McAfee Skyhigh Security Cloud Overview

Ivan Strydom | Senior Sales Engineer

Switzerland

2McAfee CONFIDENTIAL

Agenda

• McAfee Skyhigh Introduction

• McAfee Skyhigh for Shadow IT

• McAfee Skyhigh for Sanctioned IT (SaaS: Office 365)

• McAfee Skyhigh for Sanctioned IT (IaaS: Amazon Web Services)

• Summary

3McAfee CONFIDENTIAL

McAfee Skyhigh background

Founded in 2012 backed by:

Skyhigh expands:

Skyhigh granted 14th

CASB Patent – 3x more than any other CASB

Only CASB to be named“Leader” in all 3 major analyst reports

Jan 2018 acquired by

Skyhigh for Custom Apps

Skyhigh for Shadow IT

The McAfee Skyhigh Security Cloud enables

organizations to accelerate their business by

giving them total control over their data in the

cloud.

The CASB Market is Born

Expansion to Sanctioned Apps

Expansion from SaaS to IaaS

4McAfee CONFIDENTIAL

Gartner’s four areas of CASB security

5McAfee CONFIDENTIAL

McAfee Skyhigh Product Portfolio

McAfee Skyhigh for Shadow IT

McAfee Skyhigh for Salesforce

McAfee Skyhigh for O365

McAfee Skyhigh for Box

McAfee Skyhighfor ServiceNow

McAfee Skyhighfor Google

McAfee Skyhighfor Custom Apps

McAfee Skyhigh

for Shadow ITMcAfee Skyhigh for Sanctioned SaaS

McAfee Skyhigh

for IaaS/PaaS

McAfee Skyhigh for Slack

…

McAfee Skyhighfor AWS

McAfee Skyhighfor Azure

McAfee Skyhigh

CASB Connect

McAfee Skyhigh for Shadow

IT

How It Works

7McAfee CONFIDENTIAL

McAfee Skyhigh for Shadow IT

SIEM

McAfee Skyhigh (on premise)

Enterprise Connector

Firewall

Proxy

Proxy logs

AD

Anomaly

detection

McAfee Skyhigh cloud backed by a

Hadoop cluster

Visibility into enterprise cloud

usage

VM

Closed loop

remediation

Cloud registry – 25k+ services

Deployment – no agents, no

changes on premise

Data privacy / data protection

Active Directory integration

Tagging

Behavioural Analytics

Scalability – 28+m users , 650+

customers

Tokenized log data

uploaded to the

McAfee Skyhigh

cloud

SSL Termination

8McAfee CONFIDENTIAL

McAfee Skyhigh for Shadow IT – Services View (Example)

9McAfee CONFIDENTIAL

McAfee Skyhigh for Shadow IT – Evaluate Cloud Services

10McAfee CONFIDENTIAL

McAfee Skyhigh for Shadow IT Use Cases

McAfee Skyhigh

for SaaS

(Office 365)

How It Works

12McAfee CONFIDENTIAL

McAfee Skyhigh for Sanctioned Cloud Services – API based

Un-/structured data encryption

DLP – Near-real time (API)

„On demand scan“ of data which

has been uploaded to a CSP before

a CASB was in place (e.g.. O365)

AD Integration

“Behavioural Analytics”

Scalability – 28+m users , 700+

customers

SIEM

Enterprise Connector

Sanctioned Cloud Services

Anomaly detection

Customer dashboard

On-prem DLP

ADEncryption Key-Server

Close to real time &real time

API

13McAfee CONFIDENTIAL

McAfee Skyhigh for Sanctioned Cloud Services – Secure Gateway based

DLP – Real time (Gateway)

AD Integration for group based

DLP policies

Un/structured data encryption

Cloud access policies based on

(e.g.)

Cooperate / BYOD device User

“Behavioural Analytics”

Scalability – 28+m users , 700+

customers

SIEM

Enterprise Connector

On-prem DLP

ADEncryption Key-Server

Sanctioned Cloud Services

Secure GatewayReal time

Anomaly detection

Customer dashboard

14McAfee CONFIDENTIAL

McAfee Skyhigh Pervasive Cloud ControlTM – CSP Initiated Workflow

On-premises, remote, mobile, or 3rd party user attempts to access a CSP

Upon success, the IdP enables access to the CSP.

