Stop Hackers with Integrated CASB & IDaaS Security

Speakers

Brad PielechIntegrations Architect

Mario TarabbiaDirector of Sales Engineering

@OneLogin@CloudLock

https://twitter.com/onelogin




Agenda

● IT Complexity Today & Where Organizations Struggle

● Top 5 Cyber Threats to Your Cloud Environment

○ Challenge○ Solution○ What You Can Do Now

● CASB + IDaaS - What We Do

● Q&A

Increasing IT Complexity

Thousands of employees, partners, customers, and multiple devices...

Working with many, many apps, both in the cloud and on-premise.

Where Organizations Struggle

Access?

Security?

Cost?

Usage?

Compliance?

Top 5 Cyber Threats To Your Cloud Environment

Data Breaches

Insider Threats

Account Compromises

Cloud-Resident Malware

Shadow IT & Cloud-Native

Malware

Top Cyber Threats

#1 Account Compromises

Source: someecards.com

▪ Login to:

▪ File download using:

▪ Massive file downloads using:

▪ Email sent from:

▪ Export using:

09:03

09:26

10:29

11:46

10:11


▪ Login to:

▪ File download using:

▪ Massive file downloads using:

▪ Email sent from:

▪ Export using:

09:03

09:26

10:29

11:46

Admin

10:11


Catching, Stopping & Acting


The Solution - IDaaS & CASB● Eliminate need for application passwords with SSO & enforce adaptive authentication

● Dig up behavioral anomalies for signs of a compromise

● Develop procedure to remediate when a user’s account is compromised:

Detect suspicious

activity

Enforce MFA

User proves identity, access granted

Attacker cannot verify identity, access denied

Enforce Directory

Password Reset

Write down a deprovisioning plan

Tomorrow’s Task:30MAR

#2 Insider Threats

** CloudLock Cybersecurity Report: The 1% Who Can Take Down Your Organization

#2 Insider Threats

● Louise was refused the promotion she applied for. Louise quit.

● Before quitting, she downloads all customer lists and contracts she can find on Google Drive.

● 18 months later, Louise’s account downloads 2 more contracts.

What This Looks Like

PII

Finding the Suspicious andTaking Action Quickly

#2 Insider Threats

The Solution - IDaaS & CASB

● Proactively enforce appropriate access with IDaaS based on existing AD user groups

● Monitor for employees-gone-rogue by looking for off-normal SaaS activity

● Take an action - communicate, suspend access, enforce authentication across cloud platforms

● Be mindful of dormant accounts from ex-employees, contractors, and partners.

All Employees:

Sales:

HR:

Finance:

Identify the dormant accounts in each SaaS platform


#3 Cloud-Resident Malware

● Bob receives a phishing email from his “boss” asking him to review a malware infected PDF.

● Bob believing the file is legitimate, saves it to his team’s folder storage in Sharepoint

● Sharepoint synchronizes the file across all team member’s devices thereby automatically propagating the malware.


Staying Ahead of the Spread of Malware

#3 Cloud-Resident Malware

Proactively enforce appropriate access

with IDaaS provisioning engine

Leverage CASB to discover malware inside SaaS apps

Take an action, remove malware

Step up authentication policies


Kick off a phishing awareness campaign


#4 Shadow IT and Cloud-Native Malware

● Charlie’s organization has more connected cloud apps than there are minutes in the year. Some are good, some are bad, some are ugly.

● Charlie’s colleague authenticates into “Mocusign” using corporate credentials

● An external 3rd party now has access Charlie’s Docusign username and password.

● Docusign data and any other applications accessible with this same set of credentials are now exposed.


Getting Clear on the Good, the Bad,

and the Ugly



● Audit firewall logs in CASB

● Audit oauth connected apps in CASB

● Review Unsanctioned App Ratings

○ Detect, block & blacklist malicious apps

○ Ensure low-rated apps are not provisioned within IDaaS

● Sanction productivity apps and provision access in IDaaS

** CloudLock Cybersecurity Report: The Extended Parameter




● Sanctioned Apps

○ Monitor for license compliance and bandwidth

● Eliminate app passwords with SSO and set up automatic app access permissions rules and mappings based on user roles and groups

Audit Top 250 apps on firewall logs


#5 Data Breaches


#5 Data Breaches

● Francisco accidentally shares the company’s upcoming product design files to Matthew’s personal email address instead of his corporate account.

● Matthew’s personal address may get hacked

● Matthew may leave the company tomorrow

● Francisco will never realize such sensitive data is exposed


Personal Account Hacked

App/Access Locked Down

Unknown

Sent files to personal email

Protecting Sensitive Data from

the Next Breach

#5 Data BreachesThe Solution - IDaaS & CASB

● Leverage IDaaS to ensure appropriate entitlements for applications with sensitive data, restricting access via intelligent SAML configurations

● Leverage CASB to detect and remediate improperly shared data

● Selectively encrypt data

● Tie CASB and IDaaS security policies for immediate mitigation of suspicious behavior

Policy Apps

Tomorrow’s Tasks:30MAR

Get all business owners in a room to redefine

what is sensitive.

Educate end users on safe sharing.

Do’s & Don’t.

Lessons Learned

IDaaS and CASB together enable a complete sanctioned IT solution

● Be proactive against the top 5 cyber security threats

● IDaaS and CASB protect both admins and end-users

● CASB identifies misuse of services

● IDaaS enables easy access to all sanctioned applications, based on user

permissions - e.g. enables HR to do HR tasks without IT friction

Questions?

bit.ly/onelogin-cloudlock ● Try OneLogin for Free

● Get a Free Cloud Cybersecurity Assessment● See a CloudLock + OneLogin Integration Demo

● Read Our White Paper

Thank you +

Stop Hackers with Integrated CASB & IDaaS Security

Technology

Transcript of Stop Hackers with Integrated CASB & IDaaS Security