Stop Hackers with Integrated CASB & IDaaS Security
-
Upload
cloudlock -
Category
Technology
-
view
148 -
download
1
Transcript of Stop Hackers with Integrated CASB & IDaaS Security
Speakers
Brad PielechIntegrations Architect
Mario TarabbiaDirector of Sales Engineering
@OneLogin@CloudLock
Agenda
● IT Complexity Today & Where Organizations Struggle
● Top 5 Cyber Threats to Your Cloud Environment
○ Challenge○ Solution○ What You Can Do Now
● CASB + IDaaS - What We Do
● Q&A
Increasing IT Complexity
Thousands of employees, partners, customers, and multiple devices...
Working with many, many apps, both in the cloud and on-premise.
Top 5 Cyber Threats To Your Cloud Environment
Data Breaches
Insider Threats
Account Compromises
Cloud-Resident Malware
Shadow IT & Cloud-Native
Malware
Top Cyber Threats
▪ Login to:
▪ File download using:
▪ Massive file downloads using:
▪ Email sent from:
▪ Export using:
09:03
09:26
10:29
11:46
10:11
#1 Account Compromises
▪ Login to:
▪ File download using:
▪ Massive file downloads using:
▪ Email sent from:
▪ Export using:
09:03
09:26
10:29
11:46
Admin
10:11
#1 Account Compromises
#1 Account Compromises
The Solution - IDaaS & CASB● Eliminate need for application passwords with SSO & enforce adaptive authentication
● Dig up behavioral anomalies for signs of a compromise
● Develop procedure to remediate when a user’s account is compromised:
Detect suspicious
activity
Enforce MFA
User proves identity, access granted
Attacker cannot verify identity, access denied
Enforce Directory
Password Reset
#2 Insider Threats
● Louise was refused the promotion she applied for. Louise quit.
● Before quitting, she downloads all customer lists and contracts she can find on Google Drive.
● 18 months later, Louise’s account downloads 2 more contracts.
What This Looks Like
PII
#2 Insider Threats
The Solution - IDaaS & CASB
● Proactively enforce appropriate access with IDaaS based on existing AD user groups
● Monitor for employees-gone-rogue by looking for off-normal SaaS activity
● Take an action - communicate, suspend access, enforce authentication across cloud platforms
● Be mindful of dormant accounts from ex-employees, contractors, and partners.
All Employees:
Sales:
HR:
Finance:
#3 Cloud-Resident Malware
● Bob receives a phishing email from his “boss” asking him to review a malware infected PDF.
● Bob believing the file is legitimate, saves it to his team’s folder storage in Sharepoint
● Sharepoint synchronizes the file across all team member’s devices thereby automatically propagating the malware.
What This Looks Like
#3 Cloud-Resident Malware
Proactively enforce appropriate access
with IDaaS provisioning engine
Leverage CASB to discover malware inside SaaS apps
Take an action, remove malware
Step up authentication policies
The Solution - IDaaS & CASB
#4 Shadow IT and Cloud-Native Malware
● Charlie’s organization has more connected cloud apps than there are minutes in the year. Some are good, some are bad, some are ugly.
● Charlie’s colleague authenticates into “Mocusign” using corporate credentials
● An external 3rd party now has access Charlie’s Docusign username and password.
● Docusign data and any other applications accessible with this same set of credentials are now exposed.
What This Looks Like
#4 Shadow IT and Cloud-Native Malware
The Solution - IDaaS & CASB
● Audit firewall logs in CASB
● Audit oauth connected apps in CASB
● Review Unsanctioned App Ratings
○ Detect, block & blacklist malicious apps
○ Ensure low-rated apps are not provisioned within IDaaS
● Sanction productivity apps and provision access in IDaaS
** CloudLock Cybersecurity Report: The Extended Parameter
#4 Shadow IT and Cloud-Native Malware
** CloudLock Cybersecurity Report: The Extended Parameter
The Solution - IDaaS & CASB
● Sanctioned Apps
○ Monitor for license compliance and bandwidth
● Eliminate app passwords with SSO and set up automatic app access permissions rules and mappings based on user roles and groups
#5 Data Breaches
● Francisco accidentally shares the company’s upcoming product design files to Matthew’s personal email address instead of his corporate account.
● Matthew’s personal address may get hacked
● Matthew may leave the company tomorrow
● Francisco will never realize such sensitive data is exposed
What This Looks Like
Personal Account Hacked
App/Access Locked Down
Unknown
Sent files to personal email
#5 Data BreachesThe Solution - IDaaS & CASB
● Leverage IDaaS to ensure appropriate entitlements for applications with sensitive data, restricting access via intelligent SAML configurations
● Leverage CASB to detect and remediate improperly shared data
● Selectively encrypt data
● Tie CASB and IDaaS security policies for immediate mitigation of suspicious behavior
Policy Apps
Tomorrow’s Tasks:30MAR
Get all business owners in a room to redefine
what is sensitive.
Educate end users on safe sharing.
Do’s & Don’t.
Lessons Learned
IDaaS and CASB together enable a complete sanctioned IT solution
● Be proactive against the top 5 cyber security threats
● IDaaS and CASB protect both admins and end-users
● CASB identifies misuse of services
● IDaaS enables easy access to all sanctioned applications, based on user
permissions - e.g. enables HR to do HR tasks without IT friction
Questions?
bit.ly/onelogin-cloudlock ● Try OneLogin for Free
● Get a Free Cloud Cybersecurity Assessment● See a CloudLock + OneLogin Integration Demo
● Read Our White Paper