stop hackers with integrated casb & idaas security
TRANSCRIPT
Stop Hackers with Integrated CASB & IDaaS Security
Speakers
Brad PielechIntegrations Architect
Mario TarabbiaDirector of Sales Engineering
@OneLogin
@CloudLock
Agenda
● IT Complexity Today & Where Organizations Struggle
● Top 5 Cyber Threats to Your Cloud Environment○ Challenge○ Solution
○ What You Can Do Now
● CASB + IDaaS - What We Do
● Q&A
Increasing IT Complexity
Thousands of employees, partners, customers, and
multiple devices...
Working with many, many apps, both in the cloud and on-
premise.
Where Organizations Struggle
Access?
Security?
Cost?
Usage?
Compliance?
Top 5 Cyber Threats To Your Cloud Environment
Data Breaches
Insider Threats
Account Compromis
es
Cloud-Resident Malware
Shadow IT & Cloud-Native
MalwareTop Cyber Threats
#1 Account Compromises
Source: someecards.com
▪ Login to:
▪ File download using:
▪ Massive file downloads using:
▪ Email sent from:
▪ Export using:
09:03
09:26
10:29
11:46
10:11
#1 Account Compromises
▪ Login to:
▪ File download using:
▪ Massive file downloads using:
▪ Email sent from:
▪ Export using:
09:03
09:26
10:29
11:46
Admin
10:11
#1 Account Compromises
Catching, Stopping & Acting
#1 Account CompromisesThe Solution - IDaaS & CASB
Eliminate need for application passwords with SSO & enforce adaptive authenticationDig up behavioral anomalies for signs of a compromiseDevelop procedure to remediate when a user’s account is compromised:
Detect suspicious
activityEnforce MFA
User proves identity, access granted
Attacker cannot verify identity, access denied
! Enforce Directory Password
Reset
Write down a deprovisioning plan
Tomorrow’s Task:+1
Today
#2 Insider Threats
** CloudLock Cybersecurity Report: The 1% Who Can Take Down Your Organization
#2 Insider Threats
Louise was refused the promotion she applied for. Louise quit.
Before quitting, she downloads all customer lists and contracts she can find on Google Drive.
18 months later, Louise’s account downloads 2 more contracts.
What This Looks Like
PII
Finding the Suspicious andTaking Action Quickly
#2 Insider ThreatsThe Solution - IDaaS & CASB
Proactively enforce appropriate access with IDaaS based on existing AD user groups
Monitor for employees-gone-rogue by looking for off-normal SaaS activity
Take an action - communicate, suspend access, enforce authentication across cloud platforms
Be mindful of dormant accounts from ex-employees, contractors, and partners.
All Employees:
Sales:
HR:
Finance:
Identify the dormant accounts in each SaaS platform
Tomorrow’s Task:+1
Today
#3 Cloud-Resident Malware
Bob receives a phishing email from his “boss” asking him to review a malware infected PDF.
Bob believing the file is legitimate, saves it to his team’s folder storage in Sharepoint
Sharepoint synchronizes the file across all team member’s devices thereby automatically propagating the malware.
What This Looks Like
Staying Ahead of the Spread of Malware
#3 Cloud-Resident Malware
Proactively enforce appropriate access
with IDaaS provisioning engine
Leverage CASB to discover malware inside
SaaS apps
Take an action, remove malware
Step up authentication policies
The Solution - IDaaS & CASB
Kick off a phishing awareness campaign
Tomorrow’s Task:+1
Today
#4 Shadow IT and Cloud-Native Malware
Charlie’s organization has more connected cloud apps than there are minutes in the year. Some are good, some are bad, some are ugly.
Charlie’s colleague authenticates into “Mocusign” using corporate credentials
An external 3rd party now has access Charlie’s Docusign username and password.
Docusign data and any other applications accessible with this same set of credentials are now exposed.
Johndoe
LOGINRemember Me
What This Looks Like
#4 Shadow IT and Cloud-Native Malware
Getting Clear on the Good, the Bad,
and the Ugly
#4 Shadow IT and Cloud-Native MalwareThe Solution - IDaaS & CASB
● Audit firewall logs in CASB● Audit oauth connected apps in CASB● Review Unsanctioned App Ratings
● Detect, block & blacklist malicious apps
● Ensure low-rated apps are not provisioned within IDaaS
● Sanction productivity apps and provision access in IDaaS
** CloudLock Cybersecurity Report: The Extended Parameter
#4 Shadow IT and Cloud-Native Malware
** CloudLock Cybersecurity Report: The Extended Parameter
The Solution - IDaaS & CASB● Sanctioned Apps
● Monitor for license compliance and bandwidth
● Eliminate app passwords with SSO and set up automatic app access permissions rules and mappings based on user roles and groups
Audit Top 250 apps on firewall logs
Tomorrow’s Task:+1
Today
#5 Data Breaches
** CloudLock Cybersecurity Report: The Extended Parameter
#5 Data Breaches
Francisco accidentally shares the company’s upcoming product design files to Matthew’s personal email address instead of his corporate account.
Matthew’s personal address may get hacked
Matthew may leave the company tomorrow
Francisco will never realize such sensitive data is exposed
What This Looks Like
Personal Account Hacked
App/Access Locked Down
Unknown
Sent files to personal email
Protecting Sensitive Data from
the Next Breach
#5 Data BreachesThe Solution - IDaaS & CASB
Leverage IDaaS to ensure appropriate entitlements for applications with sensitive data, restricting access via intelligent SAML configurations
Leverage CASB to detect and remediate improperly shared data
Selectively encrypt dataTie CASB and IDaaS security policies for
immediate mitigation of suspicious behavior
Policy Apps
Tomorrow’s Tasks:+1
Today
Get all business owners
in a room to redefine what is sensitive.
Educate end users on safe sharing.
Do’s & Don’t.
Lessons Learned
IDaaS and CASB together enable a complete sanctioned IT solution● Be proactive against the top 5 cyber security threats● IDaaS and CASB two-way integration protects both admins and
end-users ● CASB identifies misuse of services● IDaaS enables easy access to all sanctioned applications, based on
user permissions - e.g. enables HR to do HR tasks without IT friction
CloudLock at a Glance
a
Coverage Surface
In-App Cybersecurit
y
ISV Securit
y
DLP User Behavior Analytics
AppsFirewall
EncryptionManagement
Configuration
SecurityCentralAuditing
IaaS & PaaS
SaaS(CASB)
On-premise +Cloud +
SecurityOrchestratio
n
OneLogin at a Glance
Offboarding and
Revocation
Governance and
Compliance
Analytics
Manage your entire application portfolio.Cloud. On-premise. Mobile.
All users. All devices. All locations.
Deployment of Apps
Content Search
Onboarding and
Engagement
Questions?
bit.ly/onelogin-cloudlock ● Try OneLogin for Free
● Get a Free Cloud Cybersecurity Assessment● See a CloudLock + OneLogin Integration Demo
● Read Our White Paper
Thank you +