https://www.xylos.com/en/corporate/events/explore-new-digital-ways
Public cloud and security go hand in hand, if you approach it properly
The cloud is already being well used, but lots of organisations still have questions about its security. Is data protection in the cloud really optimal, or is this uncertainty justified? In this breakout session we look at the main concerns we hear from our customers. Can we build a perimeter around cloud applications? Which sectors or scenarios are not suitable for the cloud, and where in particular is it recommended? How do I get to grips with ‘shadow IT’? Do I have to manage things myself in the cloud? Does the public cloud satisfy the strictest security requirements? And what's the most secure authentication? Data protection isn't just limited to firewalls or intrusion systems, after all. The key lies in having a comprehensive security policy, and in this session we zoom in on the major components and challenges.
Speaker: Karim Vaes, Solution Architect, Xylos
5. Cybersecurity used to mean building a bigger moat and a bigger wall
Source : http://www.boomsbeat.com/articles/2824/20140416/an-interesting-look-at-the-ancient-city-walls-of-dubrovnik-photos.htm
6. So we built a secure perimeter within a secure perimeterSource : http://files.terramartour.com/010_PAIS_FOTO/07_FRANCE/Carcassonne/
12. What does EU GDPR mean in less than one minute?
though penalties :
fines up to
of annual global revenue
whichever is greater!
4%
or
€20 million
The regulation also applies to non-EU
companies that process personal data of
individuals in the EU.
The European “General Data Protection Regulation” will increase privacy for individuals and give
regulatory authorities greater powers to take action against businesses that breach the new laws.
Here is what it means to your business :
Privacy first
or face
17. Is the practice of shadow IT bad?
IT says
YES!
Business says
NO!
18. Looks kinda like?
• User chooses apps (unsanctioned, shadow IT)
• User can access resources from anywhere
• Data is shared by user and cloud apps
• IT has limited visibility and protection
• Only sanctioned apps are installed
• Resources accessed via managed devices/networks
• IT had layers of defense protecting internal apps
• IT has a known security perimeter
On-premises
Storage, corp data Users
19. No easy puzzle…
Data Protection
How do I know what apps are
used in my environment?
Shadow IT
How do I ensure appropriate
access to my cloud apps?
Access control
Visibility/reporting
How do I gain visibility into
cloud apps and usage?
How do I prevent
data leakage?
Data protection
Threat prevention
How do I know if my users
have been breached?
How do I address regulatory
mandates?
Compliance
20. The DNA of the IT landscape
Employees Business partners Customers
Apps DevicesGreat People Data
21.
22. How to protect my organization?
Identity and access
management
Mobile device and
app management
Information
protection
User and entity
behavioral analytics
Cloud Access
Security Broker
Bring enterprise-grade
visibility, control, and
protection to your
cloud applications.
23. Identity & Access Management
One Person = Single Identity For one million+
applications
Source : Forbes top cloud applications
24. Identity & Access Management
Windows 10 Configuration
Purpose
Ownership
Windows Devices PC/Tablets/Mobile/etc.
Personal
Fun
MSA Sign-in
Fun + some work
(BYOD)
Add a Work
Account
Organizational
Work
Domain Join Azure AD Join
karim.vaes@xylos.com
Organizational Account
karim@kvaes.be
Microsoft Account
XYLOSkarimvaes
Domain Account
karim.vaes@xylos.com
Organizational Account
One Person = Single Identity
25. Persistent protection
Storage independent solution
Permit all companies to authenticate
Authorization policies are enforced
Powerful logging for reporting
End user use/abuse tracking
Ability to remote kill documents
Enable IT to reason over data
Tracking and compliance
Works across all platforms
Free content consumption
Consistent user experience
Integrated into common
apps/services
Ease of use
Information Protection
<you> need to share <file types> between yourself and partners, suppliers,
dealers, representatives, etc.
27. Cloud Access Security Broker
Discovery
Gain complete visibility and
context for cloud usage and
shadow IT—no agents required
Data control
Shape your cloud environment with
granular controls and policy setting
for access, data sharing, and DLP
Threat protection
Identify high-risk usage and security
incidents, detect abnormal user
behavior, and prevent threats
28. Cloud Access Security Broker
Discovery
• Use traffic logs to discover and analyze
which cloud apps are in use
• Manually or automatically upload log
files for analysis from your firewalls and
proxies
Sanctioning and un-sanctioning
• Sanction or block apps in your
organization using the cloud app catalog
App connectors
• Leverage APIs provided by various cloud
app providers
• Connect an app and extend protection by
authorizing access to the app. Cloud App
Security queries the app for activity logs
and scans data, accounts, and cloud
content
App connectors
Cloud discovery
Protected
Cloud apps
Cloud
traffic
Cloud traffic logs
Firewalls
Proxies
Your organization
from
any
location
API
Cloud App Security
29. Mobile device &
Application Mgmt
Information
Protection
Protect your users,
devices, and apps
Detect problems
early with visibility
and threat analytics
Protect your data,
everywhere
Extend enterprise-grade security to
your cloud and SaaS apps
Manage identity with hybrid
integration to protect application
access from identity attacks
User & Behaviour Analytics
Cloud Access Security Broker
Identity & Access
Management
What does this tie together?
