Upload
others
View
9
Download
0
Embed Size (px)
Citation preview
McAfee Skyhigh Security Cloud Overview
Ivan Strydom | Senior Sales Engineer
Switzerland
2McAfee CONFIDENTIAL
Agenda
• McAfee Skyhigh Introduction
• McAfee Skyhigh for Shadow IT
• McAfee Skyhigh for Sanctioned IT (SaaS: Office 365)
• McAfee Skyhigh for Sanctioned IT (IaaS: Amazon Web Services)
• Summary
3McAfee CONFIDENTIAL
McAfee Skyhigh background
Founded in 2012 backed by:
Skyhigh expands:
Skyhigh granted 14th
CASB Patent – 3x more than any other CASB
Only CASB to be named“Leader” in all 3 major analyst reports
Jan 2018 acquired by
Skyhigh for Custom Apps
Skyhigh for Shadow IT
The McAfee Skyhigh Security Cloud enables
organizations to accelerate their business by
giving them total control over their data in the
cloud.
The CASB Market is Born
Expansion to Sanctioned Apps
Expansion from SaaS to IaaS
4McAfee CONFIDENTIAL
Gartner’s four areas of CASB security
5McAfee CONFIDENTIAL
McAfee Skyhigh Product Portfolio
McAfee Skyhigh for Shadow IT
McAfee Skyhigh for Salesforce
McAfee Skyhigh for O365
McAfee Skyhigh for Box
McAfee Skyhighfor ServiceNow
McAfee Skyhighfor Google
McAfee Skyhighfor Custom Apps
McAfee Skyhigh
for Shadow ITMcAfee Skyhigh for Sanctioned SaaS
McAfee Skyhigh
for IaaS/PaaS
McAfee Skyhigh for Slack
…
McAfee Skyhighfor AWS
McAfee Skyhighfor Azure
McAfee Skyhigh
CASB Connect
McAfee Skyhigh for Shadow
IT
How It Works
7McAfee CONFIDENTIAL
McAfee Skyhigh for Shadow IT
SIEM
McAfee Skyhigh (on premise)
Enterprise Connector
Firewall
Proxy
Proxy logs
AD
Anomaly
detection
McAfee Skyhigh cloud backed by a
Hadoop cluster
Visibility into enterprise cloud
usage
VM
Closed loop
remediation
Cloud registry – 25k+ services
Deployment – no agents, no
changes on premise
Data privacy / data protection
Active Directory integration
Tagging
Behavioural Analytics
Scalability – 28+m users , 650+
customers
Tokenized log data
uploaded to the
McAfee Skyhigh
cloud
SSL Termination
8McAfee CONFIDENTIAL
McAfee Skyhigh for Shadow IT – Services View (Example)
9McAfee CONFIDENTIAL
McAfee Skyhigh for Shadow IT – Evaluate Cloud Services
10McAfee CONFIDENTIAL
McAfee Skyhigh for Shadow IT Use Cases
McAfee Skyhigh
for SaaS
(Office 365)
How It Works
12McAfee CONFIDENTIAL
McAfee Skyhigh for Sanctioned Cloud Services – API based
Un-/structured data encryption
DLP – Near-real time (API)
„On demand scan“ of data which
has been uploaded to a CSP before
a CASB was in place (e.g.. O365)
AD Integration
“Behavioural Analytics”
Scalability – 28+m users , 700+
customers
SIEM
Enterprise Connector
Sanctioned Cloud Services
Anomaly detection
Customer dashboard
On-prem DLP
ADEncryption Key-Server
Close to real time &real time
API
13McAfee CONFIDENTIAL
McAfee Skyhigh for Sanctioned Cloud Services – Secure Gateway based
DLP – Real time (Gateway)
AD Integration for group based
DLP policies
Un/structured data encryption
Cloud access policies based on
(e.g.)
Cooperate / BYOD device User
“Behavioural Analytics”
Scalability – 28+m users , 700+
customers
SIEM
Enterprise Connector
On-prem DLP
ADEncryption Key-Server
Sanctioned Cloud Services
Secure GatewayReal time
Anomaly detection
Customer dashboard
14McAfee CONFIDENTIAL
McAfee Skyhigh Pervasive Cloud ControlTM – CSP Initiated Workflow
On-premises, remote, mobile, or 3rd party user attempts to access a CSP
Upon success, the IdP enables access to the CSP.
