-
SHADOW IT Discovery & Protection Ricky Mok Senior Security Architect HP – Enterprise Security
#CLOUDSEC
-
Click to edit Master title style
ATTACK LIFE CYCLE
2
-
3
-
THE WAVES OF DATA ARE HERE…
4
-
99% of breaches are about the data
5
-
6
FULL UMBRELLA OF DATA PROTECTION USE CASES
-
INTELLIGENCE TO ACTION: DATA CLASSIFICATION WITH HP Atalla Cloud Access Security Brocker
7
SaaS
CASB
-
8
-
9
FOUR DANGERS
-
10
FOUNDED: 2012
FOUNDERS: 8200 unit of the Israeli Defense Force
HEADQUARTERS: Palo Alto, CA
FUNDING: Sequoia, Index Ventures, HP, Rembrandt, EMC
Visibility, governance and protection For the top sanctioned SaaS applications
SECURITY VENDORS SAAS VENDORS LARGE ENTERPRISES
-
• Discovery for over 13,000 SaaS applications
• Data enriched by BlueCoat
• Overview for each discovered application
• Drill deeper into each application
ADALLOM DISCOVERY - DASHBOARD
11
-
12
INTRODUCING ADALLOM FOR CLOUD APPLICATION SECURITY
Protection Governance Visibility
cloud application security platform
Visibility and context: • Application dashboard • Auditing trails • Users
(internal/external) • Data sharing discovery
• Detection and alerts of:
• High-risk users • High-risk behaviors • Security incidents • Compliance violations
• Governance/compliance:
• Data sharing • Access control • Activities • eDiscovery policies
-
13
ADALLOM & HP SOLUTIONS
-
14
Periodic discovery of 13,000 cloud services with 60+ risk ratings
Manage corporate-approved applications
Cloud-to-cloud API Out-of-band visibility and governance Phase 1: Out-of-band
Access control proxy Control access based on device
(managed/unmanaged), IP, location, user or role
Phase 2: In-line prevention for access
Phase 3: In-line prevention for specific use cases
Full Proxy Control access, content and activities
“Allow Sales to download Box documents on unmanaged devices, but encrypt/IRM”
-
15
ADALLOM VISION
Flexible deployments
Deliver the most flexible deployments to integrate
with any application in any enterprise architecture
Extensible
Extend existing solutions (SWG, SIEM, MDM, DLP,
IRM) to the cloud to preserve investment
protection
Partner, not vendor
Work with customers to address key cloud security requirements, partner with
cloud vendors on cloud security framework
Lead with innovation
Deeper visibility and controls, with proactive SaaS research
(Adallom Labs) and SmartEngine advanced heuristics and policies
To be the leading cloud security company by building the world’s most innovative and disruptive cloud security platform
-
16
WHY ADALLOM?
SaaS providers choose Adallom
Security vendors choose Adallom
Large enterprises choose Adallom
Hear from SAP VP of Security how Adallom Secured SAP SusccessFactors - https://www.youtube.com/watch?v=GjktUGUtIB4
-
17
Adallom Labs – The SaaS research Differentiation
Anomaly detection Security Intelligence
• Live security feeds from intelligence data sources (e.g. Gmail accounts breach)
• Collaboration with the top security research groups, including Salesforce, Microsoft and Paypal
• Partners in the OWASP and MAAP groups
Proactive threat research
• Malware analysis reverse engineering and C&C analysis of SaaS oriented malwares
• SaaS attacks forensics
• SaaS vulnerabilities proactive vulnerabilities research
• User behavior analysis user location and activity mapping, device tracking
• Modeling of attacks patterns – specific detection heuristics for known attacks, e.g. internal user, crawling agent.
The ONLY SaaS security group that has protected businesses from real-world attacks
-
• Which users are sharing the most? • Which domains are being shared? • Which files shared with personal accounts • Identify files being shared with competition • Monitor file-sharing with partner • Monitor 3rd party ecosystem applications
sharing
18
FILE SHARING TREND AND MANAGEMENT
USE CASE – DATA SHARING
Remediate immediately or create long-term policies
-
Scan all content in the cloud
Use sharing context:
Which files should not be publicly
shared?
Which files should not be shared
outside of the company?
19
SHARING-AWARE DLP
USE CASE – DLP CONTROLS IN THE CLOUD
[email protected] publicly sharing a file tagged as Acme Confidential
BUILT FOR INTEGRATION Classification performed by on
premise DLP
Enforcement performed by
Adallom in the cloud Existing content via API Real time via proxy
mailto:[email protected]
-
IT administrator outside office locations Proxy usage Access from “Ukraine”
20
MONITOR USERS AND ACTIVITIES
USE CASE - ACTIVITY AND ACCESS MANAGEMENT
MONITOR ACCESS FROM
UNMANAGED DEVICES
Restrict to certain users
Restrict access to read-only mode
Allow access but enable encryption and
IRM
-
3rd party attacks Velocity alerts Suspicious location access Multiple failed login attempts Unusual download of files
OUT-OF-THE-BOX THREAT DETECTION INCLUDING:
USE CASE – THREAT DETECTION AND RISK
-
HOW DO YOU PROTECT YOUR MOST SENSITIVE DATA FROM DAMAGING BREACHES?
HP Atalla is a
Leader in Data-Centric Security safeguarding data throughout its entire lifecycle –
at rest, in motion, in use – across the cloud, on-premise and mobile environments with
continuous protection
hp.com/go/Atalla
-
#CLOUDSEC
Ricky Mok Senior Security Architect HP – Enterprise Security
-
FEEDBACK FORM
24
COMPLETE the feedback form,
COLLECT all stamps and
SUBMIT it to the registration counter to
RECEIVE an exclusive Trend Micro gift &
a CLOUDSEC 2015 Certificate of Attendance!
-
AFTERNOON COFFEE BREAK AT FOYER AREA AND ROOM S222-S223
25
-
26
投影片編號 1Click to edit Master title style投影片編號 3投影片編號 499% of breaches are about the dataFull umbrella of data protection use casesIntelligence to Action: �Data classification with投影片編號 8投影片編號 9投影片編號 10投影片編號 11投影片編號 12投影片編號 13投影片編號 14To be the leading cloud security company by building the world’s most innovative and disruptive cloud security platform投影片編號 16Adallom Labs – The SaaS research Differentiation投影片編號 18投影片編號 19投影片編號 20投影片編號 21How do you protect your most sensitive data from damaging breaches?�投影片編號 23投影片編號 24投影片編號 25投影片編號 26