DLP & Access Control
Bitglass' integrated, high-performance DLP and access control engines identify and control the context by which applications are being accessed, as well as the data being accessed.
Contextual access control tracks numerous contextual variables, including location, user group, access method, managed vs unmanaged device, time-of-day and more. Fine-grained control allows your organization to vary the level of access within and across cloud applications.
Comprehensive DLP identifies and controls sensitive data-at-rest and upon access. Detection capabilities range from a pre-built library of common data types, to policy sync from premises DLP policies, ICAP integration, and advanced policies including exact match, document fingerprinting, occurrence and proximity based matching, and a broad expression language which provides custom policy creation.
The DLP and access control engines are paired with several remediation actions that allow you to extend acccess to sensitive data, without giving up visibility and control. Remediation actions include quarantine, preview only, redact, DRM, encrypt, track/watermark and more.
User Behavior Analytics
From initial deployment, the Bitglass system learns user behavior while simultaneously collecting detailed reporting on every user and admin transaction. Increased control, such as step-up authentication, and suspicious activity alerting provide visibility and mitigation to minimize risk.
These user behavior analytics are fed into reporting and dashboard system that enables rapid incident response and management. REST API is available to allow integration into major SIEM platforms or any other security operations workflow.
Zero-Day Shadow IT Discovery
Bitglass Discovery leverages machine-learning technologies to automatically index and classify all cloud apps, known and unknown. Currrently, the Bitglass cloud app index has over 100K apps, over 3X that of the competition. Each app carries reputation rankings and security attributes.
Streaming your firewall or proxy logs to Bitglass allows you to rapidly discover cloud applications used in your organization. You can then block an application or make it "read-only" with Bitglass Zero-Day protection for unmanaged apps.
Agentless Mobile Security
Bitglass Next-Gen CASB delivers Zero-Day agentless protection of corporate data on any device without installing agents or MDM profiles. Patented agentless technology delivers the protections afforded by mobile device management (MDM) solutions, without the privacy and deployment hassles of MDM agents.
Enforce device configuration like PIN codes and encryption, and selectively wipe corporate data on any device, without taking full control of the device. Paired with Bitglass' DLP and access control, the solution offers comprehensive control and risk mitigation for any app (cloud or premises) and any device.
API Management & Control
Bitglass delivers API management for all major SaaS apps as well as IaaS such as AWS and Azure. With our native high-performance double-byte DLP engine, you can configure DLP management for visibility and actions on sensitive content at rest in the cloud- encrypt, remove share, quarantine and more. Furthermore, Bitglass Next-Gen CASB delivers full visibility into data at rest in the cloud and can search logs and user actions.
CASB SSO & Identity Management
The only CASB with integrated identity management, Bitglass includes native SAML Single Sign-on, Active Directory synchronization and authentication, contextual multi-factor authentication, and more - without the hassles of budgeting for and deploying a third party identity system. Bitglass includes a SAML proxy and integrates with all leading SSO systems.
Zero-Day Threat Protection
Bitglass includes Zero-Day Malware Threat protection, powered by Cylance, to analyze and block known and unknown threats at rest in the cloud, or before upload from devices, or download to devices. In combination with Bitlgass Next-Gen agentless AJAX-VM technology, known and unknown malware threats are blocked even on unmanaged devices without agents.