✓
The identity provider authenticates the user.
?
All traffic can be redirected through McAfee Skyhigh without the need for an agent of PAC file. McAfee Skyhigh remains in path and cannot be circumvented.
On-Premises Users
Customers, Partners, Vendors
Remote / Mobile Users
The CSP automatically redirects the user to identity provider.
Identity Provider
15McAfee CONFIDENTIAL
1. Confidential Data Control - Prevent regulated/high-value data being stored in the cloud
Enforce DLP based on keywords, data identifiers, IDM, EDM, RegEx
Review highlightedexcerpts showing
content that triggeredthe violation
Multi-tier remediationon severity (quarantine,delete, coach user, etc.)
Rollback an automatedenforcement action or
take manual action
16McAfee CONFIDENTIAL
2. Real-Time Data Guard - Prevent unauthorized data from being shared externally
Coach user, block link, limit sharing, notify administrator
Real-time enforcement of sharing policies via API prevents exposure
DLP powered content-aware collaboration
policies to prevent data loss via sharing/links
17McAfee CONFIDENTIAL
3. Contextual Access Control - Block sync/download of corporate data to unmanaged devices
Enforce distinct policies for managed devices and unmanaged devices
Check MDM/EMM certificate and validate
user-device mapping
Block access to Office 365, including via the native app, on unmanaged devices
Allow preview of content in the browser but disable download
18McAfee CONFIDENTIAL
4. Advanced Threat Protection - Detect compromised accounts, insider threats, and malware
Leverages machine learning and user and entity behavior analytics (UEBA)
Sandboxing to identify
malware that signature-
based solutions miss
No pre-defined policies or thresholds, automatic
models based on activity
Threat funnel correlates multiple anomalies, minimizing false positives
19McAfee CONFIDENTIAL
5. Cloud Activity Monitoring and Forensics - Capture an audit trail for forensic investigations
Categorizes all 600+ activities into 13 categories for easy filtering/navigation
Investigate activities for a specific user centered
around an incident
IP reputation to identify access by a malicious IP such as a TOR network
Expand the scope of an investigation and browse a geo-location map
20McAfee CONFIDENTIAL
McAfee Skyhigh for Office 365 (and File Sharing / Collaboration) Use Cases
McAfee Skyhigh
for IaaS/PaaS
(Amazon Web Services)
How It Works
22McAfee CONFIDENTIAL
McAfee Skyhigh for IaaS Services
NoCode Custom App Security, extending McAfee Skyhigh
capabilities to custom apps with no engineering (GE)
Consistent policies for sanctioned, permitted, and custom
cloud services (First Data)
Why McAfee SkyhighHow it Works
API/Logs
Coverage for both custom apps and IaaS configuration
audit (American Fidelity)
23McAfee CONFIDENTIAL
1. Audit IaaS Environments to Identify Unsecure/Noncompliant Configurations
• Discover current AWS security settings and suggests modifications to improve security
• Monitor security by enabling logging for AWS CloudTrail, Elastic Load Balancing, and Virtual Private Cloud Flow
• Eliminate security loopholes such as unrestricted inbound access to ports
• Secure authentication by requiring MFA for the AWS root account, or modifications to security settings
24McAfee CONFIDENTIAL
2. Monitor Activity and Create Audit Trail for Compliance and Investigations
• Track over 600 actions using AWS CloudTrail API
• Automatically map CloudTrail data to a standardized set of activities
• Capture a complete audit trail of all user and administrator activities to support post-incident investigations and forensics
25McAfee CONFIDENTIAL
3. Detect Insider and Privileged User Threats, Compromised Accounts
• Monitor all activities including escalation of privileges, user provisioning, and sensitive data access
• Leverage machine learning to detect insider and privileged user threat
• Utilize geolocation analysis to identify compromised accounts
• Access a threat protection dashboard and incident-response workflow to review and remediate potential threats
26McAfee CONFIDENTIAL
McAfee Skyhigh for IaaS Platform Use Cases
McAfee Skyhigh
Why?
28McAfee CONFIDENTIAL
Summary: McAfee Skyhigh Covers all Critical Cloud Security Use Cases
McAfee, the McAfee logo and Skyhigh Networks are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the U.S. and/or other countries.
Other names and brands may be claimed as the property of others.
Copyright © 2018 McAfee, LLC.