✓

The identity provider authenticates the user.

?

All traffic can be redirected through McAfee Skyhigh without the need for an agent of PAC file. McAfee Skyhigh remains in path and cannot be circumvented.

On-Premises Users

Customers, Partners, Vendors

Remote / Mobile Users

The CSP automatically redirects the user to identity provider.

Identity Provider

15McAfee CONFIDENTIAL

1. Confidential Data Control - Prevent regulated/high-value data being stored in the cloud

Enforce DLP based on keywords, data identifiers, IDM, EDM, RegEx

Review highlightedexcerpts showing

content that triggeredthe violation

Multi-tier remediationon severity (quarantine,delete, coach user, etc.)

Rollback an automatedenforcement action or

take manual action

16McAfee CONFIDENTIAL

2. Real-Time Data Guard - Prevent unauthorized data from being shared externally

Coach user, block link, limit sharing, notify administrator

Real-time enforcement of sharing policies via API prevents exposure

DLP powered content-aware collaboration

policies to prevent data loss via sharing/links

17McAfee CONFIDENTIAL

3. Contextual Access Control - Block sync/download of corporate data to unmanaged devices

Enforce distinct policies for managed devices and unmanaged devices

Check MDM/EMM certificate and validate

user-device mapping

Block access to Office 365, including via the native app, on unmanaged devices

Allow preview of content in the browser but disable download

18McAfee CONFIDENTIAL

4. Advanced Threat Protection - Detect compromised accounts, insider threats, and malware

Leverages machine learning and user and entity behavior analytics (UEBA)

Sandboxing to identify

malware that signature-

based solutions miss

No pre-defined policies or thresholds, automatic

models based on activity

Threat funnel correlates multiple anomalies, minimizing false positives

19McAfee CONFIDENTIAL

5. Cloud Activity Monitoring and Forensics - Capture an audit trail for forensic investigations

Categorizes all 600+ activities into 13 categories for easy filtering/navigation

Investigate activities for a specific user centered

around an incident

IP reputation to identify access by a malicious IP such as a TOR network

Expand the scope of an investigation and browse a geo-location map

20McAfee CONFIDENTIAL

McAfee Skyhigh for Office 365 (and File Sharing / Collaboration) Use Cases

McAfee Skyhigh

for IaaS/PaaS

(Amazon Web Services)

How It Works

22McAfee CONFIDENTIAL

McAfee Skyhigh for IaaS Services

NoCode Custom App Security, extending McAfee Skyhigh

capabilities to custom apps with no engineering (GE)

Consistent policies for sanctioned, permitted, and custom

cloud services (First Data)

Why McAfee SkyhighHow it Works

API/Logs

Coverage for both custom apps and IaaS configuration

audit (American Fidelity)

23McAfee CONFIDENTIAL

1. Audit IaaS Environments to Identify Unsecure/Noncompliant Configurations

• Discover current AWS security settings and suggests modifications to improve security

• Monitor security by enabling logging for AWS CloudTrail, Elastic Load Balancing, and Virtual Private Cloud Flow

• Eliminate security loopholes such as unrestricted inbound access to ports

• Secure authentication by requiring MFA for the AWS root account, or modifications to security settings

24McAfee CONFIDENTIAL

2. Monitor Activity and Create Audit Trail for Compliance and Investigations

• Track over 600 actions using AWS CloudTrail API

• Automatically map CloudTrail data to a standardized set of activities

• Capture a complete audit trail of all user and administrator activities to support post-incident investigations and forensics

25McAfee CONFIDENTIAL

3. Detect Insider and Privileged User Threats, Compromised Accounts

• Monitor all activities including escalation of privileges, user provisioning, and sensitive data access

• Leverage machine learning to detect insider and privileged user threat

• Utilize geolocation analysis to identify compromised accounts

• Access a threat protection dashboard and incident-response workflow to review and remediate potential threats

26McAfee CONFIDENTIAL

McAfee Skyhigh for IaaS Platform Use Cases

McAfee Skyhigh

Why?

28McAfee CONFIDENTIAL

Summary: McAfee Skyhigh Covers all Critical Cloud Security Use Cases

McAfee, the McAfee logo and Skyhigh Networks are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the U.S. and/or other countries.

Other names and brands may be claimed as the property of others.

Copyright © 2018 McAfee, LLC.