31. • Discover 13,000+ cloud apps in
use—no agents required
• Identify all users, IP addresses,
top apps, top users
Shadow IT discovery Risk scoring
• Get an automated risk score driven by
60+ parameters
• See each app’s risk assessment based
on its security mechanisms and
compliance regulations
• Ongoing risk detection, powerful
reporting, and analytics on users,
usage patterns, upload/download
traffic, and transactions
• Ongoing anomaly detection for
discovered apps
Ongoing analytics
Discovery
32. DLP and data sharingPolicy definition
• Set granular-control security policies for
your approved apps
• Use out-of-the-box policies or
customize your own
• Prevent data loss both inline and at rest
• Govern data in the cloud, such as files stored in
cloud drives, attachments, or within cloud apps
• Use pre-defined templates or extend existing
DLP policies
Policy enforcement
• Identify policy violations, investigate on
a user, file, activity level
• Enforce actions such as quarantine and
permissions removal
• Block sensitive transactions, limit
sessions for unmanaged devices
Data Control
33. • Identify anomalies in your cloud
environment which may be indicative of
a breach
• Leverage behavioral analytics (each
user’s interaction with SaaS apps) to
assess risk in each transaction
Behavioral analytics Attack detection
• Identify and stop known attack pattern
activities originating from risky sources with
threat prevention enhanced with vast
Microsoft threat intelligence
• Coming soon: send any file through real-
time behavioral malware analysis
Threat Prevention
Basic Pizza-as-a-Service talk
Hybride
Niet zwart / wit => depends on “mood”
Chef @ home works too
We doen al veel!
Recap!
Outcome Focus => Cloud is logical there
Digital => Business focus, en breekt uit vanuit een niet traditionele hoek
Hybride! => We doen al veel
Basic Pizza-as-a-Service talk
Hybride
Niet zwart / wit => depends on “mood”
Chef @ home works too
We doen al veel!
Recap!
Outcome Focus => Cloud is logical there
Digital => Business focus, en breekt uit vanuit een niet traditionele hoek
Hybride! => We doen al veel
People – identity, device, apps, data
MSFT Field - Please view associated material at: http://infopedia/SMSG/Pages/EnterpriseSecurity.aspx
The following firewalls and proxies are supported: Blue Coat, Cisco (Cisco ASA - Virtual Context, Cisco ScanSafe, Cisco IronPort WSA), Zscaler, Fortigate, Palo Alto, McAfee Secure Web Gateway, Check Point (Check Point, Check Point OPSEC LEA), Squid (Common), Juniper SRX, Sophos SG, Microsoft Forefront Threat Management Gateway, Websense.
With more than 80 percent of employees admitting to using non-approved SaaS apps for their jobs, how can you maintain visibility, control, and protection of your cloud apps?
With this fast transition to cloud apps, we know you may be concerned about storing corporate data in the cloud and how to make it accessible to users anywhere without comprehensive visibility, auditing, or controls. Legacy security solutions are not designed to protect data in SaaS applications. Traditional network security solutions, such as firewalls and IPS, don’t offer visibility into the transactions that are unique to each application and traffic off-premises, including how data is being used and stored. Classic controls fail to provide protection for cloud apps as they monitor only a small subset of cloud traffic and have limited understanding of app-level activities.
We have your solution: Microsoft Cloud App Security
Why Cloud App Security?
Shadow IT discovery – no agents required
Enchanced threat protection with Microsoft intelligent security graphs
Granular controls of your sanctioned apps
Builds on broader Microsoft platforms
It’s enterprise grade and easy to use
It’s deep intergration with Office
CLICK STEP(S).
Click anywhere on the slide to begin
Here you are presented the Microsoft Cloud App Security console.
You have four key menus to choose from: “Discover”, “Investigate”, “Control” and “Alerts”
These menus provide you a wide set of capabilities including visibility, comprehensive data controls and threat prevention for your cloud apps.
