Security Tip of the Month: Cloud Exfiltration – Are you aware of what information is being shared outside your company?
Not much long ago, the way we worked looked very different. We mostly worked in an office, on computers that were always connected to the corporate network. Also, the applications and infrastructure had very defined perimeters. The focus from a security perspective was to secure the network perimeter. This picture is changing a lot and it seems it’s just beginning.
Now, company information travels to many points outside the once strictly predefined perimeters. Infrastructure and data once centralized within the organization, have now moved to the cloud. Demanded by the recent health situation, the need for connectivity and its role in creating possibilities, like location independence, has recently led to the increase on amount of remote and, specially, unmanaged workers.
On top of this, Cloud services are procured without the knowledge and control of IT staff and are consumed as SaaS, such as conference apps which are in peak of utilization.
What if someone is storing or sharing sensitive information in your Cloud Storage service? Sneaking credit card numbers in a non-frequent used field in your sales suite? Or maybe leaking important files via conference chats? How to have visibility about what is leaving your company over the cloud channels?
To solve this you need something that will intermediate your cloud access in order to monitor and enforce your security policies and even apply remediation measures. You will need a Security Cloud Broker.
Cisco Cloudlock, for example, is a protection across multiple SaaS Solutions. It provides Visibility, Detection and Remediation for Compliance Issues, Policy Violations, Cloud Account Compromises, Data Breaches and Cloud Malware. Also it also provides codeless security for home-grown apps and actionable cybersecurity intelligence across an organization’s entire cloud infrastructure. With this, it is possible to correlate and analyze usage information across SaaS, IaaS, PaaS, and IDaaS to identify anomalies. It can be done for thousands of applications simultaneously!
It is also possible to:
- Identify suspicious behavior such as a single user logging in from geographically disparate locations in a short period of time
- Unusually high volume of file downloads
- Access outside of typical business hours
- Whitelisting and Blacklisting of specific IP addresses and IP ranges
- Wide range of automations and customizations for the specific need of the business
When anomalies are detected, Cisco Cloudlock enables a range of automated remediation actions, including:
- Administrative alerting
- End-user notification
- Require step-up authentication through integrations with IDaaS solutions
Cisco Cloudlock integrates with malware detection and threat emulation services to both detect cloud-resident malware and enable automated threat response workflows, including administrative alerting, end-user notification, file quarantine, and more. Unlike part-proxy, part-cloud API solutions that attempt both approaches and succeed at neither, Cloudlock orchestrates existing security investments to provide a coordinated, best-of-breed security solution.
If you have questions or are interested let us know.Tags: