Within the cyber security industry, it is well known that as a company grows, so does its attack surface. This trend lends itself largely to the fact that as more employees are hired, more company-owned machines (laptops, tablets, etc.) are distributed. The risk is that once a company-owned machine is given to an employee, it is up to the employee whether to follow the security best practices set forth by your company. Your technological asset has now become a security risk.
The traditional approach to handling this risk is logging and monitoring. In essence, employees using company-owned or managed machines, or employees logged onto the company’s network, are monitored to ensure that they don’t accidentally or knowingly break your enterprise’s corporate policies. Effective logging and monitoring can successfully decrease the time it takes to spot threats, remediate vulnerabilities, and quarantine sensitive files before they are exfiltrated. Logging and monitoring is a key tenant of cyber security, and gives rise to the rapidly expanding market for security information and event management (SIEM) solutions, such as Splunk, QRadar and Azure Sentinel.
But SIEM, while robust in monitoring capabilities, lacks two key features:
Enter the cloud access security broker (CASB). CASB works as a middleman between your enterprise and the thousands of cloud apps your employees log onto. It captures the user’s requests to apps in real-time, checks those requests against company policies, and can block actions on the app if they present a threat to your company or its data.
CASB can also integrate with VPN clients and endpoint agents. That way, your security team can monitor which tools are being used outside of your organization’s managed apps. For example, if your company uses MS SharePoint for sensitive documents, but an employee is uploading said documents onto Google Drive, you can monitor that activity, alert the user, and choose to unsanction, or block, that app.
A successful CASB deployment tends to follow this cycle:
One of CASB’s biggest benefits is that it can enforce policies in real-time (e.g., block downloads, prohibit sharing actions, etc.). It can do this because when you integrate your managed apps (e.g., Box, Salesforce) with CASB, you give the CASB tool global administrator privileges on each of those managed apps. CASB then uses those privileges to enforce policies.
This process presents a key challenge in CASB deployments that persists across industries:
All CASB vendors have very robust systems in place to keep those global admin credentials secure. However, many companies are still weary of giving global admin credentials to CASB, because it, in itself, is a SaaS tool.
As a result, oftentimes companies will forgo policy enforcement on CASB, and simply use CASB for monitoring of business-critical apps and discovery/sanctioning of Shadow IT. Choosing to use CASB this way is not a reflection on your company’s security posture, but it does bring up another issue:
In the absence of real-time policy enforcement, there becomes a strong business need for a robust alert management system. SOC teams must, in this case, be notified of policy breaches immediately in order to start the incident triage and remediation process manually.
OnPage’s incident alert management system provides a simple, efficient way to deliver CASB policy alerts and ensure rapid response. OnPage’s competitive edge in this space is that it can create real time alert-until-read, override the silence switch on popular mobile devices (IOS, Android) and manage schedules for various SOC analysts. This feature allows for a seamless integration between the CASB tool and the existing SOC structure. OnPage also offers escalation groups that ensure minimum response time, transferring missed alerts to analysts that have more bandwidth.
In summary, OnPage is uniquely positioned to integrate with your CASB deployment. Their range of alert management features will keep your SOC team up-to-date and fully informed on all suspicious activities on your network in real time. With these two tools deployed, you can spend much less time worrying about your attack surface, and more time focused on growing your business.
Gartner’s Magic Quadrant for CC&C recognized OnPage for its practical, purpose-built solutions that streamline critical…
Site Reliability Engineer’s Guide to Black Friday It’s gotten to the point where Black Friday…
Cloud engineers have become a vital part of many organizations – orchestrating cloud services to…
Organizations across the globe are seeing rapid growth in the technologies they use every day.…
How Effective Are Your Alerting Rules? Recently, I came across this Reddit post highlighting the…
What Are Large Language Models? Large language models are algorithms designed to understand, generate, and…