONCEPT (POC) Sanctioned IaaS – Admin Experience
  • 57. 57 POC: RECOMMENDATIONS – ACTIVITY MONITORING Monitor the activity of the users within your organization and detect risk trends for the entire organization over time. Break down individual usage over activity, time, users, and role development. Users with administrative access have the greatest access to sensitive data and user information, ensure they have only the necessary access and permissions to perform the required job.
  • 58. 58 POC: RECOMMENDATIONS – SECURITY AUDIT CONFIGURATION Regularly run security audit configuration scans. Review incidents and make remediations based on your requirements such as company security policy, best practices and benchmarks. After taking remediation measures run scan again to ensure that same violations are not being produced. Remediation strategy could be based on resolving High Severity incidents first, resolve all incidents affecting CIS Level benchmarks (High, Medium and Low) or as per organization’s risk appetite. MVISION Cloud provides remediation steps within the incident details.