While managed apps like Office 365 and Salesforce have made enormous inroads into the enterprise, most organizations still have hundreds of shadow IT or "unmanaged" applications in use on their networks. Unmanaged applications require both visibility and control. Bitglass' Next-Gen Cloud Access Security Broker (CASB) provides visibility through its shadow IT discovery module, which analyzes network traffic to identify unmanaged applications and score the associated risk across a customizable database of more than 50 security and compliance attributes. From there, Bitglass' Zero-day Unmanaged App Control uses machine learning techniques to automatically detect and control leakage paths in any application.
Shadow IT Discovery
Fundamental to Shadow IT discovery is the ability to identify cloud application usage by ingesting firewall or proxy logs, and to provide risk assessment for those discovered applications. That network traffic is then matched across a comprehensive database of thousands of cloud applications. Each app is tracked across more than 50 security & compliance attributes. Bitglass' proprietary ranking algorithms take into account these attributes, as well as the network traffic itself, and the organization's tuning of the importance of each parameter, to provide a ranked and prioritized report on the riskiest cloud apps and users on the corporate network. This automated ranking takes the manual time and effort out of triaging security incidents and alerts.
Zero-day Unmanaged App Control
Users need access to unmanaged apps in order to do their jobs. For example, bankers need to accept files shared by clients on Dropbox and marketers need to monitor news feeds on Twitter. At the same time, these apps represent high data leakage risk in that employees may intentionally or inadvertently publish sensitive information on them. Bitglass’ Unmanaged App Control, part of the Zero-day CASB CoreTM, converts any SaaS app into a “read-only” app so that your users may view the contents of these apps but not publish to them.
The technology automatically learns data leakage paths on apps so that no code changes, signatures, or definition updates are required even as apps change or deploy new features. In contrast, first-gen CASBs without Zero-Day technology require hard-coded data leakage path signatures that must be updated each time an app changes, leaving you without an ability to control new apps, or newly changed applications.
Control Unmanaged Apps Today
Learn how a global telecom giant leverages Bitglass breach discovery to provides its customers with a low cost, effective solution.