Let’s go ahead and start with the discovery dashboard.
CLICK STEP(S)
Click the Discover menu.
CLICK STEP(S)
Click on Cloud Discovery dashboard.
The Discovery dashboard provides an overview of cloud apps used in your organization with details.
CLICK STEP(S)
On the right, click on the scroll bar to scroll down.
It also identifies all users and IP addresses accessing the application while also conducting risk assessment and automated risk score for each app.
Point Out: Top Users/Top IP Addresses Tile
Your users do not need to deploy any additional agents on their devices for Cloud App Security to provide this analysis because we collect information from the firewalls and proxies.
CLICK STEP(S)
On the right, click on the scroll bar to scroll up.
The dashboard provides an overall understanding of your organization’s cloud app usage.
However, to get more detailed information about the apps being used, let’s navigate to Discovered apps.
CLICK STEP(S)
On the Cloud Discovery navigation bar, click on Discovered apps
Here you see all of the discovered apps in the organization, including a lot of additional data, such as amount of users using the app, the amount of IPs the app is being accessed from or the total number of transactions to name a few.
CLICK STEP(S)
On the right, click the scroll bar to scroll down.
You also can easily filter based on the name, activity time frame or the risk score associated with the application.
Let’s filter for collaboration apps.
CLICK STEP(S)
On the left, click Collaboration.
You can also have the ability to drill down on a specific app.
Let’s review Office 365.
CLICK STEP(S)
Under the Score column, click on 10 for Office 365.
Cloud App Security not only discovers more than 13,000 cloud applications in use but it also provides an automated risk score by evaluating each discovered service against more than 60 parameters.
CLICK STEP(S)
On the right, click the scroll bar to scroll down
Here you can see all of the different parameters used for the risk evaluation.
Let’s look at an example of a parameter breakdown.
CLICK STEP(S)
On the bottom right of the slide, click on HTTP security headers.
You can dive into more details for a specific parameter to get a breakdown on the score.
You can see the weight of this parameter in this category and which factors are considered for risk assessment.
You can interact with this risk assessment by reporting new data or requesting a score update.
CLICK STEP(S)
On the right, click the scroll bar to scroll up.
CLICK STEP(S)
Under the Name column, click on Office 365 to navigate to charts.
Discovering which apps are in use across your organization is just the first step in making sure your sensitive corporate data is protected.
CLICK STEP(S)
On the right, click on the scroll bar to scroll down.
You also have access to powerful reporting and analytics capabilities for you to gain the complete context of your cloud usage: such as usage patterns, upload/download traffic and top users.
Next, let’s see how you can investigate and gain detailed visibility on a file level.
To do this we will navigate to the Investigate menu.
CLICK STEP(S)
On the top navigation bar, click on Investigate to expand the drop down menu.
CLICK STEP(S)
Click Files.
The Investigate menu provides you with deep visibility into all activities, files and accounts.
Here you can see all files in your cloud environment with an easy and powerful query engine.
Let’s set the Access level filter to sort for all public files.
CLICK STEP(S)In the middle of the filtering bar, click on the Access Level drop down menu to expand.
CLICK STEP(S)
Click Public.
Security vulnerabilities or data leakage are always a concern and it is very easy for an employee to accidentally make a file link public.
No one has the time to go through all publically shared files to ensure no sensitive customer or company data has been leaked.
However, this can be done easily by navigating to the policies page, where you have the option of creating new policies or monitoring current existing policies for violations.
CLICK STEP(S)
On the top navigation bar, click on the Control menu to expand.
CLICK STEP(S)
Click Policies.
Here you are presented all of the active policies which are monitoring all apps used in your organization.
Within the Policy page, we will review 2 different scenarios:
Walkthrough the creation of a new policy using a template
File level investigation:
Authorizing a legitimate file
How to take action against suspicious/unauthorized file activity.
For the 1st scenario, you will see how simple and straight forward it is to create a new policy.
CLICK STEP(S)
Click Create Policy.
Cloud App Security provides you a variety of different types of policy types to choose from.
Each possessing their own policy specific templates but still allowing you the ability to customize it to your need(s).
For today, let’s just focus on a new App Discovery policy.
CLICK STEP(S)
Click App Discovery Policy.
When creating a new policy, you have the option of using “out of the box” templates or customizing your own policy.
Today, we will be using an “out of the box” template.
CLICK STEP(S)
Click the Policy Template drop down menu.
To reiterate, the primary reason behind the creation of this policy is to target possible “risky” apps.
So let’s select the “New Risky App” template.
CLICK STEP(S)
Click New Risky App.
