Posted: 3 Min ReadProduct Insights

More Essential Than Ever - The Role of CASB and SASE in Securing Cloud Usage

Staying safe, secure and compliant

Working from home has allowed many businesses to survive over the last year, but it has changed the security and data loss risk profile of organizations.  First, home networks and personal devices lack the high levels of security offered by corporate networks.  No wonder that we see the sophistication and volume of attacks against remote workers increasing.

To address these security and compliance risks, Symantec, as a division of Broadcom, recommends enterprises adopt a Secure Access Service Edge (SASE), cloud-based, security architecture.  SASE combines networking and security-as-a-service capabilities, and prioritizes data and user protection over hardware or company networks.

A foundational component of SASE is Symantec CASB (cloud access security broker), because it helps companies use cloud applications and services with confidence - allowing users to stay safe, secure and compliant.

Why Choose CloudSOC (CASB)?

Symantec CloudSOC CASB offers critical capabilities for delivering the full life cycle of cloud application security.  It provides fine grained controls to protect an organization’s digital assets across cloud applications. The three most important requirements are:

  • Productivity - secure access from anywhere,
  • Continuous risk monitoring and
  • Adaptive access control

Here’s how they work together to protect your enterprise:

Continuous Risk Monitoring

Symantec CloudSOC CASB continuously monitors risks like data loss, use of unsanctioned applications, malware, device security posture and compromised accounts. It gathers frequent data from cloud applications via its API integrations (Securlets), endpoints, gateway integrations (Gatelets) and Mirror Gateway, a superior alternative to reverse-proxy, which uses remote browser isolation to negate the need for an agent on unmanaged devices.

CloudSOC’s UEBA engine uses these signals and a variety of analytics approaches like rules and signature-based algorithms to trigger incident detectors. CloudSOC allows admins to set up thresholds for certain activities. (E.g. employees can upload files up to 200 MB.) When that threshold is crossed, an "incident detector" is triggered and an incident is created. Depending on the severity of the incident, the "ThreatScore" is increased by a certain amount.  It also uses machine learning techniques like NLP, Advanced Outlier Detection, Bayesian modeling and others to detect anomalous user and device behavior. Based on this continuous risk monitoring, CloudSOC generates a “ThreatScore” and assigns it to users. This score indicates the level of risk associated with that user entity.

Adaptive Access Control

Adaptive access control harnesses the data from continuous risk monitoring to protect information. CASB can enforce real-time policies via its gateway to prevent:

  • Exfiltration of sensitive data
  • Block malicious content
  • Prevent malicious/compromised users from accessing cloud applications

Also helpful is real-time decision-making based on a person’s constantly changing ThreatScore. As a user’s ThreatScore changes, CloudSOC can automatically control his or her level of access to information. It can:

  • Reduce someone’s access privileges
  • Reduce privileges for sharing data
  • Prevent data from being shared with external entities

High-risk users can also be forced to go through multi-factor authentication (MFA), minimizing the risk of data loss.

How to Make the Most Out of Symantec CloudSOC CASB

Making the most of your Symantec CloudSoc CASB will ensure complete visibility and control into all your data stored in sanctioned and unsanctioned applications and enable you to monitor and control your user’s actions which is vital in your mission to protect sensitive data, identify overexposed files and prevent against data leakages.

  • Use CloudSOC to monitor all users’ access to cloud applications.  Gather data on who is accessing what, ensure sensitive data is being discovered in the cloud and build baseline patterns of user behavior.
  • Don’t rely on a static risk assessment, continually monitor risk and adapt user access rights.  Because threats change and user accounts can be compromised, it is no longer sufficient to allow users access to systems based on the original assessment of risk.  Constantly monitor risk based on user behavior and other context (location, network, and device).  Adapt access control based on real time risk assessments.
  • Free up time for your security team.  CloudSOC uses machine learning and data gathered from millions of signals across many channels.  It automates the process of behavioral profiling, adjusting access and authorization levels, leaving your security team to focus on other ways to reduce data loss and cyber security risk.
Symantec Enterprise Blogs
You might also enjoy
2 Min Read

Broadcom Collaborates with Google Cloud to Accelerate Software Innovation and Growth

Strategic partnership enhances Broadcom’s ability to deliver cloud-first software with speed, scale and efficiency

Symantec Enterprise Blogs
You might also enjoy
Video
3 Min Read

Why You Need Symantec DLP Endpoint to Protect Data in the Cloud

Delivering integrated data security

About the Author

Prateek Temkar

Director of Product Management, Symantec CloudSOC team

Prateek leads product management for Symantec CloudSOC CASB (Cloud Access Security Broker).

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.