Start of a new year and CipherCloud has released its latest version of Cloud Access Security Broker (CASB+) software that comes with new cloud security features in tune with the evolving definition of CASB, focusing on tightening the security controls around the cloud to reduce user risks and prevent data leaks through shadow IT resources. The new feature additions, along with necessary enhancements in existing feature sets, enables a comprehensive solution for protecting and monitoring the data stored in cloud applications.
So, what’s new in CASB+?
Cloud Security Posture Management (CSPM)
Cloud adoption is mushrooming, and organizations need smarter, automated controls to prevent misconfigurations in the cloud that can open the doors for data breaches. CipherCloud’s Cloud Security Posture Management (CSPM) provides a comprehensive set of tools to monitor selected SaaS and IaaS resources in an organization. CSPM tools can be used to assess security risk factors against security best practices, perform needed actions to prevent misconfigurations that put data at increased risk, and continually monitor risk. CSPM uses industry-level security benchmarks such as CIS for AWS and Azure, CipherCloud Security best practices for Salesforce, and Microsoft Office 365 Security Best Practices.
Insights Investigate functionality provides a rich set of tools for incident management in your organization, enabling administrators to view incidents that involve policy violations occurring in an organization, assign a level of severity to an incident, and specify the appropriate action. In addition, administrators can view information about incidents and their sources from several perspectives, and obtain additional details about each incident or source. Insights Investigate consists of the following:
- Incident Management lists all the policy violated incidents occurring in the organization, and the administrator can filter the list based on time period (day, date, hour), cloud (managed or unmanaged), severity (low, medium, high) or status (open, under investigation, resolved).
- Incident Insights presents a graphical view of count of incidents by type of violation, including login, DLP, DRM, and external sharing violations, malware, geo anomalies, and location anomalies.
- Entity Insights presents a graphical view of the count of incidents by their source, including user, device, location, application, content, and external user.
Continuous (step-up) authentication
Continuous (step-up) authentication provides an option to request additional authentication based on pre-defined levels of data sensitivity and risk. Step-up authentication can be used for stronger protection at high risk scenarios, such as:
- A user traveling to a location tries to download multiple files while at that location.
- Increased risk scores for a user.
- A user is authorized to download files, but wants to download a file from a group of highly sensitive files for which they are typically not authorized to access.
User coaching supplements the strong protections offered by CASB+ by providing an option to display messages or interact with users who want to access sensitive data in a cloud. For example, when a user wants to download sensitive information from the cloud, which is otherwise blocked due to policy restrictions, a coaching window appears and the user can provide justification for download through the coaching window, and proceed with the download. All user coaching interactions are logged to track access attempts and the justifications entered by users in the coaching window.
Connected applications allows you to monitor apps connected to the clouds in your organization, distinguishing between legitimate and possibly malicious/inappropriate applications, and allowing admin to revoke access to those apps. For each onboarded cloud account, you can view information about its connected applications, including the application name, installation date, application owner or administrator name, and cloud certification status. Management of connected applications is supported for G Suite, Office 365 suite, Salesforce, AWS, and Slack clouds, and can be used for clouds with API protection mode. For AWS clouds, you can also view a list of access keys in the AWS environment, update permissions for those keys, and revoke key access as needed.
Unmanaged application control
How many times has one of the employees in your organization managed to bypass the enterprise security controls and use cloud resources not sanctioned by the IT team? These unmanaged apps are one of the primary sources of data leaks as organizations have no visibility on user or data activity over these apps. CipherCloud CASB+ now allows you to discover cloud applications that are being used in your organization but that were not onboarded through the CipherCloud onboarding process. Along with discovering the unmanaged apps, you can view the files that are being stored on them, and the users who are uploading these files from the company network. In addition, you can create policies to enforce controls (for example, deny login or deny upload/download) on unmanaged applications, and identify possible data leaks. This feature is supported for Box, G Suite, Office 365 suite, and Slack clouds.
Document highlight, redact, and mask policy actions
CASB+, in both API mode and inline mode, now provides options for easier visual identification of violating content in files, allowing users to take the following actions:
- Highlight: Highlights violating content when a file is placed in quarantine.
- Mask: Covers violating content with capital Xs.
- Redact: Covers violating content with black bar.
Slack configuration and reporting enhancements
Several enhancements are available for use with Slack cloud applications, including new filters, notification templates, and Cloud Data Discovery reports.
Additional cloud support for Cloud Data Discovery
Cloud Data Discovery (CDD), which allows historical scanning of data in the clouds against security policies to take remediation actions and download compliance reports, is now available for OneDrive, SharePoint, and G Drive cloud applications.
Administrator activity charts for Office 365
New monitoring charts are now available for Office 365 that display information about administrator activity for Exchange, sites, user management, and enterprise settings.