Organizations have seen rapid growth in cloud adoption over the last few years which in turn have introduced new threats and increased the risk of data leakage. Among the most prominent threats are malware and ransomware – long a problem on endpoints. With the advent of public cloud apps, interconnected and widely used, malware and ransomware have the potential to touch more data than ever before.
Unfortunately, despite the risk to data in the cloud, few providers offer any malware protection whatsoever. Those that do offer limited signature-based threat protection, based on solutions from IPS/IDS vendors, can only identify known threats. The most dangerous threats are not these known pieces of malware, but the unknown, zero-day threats that can go undetected, resulting in weeks or months of data exfiltration unbeknownst to IT.
G Suite, Office 365, and Azure offer threat protection that is reactive rather than proactive. What little proactive protection they provide is ineffective when end-users need instant access to data in the cloud or expect instant upload of a file. This gets at a critical difference between traditional signature-based malware and next-generation AI-based malware. Traditional tools rely on dynamic analysis, executing a file in a sandbox before taking action. Next-generation tools from companies like Cylance leverage static analysis, basing a risk decision on hundreds of characteristics associated with a file.
Once malware makes its way into a cloud app, there’s little an organization can do to stop its spread. These malicious files are often downloaded to endpoints, make their way to connected apps, and are shared across the organization. The only way to protect against these threats is to prevent their spread.
With Advanced Threat Protection (ATP), a core component of any complete Cloud Access Security Broker (CASB) solution, organizations can protect the cloud from malware before it hits the app, assess the risk of any one file, and stop malicious attacks in their tracks.