CloudSOC Audit: Discover ShadowIT with existing ProxySG products

Posted on: 03/04/2017   By:admin

Our previous article outlined powerful features of Symantec Elastica CloudSOC product portfolio aimed at providing full visibility of cloud applications, i.e. control and protection of cloud-stored data, we will now describe this product in greater detail and give a practical example of how it can be integrated with the existing ProxySG solution.

Elastica CloudSOC was created following Symantec’s acquisition of Blue Coat, previously Elastica, and is the industry’s first integrated cloud security solution with full cloud access security broker (CASB) capabilities, which Gartner defines as on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers.

We have mentioned previously that the Audit module’s functionality is based on collecting logs generated by security solutions such as firewalls and proxy products, with the most interesting being ProxySG and ASG web gateway solutions. The common misperception of customers is that use of cloud applications can be attributed to only 50 of the most popular and wide-spread apps, but this figure is actually ten times higher. CloudSOC CASB Audit differentiates and detects 20,000 applications and assigns them the so-called risk index (Business Readiness Rating), giving you insight into potential dangers when using these applications, while suggesting more acceptable and safer alternatives.

Of course, logs can be anonymized before securely transferring them to the CloudSOC service in order to comply with regulations and data privacy policies.

 

 

Dashboard Audit Service – Global score ranking based on processed logs and most frequently used services

Using CloudSOC CASB Audit enables you to:

  • Discover Shadow IT – Gain insight into the amount and type of cloud applications used in your enterprise, even if you are not aware of them,
  • Identify the risk of using specific applications – Each application is evaluated based on a series of attributes across seven categories and is given a so-called Business Readiness Rating – index of acceptable application usage in the business environment. Examples of these attributes include user account security, support for safer authentication methods, security of stored and transferred data, administrative and audit options, compliance with regulations, service levels, etc.
  • Choose more suitable alternatives – Applications are categorized which makes it possible to match them against similar services, compare their features and choose a more appropriate solution,
  • Get a detailed and informative report on the most vulnerable and most commonly used cloud applications, geolocation visualization of most commonly shared data, users generating the highest amount of traffic via risky cloud applications, etc.,
  • Additionally, existing ProxySG and ASG users can create granular policies for controlling cloud applications that fail to meet security requirements set by the security department.
Skype – Example of an application less suited to the corporate environment. Business Readiness Rating Analysis sorted by category and recommended alternative services.

» Download the sample ShadowIT Audit Report.

How to integrate CloudSOC CASB Audit with existing ProxySG or ASG setups?

Existing Symantec or Blue Coat ProxySG and ASG web gateway users can easily upgrade their software solutions with the CloudSOC CASB Audit Module. Following illustrations explain how these two solutions are linked – ProxySG device, now able to rate more than 20,000 applications, sends access logs to the Symantec CloudSOC service. Existing logs received from the ProxySG device contain all relevant information for creating CloudSOC reports – client IP addresses, usernames, statistics on the amount of transferred data, geolocation data on used applications, IP addresses, names and URLs of accessed applications, etc.

Optional virtual appliance – SpanVA – can also be installed on-premises to aggregate logs generated by multiple security products (proxy, firewall), securely transfer these logs, and optionally anonymize data due to regulatory and data privacy protection requirements.

Interaction between CloudSOC CASB Audit and ProxySG: Device logs are sent to the CloudSOC service, while ProxySG is provided with visibility over 20,000 applications and their attributes via the AppFeed license
Information on applications and their features (AppFeed) are distributed through the existing Symantec cloud service called Global Intelligence Network to on-premises devices (ProxySG, ASG, Management Center)

CloudSOC service supplements logs received from ProxySG with additional application information such as the Business Readiness Rating and application characteristics, and ultimately offers the ability to view and create detailed, visualized reports.

Additionally, integration of ProxySG with Reporter and Management Center means that similar reporting features can be achieved in on-premises versions. Reporter 10 is used as a database and aggregator of logs, while the Management Center – policy management and reporting solution – retrieves data and provides the option of creating reports on used and unsecure cloud applications, with certain limitations in terms of data visualization and recommending alternatives for detected applications.

Management Center is the central point of the Symantec portfolio for creating unique reports on incidents identified in ProxySG, CAS, MAA and CASB products

In conclusion, available integration options are as follows:

  1. Existing ProxySG application classification is expanded with 20,000 currently supported applications (Audit – AppFeed),
  2. ProxySG web gateway sends access logs to the CloudSOC cloud service (via SpanVA virtual appliance) for analysis and reporting,
  3. Optionally: these logs are sent to Reporter 10, and Management Center enables on-premises reporting on the use of unsecure applications.

ProxySG and CASB Audit AppFeed – Creating granular policies and banning unsafe applications

Users of existing Cisco, Checkpoint, Palo Alto, McAfee, Websense and similar solutions can leverage CloudSOC CASB Audit to gain visibility over cloud applications used in their enterprises, while existing Blue Coat ProxySG users are granted additional control over their applications via on-premises web gateway solution. AppFeed License provides Blue Coat ProxySG device with the ability to differentiate between 20,000 different applications and their features – e.g. secure authentication, encryption of stored and transferred data, compliance with regulations, etc.

Enabling application classification in the ProxySG console

This information can then be used to create detailed policies based on application types and related attributes. Users can restrict access to applications by name, Business Readiness Rating below a certain value or applications without required security levels as in the example below:

Application control policy configuration in the ProxySG console
Restricting access to all applications with a low score.
Policy example: approved applications are allowed, and unwanted, unsafe, and low-score applications and explicitly forbidden

Please contact us to receive an informational offer and additional information.

Symantec Elastica CloudSOC: Visibility and data protection in public cloud applications

Useful information: