SHADOW IT Discovery & Protection Ricky Mok Senior Security Architect HP – Enterprise Security

#CLOUDSEC

Click to edit Master title style

ATTACK LIFE CYCLE

2

3

THE WAVES OF DATA ARE HERE…

4

99% of breaches are about the data

5

6

FULL UMBRELLA OF DATA PROTECTION USE CASES

INTELLIGENCE TO ACTION: DATA CLASSIFICATION WITH HP Atalla Cloud Access Security Brocker

7

SaaS

CASB

8

9

FOUR DANGERS

10

FOUNDED: 2012

FOUNDERS: 8200 unit of the Israeli Defense Force

HEADQUARTERS: Palo Alto, CA

FUNDING: Sequoia, Index Ventures, HP, Rembrandt, EMC

Visibility, governance and protection For the top sanctioned SaaS applications

SECURITY VENDORS SAAS VENDORS LARGE ENTERPRISES

• Discovery for over 13,000 SaaS applications

• Data enriched by BlueCoat

• Overview for each discovered application

• Drill deeper into each application

ADALLOM DISCOVERY - DASHBOARD

11

12

INTRODUCING ADALLOM FOR CLOUD APPLICATION SECURITY

Protection Governance Visibility

cloud application security platform

Visibility and context: • Application dashboard • Auditing trails • Users

(internal/external) • Data sharing discovery

• Detection and alerts of:

• High-risk users • High-risk behaviors • Security incidents • Compliance violations

• Governance/compliance:

• Data sharing • Access control • Activities • eDiscovery policies

13

ADALLOM & HP SOLUTIONS

14

Periodic discovery of 13,000 cloud services with 60+ risk ratings

Manage corporate-approved applications

Cloud-to-cloud API Out-of-band visibility and governance Phase 1: Out-of-band

Access control proxy Control access based on device

(managed/unmanaged), IP, location, user or role

Phase 2: In-line prevention for access

Phase 3: In-line prevention for specific use cases

Full Proxy Control access, content and activities

“Allow Sales to download Box documents on unmanaged devices, but encrypt/IRM”

15

ADALLOM VISION

Flexible deployments

Deliver the most flexible deployments to integrate

with any application in any enterprise architecture

Extensible

Extend existing solutions (SWG, SIEM, MDM, DLP,

IRM) to the cloud to preserve investment

protection

Partner, not vendor

Work with customers to address key cloud security requirements, partner with

cloud vendors on cloud security framework

Lead with innovation

Deeper visibility and controls, with proactive SaaS research

(Adallom Labs) and SmartEngine advanced heuristics and policies

To be the leading cloud security company by building the world’s most innovative and disruptive cloud security platform

16

WHY ADALLOM?

SaaS providers choose Adallom

Security vendors choose Adallom

Large enterprises choose Adallom

Hear from SAP VP of Security how Adallom Secured SAP SusccessFactors - https://www.youtube.com/watch?v=GjktUGUtIB4

17

Adallom Labs – The SaaS research Differentiation

Anomaly detection Security Intelligence

• Live security feeds from intelligence data sources (e.g. Gmail accounts breach)

• Collaboration with the top security research groups, including Salesforce, Microsoft and Paypal

• Partners in the OWASP and MAAP groups

Proactive threat research

• Malware analysis reverse engineering and C&C analysis of SaaS oriented malwares

• SaaS attacks forensics

• SaaS vulnerabilities proactive vulnerabilities research

• User behavior analysis user location and activity mapping, device tracking

• Modeling of attacks patterns – specific detection heuristics for known attacks, e.g. internal user, crawling agent.

The ONLY SaaS security group that has protected businesses from real-world attacks

• Which users are sharing the most? • Which domains are being shared? • Which files shared with personal accounts • Identify files being shared with competition • Monitor file-sharing with partner • Monitor 3rd party ecosystem applications

sharing

18

FILE SHARING TREND AND MANAGEMENT

USE CASE – DATA SHARING

Remediate immediately or create long-term policies

Scan all content in the cloud

Use sharing context:

Which files should not be publicly

shared?

Which files should not be shared

outside of the company?

19

SHARING-AWARE DLP

USE CASE – DLP CONTROLS IN THE CLOUD

hason@adallom.com publicly sharing a file tagged as Acme Confidential

BUILT FOR INTEGRATION Classification performed by on

premise DLP

Enforcement performed by

Adallom in the cloud Existing content via API Real time via proxy

mailto:hason@adallom.com

IT administrator outside office locations Proxy usage Access from “Ukraine”

20

MONITOR USERS AND ACTIVITIES

USE CASE - ACTIVITY AND ACCESS MANAGEMENT

MONITOR ACCESS FROM

UNMANAGED DEVICES

Restrict to certain users

Restrict access to read-only mode

Allow access but enable encryption and

IRM

3rd party attacks Velocity alerts Suspicious location access Multiple failed login attempts Unusual download of files

OUT-OF-THE-BOX THREAT DETECTION INCLUDING:

USE CASE – THREAT DETECTION AND RISK

HOW DO YOU PROTECT YOUR MOST SENSITIVE DATA FROM DAMAGING BREACHES?

HP Atalla is a

Leader in Data-Centric Security safeguarding data throughout its entire lifecycle –

at rest, in motion, in use – across the cloud, on-premise and mobile environments with

continuous protection

hp.com/go/Atalla

#CLOUDSEC

Ricky Mok Senior Security Architect HP – Enterprise Security

FEEDBACK FORM

24

COMPLETE the feedback form,

COLLECT all stamps and

SUBMIT it to the registration counter to

RECEIVE an exclusive Trend Micro gift &

a CLOUDSEC 2015 Certificate of Attendance!

AFTERNOON COFFEE BREAK AT FOYER AREA AND ROOM S222-S223

25

26

投影片編號 1Click to edit Master title style投影片編號 3投影片編號 499% of breaches are about the dataFull umbrella of data protection use casesIntelligence to Action: �Data classification with投影片編號 8投影片編號 9投影片編號 10投影片編號 11投影片編號 12投影片編號 13投影片編號 14To be the leading cloud security company by building the world’s most innovative and disruptive cloud security platform投影片編號 16Adallom Labs – The SaaS research Differentiation投影片編號 18投影片編號 19投影片編號 20投影片編號 21How do you protect your most sensitive data from damaging breaches?�投影片編號 23投影片編號 24投影片編號 25投影片編號 26