3. § A leading Cloud Access
Security Broker (CASB)
§ Ensures visibility and
governance for cloud services
§ Secures cloud applications and
infrastructure
- all users
- from any device
- from anywhere / any network
§ Leading Investors include
Norwest Venture Partners, Wing
Ventures & August Capital
§ Investment Bank – 5,500
Box users
§ IT Infrastructure & Data
Center Products
Manufacturer – 18,000
Salesforce users
§ National Healthcare
Provider – 5,500 O365
users
§ IT Service Provider –
6,000 O365/Salesforce
users
Company Customers AccoladesSupported Services
About Palerra
3
4. Cloud Computing Services Model
SaaS
§ Business data transaction
§ Sharing documents
§ Sensitive Emails
PaaS
§ Partner Applications
§ 3rd party APIs integration
§ Databases, Web Services
IaaS
§ VPN/Network ACLs
§ Hosts/Server instances
§ Storage Services
4
5. Security: Cloud Computing Services Model
§ Protect data from being shared
outside an org
§ Protect user accounts
§ Secure configurations
§ Detect malicious insiders
SaaS
Business
User
3rd Party
Apps
Admin
§ Protect Data
§ Protect user accounts
§ Secure API Keys and tokens
§ Audit Activity
PaaS
Business
User
Developers
API Key
3rd Party
Apps
DevOps
§ Secure Network and Servers
§ Secure SSH Keys
§ Protect against rogue usage
§ Secure configurations
IaaS
Admin
Client
Machines
On-Demand
Processes
5
Cloud
Service
Providers
own
the
Cloud
and
you
own
the
security
6. Cloud Security: Multi-Step Process
§ Step 1: Visibility
§ Get visibility into your cloud services usage
§ Develop plan for monitoring and securing your
clouds
§ Step 2:Anomaly Detection/Prediction/Protection
§ Use multiple techniques (supervised and
unsupervised) to identify risky users and threats
§ Step 3: Remediate incidents and prevent it in future
§ Automate the process for continuous security
6
9. AnomalousActivity Detection
§ Solution should support:
• Supervised Feeds and Rules:
§ Allow the customer to configure specific use cases of interest for
their cloud applications:
§ Examples: whitelisting of IP addresses, Tag activities for certain
AWS machines, Tag certain users (employee about to be
terminated).
• Machine learning forAnomaly detection:
• User Behavior Analytics.
• Anomaly Detection for IP addresses.
• Anomaly Detection for non-human activities connecting to the
applications: Automated processes, unsanctioned applications.
• Correlation of various threat feeds and contextual data.
9
10. Supervised Feeds and Rules : Real use case
§ Trusted IP addresses:
§ Detection of any activity outside certain ranges of IP
addresses.
§ Helps security analyst to identify users who work
outside office (when they are not supposed to).
§ Helps detect compromised or shared credentials (if
the employee is physically located in the office but
activity is happening from outside the company IP
ranges).
11. Anomaly Detection: UBAuse cases
§ Over time, cloud users build repeatable action patterns. Profiling such patterns
helps identify anomalous activity.
§ For example:
§ a SFDC user logs daily from two IP addresses (one is the
company, and the other is home).
§ This user creates an average of 20 leads a day, changes about 7
lead status, and transfers an average of 3 leads per day to another
employee.
§ Profiling the aggregates of actions per user over a long period of time helps
identify the user’s expected volume of daily actions.
§ Profiling the IP addresses for this user helps identify any new unseen IP
address for this user.
§ Profiling certain sensitive actions such as data export with time of execution
helps detect unexpected execution of such sensitive action.
11
14. Malicious Insiders
§ Most damaging attacks are more often caused
by insiders
§ Examples insider threats -
– Employee negligence
– Fraud, theft by insiders
– Inappropriate sharing of data outside an
enterprise
§ What to protect and monitor -
– Monitor for overly privileged user
accounts
– Monitor transactional activities
– Monitor administrator’ activities
– Detect malicious user activities using
user behavior analytics (UEBA)
15. Summary
§ Get visibility into your cloud services usage
§ Develop plan for monitoring and securing your clouds
§ Find an automated solution to address challenges (threats
and risks)
15
16. Q&A
16
Please
send
ques+ons
regarding
this
webinar
to:
info@palerra.com
hMp://palerra.com/locked_item/white-‐paper-‐t12/