By Neeraj Nayak, Senior Manager, Product Marketing at CipherCloud
Integrating FireEye Detection On Demand with CipherCloud CASB+ Platform
As organizations turn to cloud apps to support the remote workforce and maintain business continuity, bad actors are becoming more sophisticated. Threat actors are targeting employees working from home with advanced social engineering attacks using collaboration apps like Office365 and Slack. IT organizations are scrambling to deal with the new norm of supporting a remote workforce with employees connecting direct-to-cloud apps and bypassing traditional on-premises security. Keeping track of these employees, along with gaining visibility into the data they share in the cloud, can consume even the largest team’s resources and can often feel impossible. Protecting organizations from data breaches and threats has never been more important.
At CipherCloud, in partnership with FireEye, we have extended enterprise threat detection to the Mobile-SaaS environment. By combining FireEye Detection on Demand and CipherCloud CASB+, this joint solution analyzes content in real-time across SaaS applications and cloud repositories. The combination is designed to deliver high fidelity results as to whether an object shared via SaaS and Cloud applications is malicious or not. Should evil be detected, the content is blocked by CipherCloud in real-time helping to protect employees, partners and customers.
About FireEye Detection on Demand
Detection On Demand offers a cloud-native service that provides a flexible and easy way to pinpoint file-borne threats. Detection On Demand can be integrated into custom applications, utilized in third-party technology, or used on a standalone basis, providing customers with detailed information as to why the content has been flagged as malicious, using insights gained from Mandiant Threat Intelligence experts.
How Does the Integration Work?
CipherCloud has built a connection to FireEye Detection on Demand, which allows it to submit any content that it encounters across any SaaS/Cloud application and submit it for review. Customers have the ability to customize this for their business needs, allowing them to choose what content, from what user groups and how they want to deal with the malicious files (block, allow, and send alerts). The below architecture overview highlights how our technology works together.
- CipherCloud CASB+ enables visibility and protection of regulated data created or shared outside the enterprise perimeter
- CipherCloud CASB+ SaaS security for dozens of applications extended to FireEye Detection on Demand for intelligence-driven threat protection
- User activity, anomalies and malware events are normalized and sent to FireEye Helix advanced SEIM solution
Existing customers of FireEye Helix and CipherCloud can also start leveraging the integration to ingest all of CipherCloud logs into FireEye Helix, in mere minutes. By utilizing FireEye Helix Connect, customers only need to select the CipherCloud tile and enter their API key and CipherCloud domain. Customers will then have access to all CipherCloud Activity, Violations and Anomali data that is generated through their CASB enriched with FireEye Threat Intelligence.
FireEye has created seven custom alert rules, which is part of a CipherCloud Rule Pack that automatically assigns a risk level to each alert that CipherCloud generates. These rules work out of the box today and customers can also modify them to create the alerts that are most relevant. Additionally, FireEye Helix has the ability to help customers visualize data and alerts through dashboards. The following CipherCloud Dashboard has been created and is available for use in Helix, and customers can also modify it to reflect the data that they want to review.
To learn more about this integration, watch our webinar “Intelligence Led Threat Protection For SaaS-Mobile Environments“, which shares detailed insights on how FireEye’s detection capabilities can be combined with CipherCloud to stop malicious content from being shared.