A Cloud Access Security Broker (CASB) is a policy enforcement point that delivers data and threat protection in the cloud, on any device, anywhere.
There are three requirements for a CASB vendor:
- Management: Visibility and clean-up after high-risk events
- Security: Preventing high-risk events such as data leakages and threat intrusions
- Zero-Day Protection: Protection from known and unknown data leakage risks and malware threats
Correspondingly there are three types of CASB:
- API-Only that deliver only management. Such CASB use API access to SaaS apps to remediate after data-leakage events
- Multi-mode First-Gen that deliver management and security, but not Zero-Day protection. Such CASB offer signature-based protection for known data leakage paths and a fixed set of applications
- Multi-mode Next-Gen that deliver management, security and Zero-Day protection. Such CASB dynamically adapt to deliver protection for known and unknown data leakage risks and malware threats, on any app.
Next-Gen CASB: Zero-Day data & threat protection
Any App, Any Device, Anywhere
Multi-Protocol Zero-Day Security
The Bitglass multi-protocol proxy architecture with Zero-Day Core ensures protection from known and unknown data leakage risks and malware threats, on managed and unmanaged apps, as well as on managed and unmanaged devices.
For managed apps, Bitglass provides zero-day support for any application, providing real-time data & threat protection, identity and visibility. No catalog or signatures required. Bitglass’ agentless reverse proxy capability leverages patent pending AJAX-VM technology to ensure application resilience. Competitive CASBs either rely entirely on cumbersome agent-based forward proxy solutions, or suffer from breakages and downtime as cloud providers update and change their applications.
For unmanaged apps, Bitglass’ patented-pending machine-learning approach automatically identifies new applications and learns application behaviors and leakage paths, allowing coaching, blocking and zero-day control for any existing or new application on your network.
DLP & Access Control
Contextual access control tracks numerous contextual variables, including location, user group, access method, managed vs unmanaged device, time-of-day and more. Fine-grained control allows your organization to vary the level of access within and across cloud applications.
Comprehensive DLP identifies and controls sensitive data-at-rest and upon access. Detection capabilities range from a pre-built library of common data types, to policy sync from premises DLP policies, ICAP integration, and advanced policies including exact match, document fingerprinting, occurrence and proximity based matching, and a broad expression language which provides custom policy creation.
The DLP and access control engines are paired with several remediation actions that allow you to extend access to sensitive data, without giving up visibility and control. Remediation actions include quarantine, preview only, redact, DRM, encrypt, track/watermark and more.
User Behavior Analytics
From initial deployment, the Bitglass system learns user behavior while simultaneously collecting detailed reporting on every user and admin transaction. Increased control, such as step-up authentication, and suspicious activity alerting provide visibility and mitigation to minimize risk.
These user behavior analytics are fed into reporting and dashboard system that enables rapid incident response and management. REST API is available to allow integration into major SIEM platforms or any other security operations workflow.
Zero-Day Shadow IT Discovery
Bitglass Shadow IT Discovery leverages machine-learning technologies to automatically index and classify all cloud apps, known and unknown. Currently, the Bitglass cloud app index has over 100K apps, over 3X that of the competition. Each app carries reputation rankings and security attributes.
Streaming your firewall or proxy logs to Bitglass allows you to rapidly discover cloud applications used in your organization. You can then block an application or make it “read-only” with Bitglass Zero-Day protection for unmanaged apps.
Agentless Mobile Security
Bitglass Next-Gen CASB delivers Zero-Day agentless protection of corporate data on any device without installing agents or MDM profiles. Patented agentless technology delivers the protections afforded by mobile device management (MDM) solutions, without the privacy and deployment hassles of MDM agents.
Enforce device configuration like PIN codes and encryption, and selectively wipe corporate data on any device, without taking full control of the device. Paired with Bitglass’ DLP and access control, the solution offers comprehensive control and risk mitigation for any app (cloud or premises) and any device.
API Management & Control
Bitglass delivers API management for all major SaaS apps as well as IaaS such as AWS and Azure. With our native high-performance double-byte DLP engine, you can configure DLP management for visibility and actions on sensitive content at rest in the cloud- encrypt, remove share, quarantine and more. Furthermore, Bitglass Next-Gen CASB delivers full visibility into data at rest in the cloud and can search logs and user actions.
CASB SSO & Identity Management
The only CASB with integrated identity management, Bitglass includes native SAML Single Sign-on, Active Directory synchronization and authentication, contextual multi-factor authentication, and more – without the hassles of budgeting for and deploying a third party identity system. Bitglass includes a SAML proxy and integrates with all leading SSO systems.
Zero-Day Threat Protection
Bitglass includes Zero-Day Malware Threat protection, powered by Cylance, to analyze and block known and unknown threats at rest in the cloud, or before upload from devices, or download to devices. In combination with Bitlgass Next-Gen agentless AJAX-VM technology, known and unknown malware threats are blocked even on unmanaged devices without agents.