CLICK STEP(S)
Click Apply Template.
Now that the template has been applied, let’s review the policy.
Point Out: Policy Description statement and review the criteria described that will generate an alert.
CLICK STEP(S)
Click scroll bar to scroll down.
Even though an “out of the box” template has been used, you still have the ability to alter any of the values to fit your requirements.
Point Out: Create a filter section and note the risk scores being targeted
Point out: Trigger a policy match section, showing another set of criteria that will trigger an alert.
Now moving onto the 2nd scenario, file level investigation.
CLICK STEP(S)
Click Cancel.
For the 2 file investigation sub scenarios you will refer to the PCI compliance policy which identifies sensitive, publicly shared files containing customer credit card numbers.
As you can see, the PCI policy is currently detecting 2 files in violation of it’s policy.
Point Out: 2 matches on the PCI Compliance policy line.
Let’s investigate these violations.
CLICK STEP(S)
Click on the PCI COMPLIANCE policy.
For the 1st file level investigation scenario, you will see how you can authorize legitimate activity using the Test_file_for_DLP_test.docx.
CLICK STEP(S)
Click on the Payment schedule and details.xlsx file to minimize.
CLICK STEP(S)
Click on the Test_file_for_DLP_test.docx file.
To further investigate, you want to view the hierarchy, which you know shows where this file resides.
CLICK STEP(S)
Under the File Name, click View Hierarchy.
Viewing the hierarchy, you can now determine that this is a test file as the file is located in a folder labelled “Test Files”.
CLICK STEP(S)
Click Done to exit.
Since this file is a legitimate test file, you can now proceed to authorize this file.
CLICK STEP(S)
To the left of the more information icon, click the check mark to authorize this file.
Moving onto the 2nd file level investigation scenario, you will see how Cloud App Security allows you to react and take action against suspicious activity and/or violations.
The document that will be used for this scenario is the Payment schedule and details.xlsx spreadsheet.
Let’s click on the spreadsheet to expand the file details.
CLICK STEP(S)
Click on Payment schedule and details.xlsx.
Within the file details, you can see the owner of the file, all the collaborators, when it was created and when it was modified.
By looking at the URL, you can see that the files is shared publicly to everyone via SharePoint.
Point Out: Shared with everyone section of the URL
https://contoso3-my.sharepoint.com/personal/nirg_contoso_com/Documents /Shared with Everyone/Tiderc.txt
You can also see that this file contains an Azure Information Protection classification label, specifically the Secret: Finance Only label.
Point Out: File Tag: Secret (external), Finance Only (external)
To further investigate, let’s see where this file resides, by viewing the file’s hierarchy.
CLICK STEP(S)
Under the File Name, click View Hierarchy.
You can see that this file is located under one of our customer information folders and should not be shared publicly.
CLICK STEP(S)
On the far right side, click on the more information icon (3 vertically stacked dots) for the Payment schedule and details.xlsx file.
You can now make an accurate assessment with the given evidence and take action, by either “put in user quarantine” or “make the link private”.
CLICK STEP(S)
Click Done to exit Hierarchy window.
Deeper visibility and stronger controls are key components of providing enterprise grade security for your applications, but you don’t stop there.
Cloud App Security not only provides you discovery and data control features but also a powerful threat detection engine.
Let’s see how Cloud App Security helps you detect anomalies and prevent threats.
For this let’s navigate to the Alerts menu.
CLICK STEP(S)
On the top navigation bar, click on Alerts.
The alerts center will generate an alert if any active policies are violated.
Let’s investigate a General Anomaly Detection alert.
CLICK STEP(S)
Click on the 3rd alert, General Anomaly Detection (ricky@contoso.com).
Cloud App Security advanced machine learning heuristics learns how each user interacts with each SaaS app and through behavioral analysis, assesses the risk in each transaction.
Here you can see a user who is an administrator performing suspicious activities such as logging in from a new anonymous location and two countries simultaneously within an hour with several failed login attempts.
Point Out: ricky@contoso.com is an administrator
CLICK STEP(S)
On the right, click on the scroll bar to scroll down.
Using the Activity Log, you are presented each action performed by the suspected user.
Through this alert, you are also provided the option of remediating the threat or adjusting the policy as needed.
Closing remarks:
Through Microsoft Cloud App Security, you will have deeper visibility, comprehensive controls, and improved protection for your cloud applications.
Cloud App Security is designed to help you extend the visibility, auditing, and control you have on-premises to your cloud applications.
People – identity, device, apps, data
MSFT Field - Please view associated material at: http://infopedia/SMSG/Pages/EnterpriseSecurity.aspx