Blog

Symantec Elastica CloudSOC: Visibility and data protection in public cloud applications

Do you use public cloud apps in your enterprise? Are your business data stored on a popular cloud service? Are you really sure about the answer to this question? Are you planning to or are you already using enterprise cloud applications? Regardless of your answers, reality is that customers are increasingly relocating their business operations to the cloud. Main reason is to reduce the cost and availability of data – any time and any place.

Today’s IT simply has insufficient visibility over cloud applications used by employees and business files stored in various cloud services. At a time when 24/7 availability is paramount, regardless of location or device type, and data sharing between stakeholders becoming faster and easier, security is often associated with reduced productivity and poor customer experience. Customers are increasingly interested in finding new ways to access data more easily, while security is often overlooked.

One simple example of such practice is the employee who spends two days editing a business document and then saves it on his private Dropbox account so he could review it one more time from the comfort of his home, and from his personal tablet, before tomorrow’s early meeting. This may be a very convenient way of accessing data for that employee, but a complete nightmare for the company’s IT department. We must ask ourselves the following questions: how to ensure the visibility of all data locations and how to make them secure while complying with all relevant regulations?

Symantec Elastica CloudSOC

Symantec Elastica CloudSOC platform was created following Symantec’s acquisition of Blue Coat, previously Elastica, and is the industry’s first integrated cloud security solution with full cloud access security broker (CASB) capabilities. Gartner defines CASBs as “on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers.” Symantec Elastica CloudSOC product portfolio provides visibility over the use of cloud apps, authorized or unauthorized, by collecting logs from existing customer security solutions, and gives you the ability to actively control sensitive data stored in the cloud. While Gartner still hasn’t published its report on CASB solutions, Forrester ranked Blue Coat/Symantec a leader in Cloud Security Gateway in its Q4 2016 analysis.

Although only 5% of customers are currently protecting their cloud applications, Gartner predicts a market growth of 85% by 2020. Why not be informed about the possibilities right now?

Elastica CloudSOC solution offers customers four main functionality modules:

  1. Audit – Risk assessment and visibility of used applications, provides a report on security
  2. Detect – Analog functionality to IPS/IDS solutions, detection of malicious activities in cloud applications
  3. Protect – Provides features similar to DLP and Firewall, creating policies for prohibiting excessive document sharing
  4. Investigate – Like other Security Information and Event Management (SIEM) products, provides insight into user activity and overview of how cloud applications are used

Shadow IT Audit – Insight into unauthorized use of applications

The common misperception of customers is that use of cloud applications can be attributed to only 50 of the most popular and wide-spread apps, but this figure is actually ten times higher. Audit module differentiates between 20,000 applications and their use methods. Each application is evaluated based on a series of attributes across seven categories and is given a so-called Business Readiness Rating – index of acceptable application usage in the business environment. Examples of these attributes include user account security, support for safer authentication methods, security of stored data, administrative control options, compliance with regulations, service levels, etc. The objective is not just to identify which applications are being used, but to evaluate how safe they are, what are their characteristics, assess associated risk and discover better alternatives, if any.

Audit module collects analysis data from existing customer security solutions by analyzing relevant logs. Wide range of products is supported, primarily various firewall (Cisco, Checkpoint, Fortinet, Juniper, Sonicwall, Palo Alto, Sophos) or proxy (Blue Coat ProxySG, McAfee, Websense, Squid) solutions. Collected, and anonymized (if necessary) logs can be analyzed on-premises or in a CloudSOC cloud service and form a basis for creating reports.

Dropbox: service i.e. Application rating together with “BRR” scores sorted by category

Microsoft Sharepoint

Download a sample Audit Report — Shadow IT, risk assessment and business application compatibility.

Full control and data protection in the cloud

So, you’ve decided to prohibit the use of Dropbox, OneDrive and similar cloud storage applications; your users also won’t be able to access Gmail, Hotmail, and other webmail services. To achieve this, you’ve configured the existing proxy solution and allowed unrestricted access to only – for example – SharePoint and Office 365 in your corporate environment. Even if you are aware of which cloud applications are used in your corporate environment, and have control over them using existing solutions, are you completely sure which data is shared only with users within the company and which data is unnecessarily exposed to external, unauthorized users? Sensitive documents can be disclosed to too many users with a single click.

Detect and Protect modules can be leveraged to detect sensitive data, provide full visibility over exposed shared documents and enable you to terminate excessive exposure or even prevent sharing in the first place. Modules integrate directly with the cloud application providers’ API or use gateway access, i.e. intercept user traffic. Classification of sensitive content via DLP policies, automatic application of these rules and undoing unwanted changes, user activity audits, malicious activity detection by analyzing user behavior, and antimalware functionality are just some of the features provided by Detect, Protect, and Investigate modules. Unwanted changes can be controlled regardless of whether the user accesses data and services from a corporate PC or his smartphone outside of the office. This means we get Data Loss Prevention and SIEM cloud-specific features.

The next article covers technical details of how Symantec Elastica CloudSOC product family can be integrated with your existing security solutions – with an emphasis on the existing Symantec-Blue Coat product portfolio. Please contact us to receive an informational offer and additional information.

Additional Information:

Share on LinkedInShare on FacebookShare on Google+Tweet about this on Twitter