Cisco Cloudlock: Secure Cloud Apps

Issue link:

Contents of this Issue


Page 0 of 1

Discover and Control Cloud Apps As employees continue to embrace the phenomena of BYOD, work from anywhere, and the self-enablement of cloud apps, security leaders and practitioners alike are challenged to address a growing volume of Shadow IT. Despite the considerable investments made in security solutions, many security teams remain ill equipped to comprehensively identify application usage and the associated risk - a critical practice to mitigate the risk of account compromise and data exfiltration. OAuth Connected Apps: A Unique Threat Vector Organizations have an average of over 750 unique, user-enabled cloud apps authorized with corporate credentials and connected to corporate applications 1 . These apps are authorized through OAuth to access Google G Suite or Microsoft Azure Active Directory (AD) environments via APIs. Most users have seen the "Login with Google" or "Login with Microsoft" options when signing up for a new web application. But what many individuals do not understand are the security implications of such connected cloud apps. Due to the excessive access scopes associated with many of these apps, often including the ability to view, edit, delete, share, and download data, they create unique security and compliance challenges. Additionally, as these apps connect directly to corporate cloud apps via APIs, they are completely invisible to traditional security solutions, from on-premises devices to anti-malware and anti-phishing tools. Connected cloud applications can present risk in multiple ways: 1) While benign in intent, an app may access and/or distribute sensitive information to fulfill its function, 2) An app may be counterfeit or malicious by design and aim to leverage an excessive permission set to act nefariously as we have seen in recent OAuth attacks by infamous hacking group Fancy Bear, or 3) While the app may be benign, the organization behind the app may be compromised, allowing the malicious actor to leverage the permissions of the app to compromise accounts as well as access and exfiltrate sensitive information. On-Network Cloud App Usage Discovery In addition to providing visibility into and control of OAuth connected apps, Cloudlock ingests data from firewalls and proxies, including Cisco ASA and Cisco Firepower. Cloudlock augments this raw data with cybersecurity insight, including app risk level ratings, traffic volume by application, and visibility into the most active users, to enable superior security intelligence and efficient resolution. How Cisco Cloudlock Helps • Gain visibility into and control over the riskiest Shadow IT in the form of user-enabled cloud apps connected to corporate systems, including Google G Suite and Microsoft Azure Active Directory (AD) • Defend against a growing volume of OAuth-based attacks as used by hacking group Fancy Bear • Enable compliance and reduce the risk of compromised accounts and sensitive data exfiltration by revoking risky apps with excessive access scopes • Leverage cloud security intelligence and application risk insight via app risk score and peer insights such as the Community Trust Rating Functionality Highlights • Pain-free 360° Visibility: The only CASB to detect and control off-network cloud app usage without agents or proxies • Powerful App Control: Move beyond visibility with policy-based enforcement capabilities • Efficient Investigation: Evaluate your environment with risk ratings powered by the Cloudlock CyberLab and security peers • APIs for Immediate ROI: Enterprise-wide coverage in minutes without any impact to end-users © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Cloudlock: Secure Cloud Apps Shadow IT Control with Apps Firewall DATA S H E E T Data Sources 1. The 1% Who Can Take Your Organization: Cloudlock Cloud Cybersecurity Report

Articles in this issue

Links on this page

view archives of Datasheets - Cisco Cloudlock: Secure Cloud Apps