Hello, I'm looking to build a CASB (Cloud Access Security Broker) Capability Matrix to compare against major Vendors.
For example, some vendors offer Network Behavior Analytics and some dont or what integrations I should check for ..etc
Hello, I'm looking to build a CASB (Cloud Access Security Broker) Capability Matrix to compare against major Vendors.
For example, some vendors offer Network Behavior Analytics and some dont or what integrations I should check for ..etc
You need to be a member of CISO Platform to add comments!
Replies
You can use the Compare products tool here to see a few.
The capabilities and functionality of different CASBs vary significantly, but at a minimum, Gartner suggests that CASBs should offer organizations:
Visibility into cloud usage throughout the organization
A way to ensure and prove compliance with all regulatory requirements
A way to ensure that data is stored securely in the cloud
A satisfactory level of threat protection to ensure that the security risk of using the cloud is acceptable
In practice this means that at a bare minimum, CASBs need to be able to:
Provide the IT department with visibility into sanctioned and unsanctioned cloud service usage, including "cloud to cloud" usage
Provide a consolidated view of all cloud services being used by the organization – and the users who access them from any device or location
Control access to cloud services
Help administrators ensure that the organization complies with all relevant regulations and standards (such as data residency) when using cloud services
Allow IT departments to set and enforce security policies on cloud usage and the use of corporate data in cloud services, and apply them through audit, alert, block, quarantine, delete and other controls
Enable administrators to encrypt or tokenize data stored in the cloud
Provide data loss prevention (DLP) capabilities, or interface with existing corporate DLP systems
Provide access controls to prevent unauthorized employees, devices or applications from using cloud services
Offer threat prevention methods such as behavioral analytics, anti-malware scanning and threat intelligence.
Some Points to Consider:
-> Some CASB vendors may not support all the use cases or only have limited support for some
-> Existing SaaS applications in use and CASB vendor support – Nearly everyone supports popular applications like O365, SF, Box, AWS, Google
-> Point solutions maybe better for certain use cases – specially if you’re already invested
-> Performance Impact
-> Very dynamic market – M&A is common (nearly every quarter)
-> Check for supported standards (through they’re still evolving) – CSA, OpenAPI, NIST, ISO
>>Here are more details
You might want to checkout the CISO Platform "free comparison tool", here is the link:
http://products.cisoplatform.com/security/market/cloud-access-secur...
CASB comes in modules and we have carefully craft our requirements and use case. In my case we used it for G-Suite management and access control along with AWS. You get Application access and Shadow IT report along with. Let me know if you are looking specifically for these I will share for this use case.
I follow this link -
https://www.skyhighnetworks.com/cloud-security-university/what-is-c...
Maybe a small writeup help -
CASB scope applies broadly across the SaaS, PaaS, and IaaS cloud service delivery models.
For SaaS coverage, CASBs commonly work with the most popular content collaboration platform (CCP), CRM, HR, ERP, service desk, office productivity suites, and enterprise social networking sites. Some CASBs extend support to less common SaaS applications through custom plug-ins or automated learning of application behaviour.
For IaaS and PaaS coverage, several CASBs govern the consoles of popular cloud service providers (CSPs) and extend visibility and governance to applications running in these clouds. Several CASBs now also offer cloud security posture management (CSPM) capabilities to assess and reduce configuration risk in IaaS, PaaS, and SaaS cloud services, sometimes by reconfiguring native security controls directly in cloud services. However, IaaS and PaaS governance are new for almost every CASB, and therefore not yet as developed as SaaS governance. A few CASBs can be deployed in front of enterprise web-enabled applications to bring these under a consistent cloud service management framework, although this is an uncommon scenario.
CASBs deliver functionality through four pillars:
• Visibility. CASBs provide shadow IT discovery, a consolidated view of an organization’s cloud service landscape, and details about the users who access data in cloud services from any device or location. Leading CASBs take this further with a cloud service security rating database to provide visibility into the trustworthiness of the CSP and associated risks it might introduce.
• Data security. CASBs provide the ability to enforce data-centric security policies to prevent unwanted activity based on data classification, on data discovery, and on user activity monitoring of access to sensitive data or privilege escalation. Policies are applied through controls, such as audit, alert, block, quarantine, delete and view only. Data loss prevention (DLP) features are prevalent and are one of the most commonly deployed controls after visibility. CASB DLP operates natively and in conjunction with enterprise DLP products via ICAP or RESTful API integration. Some CASBs provide the ability to encrypt, tokenize, or redact content at the field and file level in cloud services. But because encryption and tokenization outside a SaaS application can affect functionality, CASB-facilitated encryption and tokenization are not commonly used.
• Threat protection. CASBs prevent unwanted devices, users and versions of applications from accessing cloud services by providing adaptive access controls (AACs). Cloud application functionality can be changed based on signals observed during and after login. Other examples of CASB capabilities in this category are embedded user and entity behavior analytics (UEBA) for identifying anomalous behavior, and the use of threat intelligence, network sandboxing, and malware identification and remediation. All CASBs are primarily using OEMs of existing enterprise-grade anti-malware and sandbox tools rather than building their own. In some cases, CASB vendors have their own analyst teams researching cloud-specific and cloud-native attacks.
• Compliance. CASBs help organizations demonstrate that they are governing the use of cloud services. They provide information to determine cloud risk appetite and establish cloud risk tolerance. Through their various visibility, control, and reporting capabilities, CASBs assist efforts to conform to data residency and regulatory compliance requirements. Many CASB vendors have added CSPM capabilities to their products. CSPM assesses and manages the security posture of the cloud control plane, mostly for IaaS and occasionally for SaaS. The better offerings provide this across multiple public cloud providers for consistent policy enforcement.
CASB capabilities are delivered primarily as a SaaS application, occasionally accompanied by an on-premises virtual or physical appliance. SaaS delivery is significantly more popular for most use cases. However, an on-premises appliance might be required for conformance with certain regulatory or data sovereignty rules, especially if in-line encryption or tokenization is performed.
See this document for possibly some help. I am interested in the feature list as well.
https://cultureofresilience.com/pop-bp-taxonomy.pdf Best regards, PaulFeldman@Gmail.com
Will help you