Stop Hackers with Integrated CASB & IDaaS Security

Speakers

Brad PielechIntegrations Architect

Mario TarabbiaDirector of Sales Engineering

@OneLogin

@CloudLock

Agenda

● IT Complexity Today & Where Organizations Struggle

● Top 5 Cyber Threats to Your Cloud Environment○ Challenge○ Solution

○ What You Can Do Now

● CASB + IDaaS - What We Do

● Q&A

Increasing IT Complexity

Thousands of employees, partners, customers, and

multiple devices...

Working with many, many apps, both in the cloud and on-

premise.

Where Organizations Struggle

Access?

Security?

Cost?

Usage?

Compliance?

Top 5 Cyber Threats To Your Cloud Environment

Data Breaches

Insider Threats

Account Compromis

es

Cloud-Resident Malware

Shadow IT & Cloud-Native

MalwareTop Cyber Threats

#1 Account Compromises

Source: someecards.com

▪ Login to:

▪ File download using:

▪ Massive file downloads using:

▪ Email sent from:

▪ Export using:

09:03

09:26

10:29

11:46

10:11

#1 Account Compromises

▪ Login to:

▪ File download using:

▪ Massive file downloads using:

▪ Email sent from:

▪ Export using:

09:03

09:26

10:29

11:46

Admin

10:11

#1 Account Compromises

Catching, Stopping & Acting

#1 Account CompromisesThe Solution - IDaaS & CASB

Eliminate need for application passwords with SSO & enforce adaptive authenticationDig up behavioral anomalies for signs of a compromiseDevelop procedure to remediate when a user’s account is compromised:

Detect suspicious

activityEnforce MFA

User proves identity, access granted

Attacker cannot verify identity, access denied

! Enforce Directory Password

Reset

Write down a deprovisioning plan

Tomorrow’s Task:+1

Today

#2 Insider Threats

** CloudLock Cybersecurity Report: The 1% Who Can Take Down Your Organization

#2 Insider Threats

Louise was refused the promotion she applied for. Louise quit.

Before quitting, she downloads all customer lists and contracts she can find on Google Drive.

18 months later, Louise’s account downloads 2 more contracts.

What This Looks Like

PII

Finding the Suspicious andTaking Action Quickly

#2 Insider ThreatsThe Solution - IDaaS & CASB

Proactively enforce appropriate access with IDaaS based on existing AD user groups

Monitor for employees-gone-rogue by looking for off-normal SaaS activity

Take an action - communicate, suspend access, enforce authentication across cloud platforms

Be mindful of dormant accounts from ex-employees, contractors, and partners.

All Employees:

Sales:

HR:

Finance:

Identify the dormant accounts in each SaaS platform

Tomorrow’s Task:+1

Today

#3 Cloud-Resident Malware

Bob receives a phishing email from his “boss” asking him to review a malware infected PDF.

Bob believing the file is legitimate, saves it to his team’s folder storage in Sharepoint

Sharepoint synchronizes the file across all team member’s devices thereby automatically propagating the malware.

What This Looks Like

Staying Ahead of the Spread of Malware

#3 Cloud-Resident Malware

Proactively enforce appropriate access

with IDaaS provisioning engine

Leverage CASB to discover malware inside

SaaS apps

Take an action, remove malware

Step up authentication policies

The Solution - IDaaS & CASB

Kick off a phishing awareness campaign

Tomorrow’s Task:+1

Today

#4 Shadow IT and Cloud-Native Malware

Charlie’s organization has more connected cloud apps than there are minutes in the year. Some are good, some are bad, some are ugly.

Charlie’s colleague authenticates into “Mocusign” using corporate credentials

An external 3rd party now has access Charlie’s Docusign username and password.

Docusign data and any other applications accessible with this same set of credentials are now exposed.

Johndoe

LOGINRemember Me

What This Looks Like

#4 Shadow IT and Cloud-Native Malware

Getting Clear on the Good, the Bad,

and the Ugly

#4 Shadow IT and Cloud-Native MalwareThe Solution - IDaaS & CASB

● Audit firewall logs in CASB● Audit oauth connected apps in CASB● Review Unsanctioned App Ratings

● Detect, block & blacklist malicious apps

● Ensure low-rated apps are not provisioned within IDaaS

● Sanction productivity apps and provision access in IDaaS

** CloudLock Cybersecurity Report: The Extended Parameter

#4 Shadow IT and Cloud-Native Malware

** CloudLock Cybersecurity Report: The Extended Parameter

The Solution - IDaaS & CASB● Sanctioned Apps

● Monitor for license compliance and bandwidth

● Eliminate app passwords with SSO and set up automatic app access permissions rules and mappings based on user roles and groups

Audit Top 250 apps on firewall logs

Tomorrow’s Task:+1

Today

#5 Data Breaches

** CloudLock Cybersecurity Report: The Extended Parameter

#5 Data Breaches

Francisco accidentally shares the company’s upcoming product design files to Matthew’s personal email address instead of his corporate account.

Matthew’s personal address may get hacked

Matthew may leave the company tomorrow

Francisco will never realize such sensitive data is exposed

What This Looks Like

Personal Account Hacked

App/Access Locked Down

Unknown

Sent files to personal email

Protecting Sensitive Data from

the Next Breach

#5 Data BreachesThe Solution - IDaaS & CASB

Leverage IDaaS to ensure appropriate entitlements for applications with sensitive data, restricting access via intelligent SAML configurations

Leverage CASB to detect and remediate improperly shared data

Selectively encrypt dataTie CASB and IDaaS security policies for

immediate mitigation of suspicious behavior

Policy Apps

Tomorrow’s Tasks:+1

Today

Get all business owners

in a room to redefine what is sensitive.

Educate end users on safe sharing.

Do’s & Don’t.

Lessons Learned

IDaaS and CASB together enable a complete sanctioned IT solution● Be proactive against the top 5 cyber security threats● IDaaS and CASB two-way integration protects both admins and

end-users ● CASB identifies misuse of services● IDaaS enables easy access to all sanctioned applications, based on

user permissions - e.g. enables HR to do HR tasks without IT friction

CloudLock at a Glance

a

Coverage Surface

In-App Cybersecurit

y

ISV Securit

y

DLP User Behavior Analytics

AppsFirewall

EncryptionManagement

Configuration

SecurityCentralAuditing

IaaS & PaaS

SaaS(CASB)

On-premise +Cloud +

SecurityOrchestratio

n

OneLogin at a Glance

Offboarding and

Revocation

Governance and

Compliance

Analytics

Manage your entire application portfolio.Cloud. On-premise. Mobile.

All users. All devices. All locations.

Deployment of Apps

Content Search

Onboarding and

Engagement

Questions?

bit.ly/onelogin-cloudlock ● Try OneLogin for Free

● Get a Free Cloud Cybersecurity Assessment● See a CloudLock + OneLogin Integration Demo

● Read Our White Paper

Thank you +