Glass Class - How CASBs Provide Threat Protection
Hi, my name is Rich Campagna with Bitglass and in today's Glass Class session, we're going to be talking about threat protection with Cloud access security brokers (CASBs). Now for those of you that follow Gartner Research and I'm sure many of you do, they've broken down the cloud access security broker space and the most recent contact research into four different pillars. First is visibility, second is compliance, third is data security and fourth is threat protection. Today we're going to be talking about that last pillar, threat protection.
What exactly does that mean within a cloud access security broker? A lot of people are coming to us and ask this question and one of the big things they hear all the time is that these Cloud app vendors are spending a lot of money on security. They're throwing more dollars and more resources at solving security problems than your typical enterprise can. Do I really need to be concerned about threat protection? I think that it helps to break that down into a couple of different components.
First of all, there's things like some of your traditional direct attack type threats, so things like somebody exploiting a vulnerability in an application, somebody on the back end inside of the Cloud provider hacking into their infrastructure and stealing sensitive data, maybe a rogue employee of the Cloud app vendor. A lot of those thing, yeah, I think the answer is yes, the Cloud app vendor is going to probably do a better job of solving some of those issues than a typical enterprise could and certainly an enterprise trying to front end a public Cloud application.
There's a class of threats that Gartner really wants you to follow here and pay attention to that are really related to the users and the data that they are accessing. These are two things that your typical cloud app vendor is not providing a lot of protections for. Then the way you do this, is concentrate on a couple of key areas. First of all, the context. Now context means a number of different things related to the way that the user is accessing the application, whether the user's on a managed or un-managed device, location they're coming from, etc.
Maybe we have a hypothetical employee named Chris, Chris normally logs in from a Mac Book or an IOS device from California and then one day Chris logs in from, maybe from North Korea on a Linux machine. Certainly that's a suspicious context, not the normal context within which we see Chris so we're going to want to take action on that and provide a different level of access or maybe block access outright based on that context that he's now coming in on. Then that case, it may be a case of stolen credentials.
Second is the behavior of this user. Maybe we have Stephan, Stephan is a sales rep. Normally Stephan comes in in the morning, logs in to an app like Salesforce and accesses a couple of the opportunities or the clients in his space and provides some updates to his accounts. Then one day Stephan comes and logs in and rather than doing that, he goes into Sales Force and attempts to download the entire company's sales pipeline or the entire company contact database down to his un-managed BYOD device that he owns. That may be an indicator of another type of threat.
Here we had that compromised credentials use case, here maybe the example is or the threat is that Stephan is about to quit and go work for a competitor and so the behavior that he's exhibiting here is suspicious and so we want to, that's another type of threat, more of an insider type of threat, but still something that we want to take care of here. These are just a couple of examples of the types of threats that you're going to see that are not covered by the cloud app vendor, but still need to be covered within the threat protection realm of CASB.
Thanks for joining today's Glass Class session. My name is Rich Campagna. We'll see you next time.