Datasheets

Cloudlock: Cloud User Security

Issue link: https://learn-umbrella.cisco.com/i/765444

Contents of this Issue

Navigation

Page 0 of 1

How Cisco Cloudlock Helps • Detects compromised cloud accounts • Identifies malicious insiders • Monitors privileged user accounts Functionality Highlights • User and Entity Behavior Analytics: Analyze user and entity behavior to detect account compromis¬e and malicious insider activity • Cross-Platform Security Intelligence: Aggregate and analyze activities across SaaS, IaaS, and PaaS platforms • Geolocation Whitelisting and Blacklisting: Allow and block specific IP addresses and ranges to defend against account compromises © 2017 Cisco and/or its affiliates. All rights reserved. Cloud User Security Detect Anomalies in Your Cloud User Accounts DATA S H E E T Compromised Accounts, Malicious Insiders, and Privileged Users Cisco Cloudlock provides cross-platform User and Entity Behavior Analytics (UEBA) for SaaS, IaaS, PaaS, and IDaaS environments. Cisco Cloudlock leverages advanced machine learning algorithms to detect anomalies based on factors such as activities outside of whitelisted countries and actions across distances at impossible speeds. Attackers are defeating today's security controls that rely on the network perimeter, firewalls, or exclusively focus on a specific platform. Activities across platforms are not correlated, making it difficult or impossible to identify suspicious behavioral patterns. At the same time, security teams are inundated with alerts that lack priority, useful information, or context. Faced with a flood of unhelpful alerts, the legitimate security breaches get overlooked. This problem is magnified with the use of cloud applications and platforms, as organizations often have little visibility into the activities of their users in their SaaS, PaaS, IaaS, and IDaaS environments. Problems We Solve Compromised Accounts Attackers are compromising cloud application accounts at astonishing rates. Targeted attacks, such as spearphishing have reached a level of sophistication where they are virtually indistinguishable from legitimate communications. In many cases, there are not any files or malicious URLs involved in an attack, rendering traditional security solutions, including anti- malware and anti-phishing tools, incapable of addressing these threats. Malicious Insiders As malicious insiders are unlikely to trigger typical security telemetry when performing nefarious tasks, detecting insider threats is extremely difficult. Given the ease with which malicious individuals can leverage cloud applications to access, modify, distribute, and exfiltrate sensitive information, detecting and mitigating malicious insiders is crucial. Dangerous Privileged Account Actions Privileged users not only have access to a high volume of sensitive data, but also have administrative rights, such as configuration settings and user provisioning within applications. As such, ensuring the integrity of privileged accounts is critical to security.

Articles in this issue

view archives of Datasheets - Cloudlock: Cloud User Security