Microsoft Cloud App Security

By Ashwin Venugopal -

 





The Cloud App Security Framework

Cloud App Security Brokers (CASBs) are defined by Gartner as security policy enforcement points placed between cloud service consumers and cloud service providers to combine as well as interject enterprise security policies as cloud-based resources are accessed. 

Microsoft Cloud App Security is a CASB  helps you to identify as well as combat cyber threats across Microsoft and third-party cloud services while easily integrating with Microsoft solutions, providing simple deployment, centralized management, and innovative automation capabilities. There are four elements to your Cloud App Security framework:

  • Discover & control the use of Shadow IT-  It Identifies the cloud apps, IaaS, and PaaS services used by your organization. As the apps you don't know about, on average totaling more than 1000, are your "Shadow IT", but when you know which apps are being used, you can better understand and control your risk.

  • Protect your sensitive information anywhere in the cloud- It can understand, classify, and protect sensitive information at rest which helps you to avoid accidental data exposure, while providing Data Loss Prevention (DLP) capabilities that covers the various data leak points that exist in organizations. 

  • Protect against cyber threats & anomalies- It can detect unusual behavior across apps, users, and potential ransomware. Cloud App Security can easily combine the multiple detection methods, including anomaly, User Entity Behavioral Analytics (UEBA), and rule-based activity detections, to show who is using the apps in your environment and how they are using them.

  • Assess the compliance of your cloud apps- It can assess if your cloud apps comply with the regulations and industry standards specific to your organization or not while helping you to compare your apps and usage against relevance compliance requirements, prevent data leaks to non-compliant apps, as well as limit access to the regulated data. 

Explore Your Cloud Apps With Cloud Discovery

You can use Cloud Discovery to see what's happening in your network as it easily analyzes your traffic logs against a catalogs of more than 80 risk factors to give you visibility into cloud use, Shadow IT, and the risk it poses to your organization. Its dashboard also provides an at-a-glance overview of what kinds of apps are being used, your open alerts, and the risk levels of the apps in your organization while also helping you to filter the data collected by the Cloud Discovery to generate the specific views depending on what interests you the most.

Protect Your Data & Apps With Conditional Access App Control

Microsoft Cloud App Security integrates with the Identity Providers (IdPs) to protect your data & devices with access and session controls through Conditional Access App Control. To further refine filters as well as set actions to be taken on a user, you can also use access and session policies in the Cloud App security portal. With the access and session policies, you can:
  • Prevent data exfiltration- Block the download, cut, copy, and print of sensitive documents on, for example, unmanaged devices.

  • Protect on download- Instead of blocking the download of the sensitive documents, you can require them to be labeled and protected with the Azure Information Protection while ensuring that the document is protected and  the user access is restricted in a potentially risky session.

  • Prevent upload of unlabeled files- It enforces the use of labeling as before any sensitive file is uploaded, distributed, and used by the others, it's important to make sure that it has the right label as well as protection. You can also block a file upload until the content is classified.

  • Monitor user sessions for compliance- Monitors risky users when they sign in to apps and log their actions from within the sessions while investigating as well as analyzing user behavior to understand where, and under what conditions, you can apply session policies in the future.

  • Block access- You can block access to the specific apps and users depending on several risk factors. For example, you can block a user if they are using a client certificate as a form of device management. 

  • Block custom activities- Some apps have unique scenarios that carry risk; for example, sending messages with sensitive content in the apps like Microsoft Teams or Slack. In these kinds of scenarios,  you can scan messages for sensitive content and block them in real time. 

Classify & Protect Sensitive Information

One of the key elements of the Cloud App Security framework is protecting your sensitive information which is a subjective phrase, as this can vary from one organization to another.

What is Information Protection?

An employee might accidentally upload a file to the wrong place or they could send confidential information to someone who shouldn't have it which may result in the loss of information or it may made accessible to the wrong person that can further lead to serious financial, legal, or reputational consequences for your organization. An information is vital to any modern organization,and you want to ensure that it's protected at all times. 

To help you with it, Microsoft Cloud App Security natively integrates with the Azure Information Protection, a cloud-based service that helps classify as well as protect files and emails across your organization. 

Note: You have to enable the app connector for Microsoft 365 to take advantage of the azure Information Protection.  





Comments

Post a Comment

Popular posts from this blog

Deployment (Part 3)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 2, please click  here Microsoft Monitoring Agent (MMA) MMA is used across multiple Microsoft solutions and has undergone a few name changes as its features and functionality have evolved. If it is being considered to be used, then following areas should be covered during a Microsoft Sentinel deployment project: Consider the timelines and the strategy for a migration to AMA (Azure Monitor Agent) before the MMA end-of-life.  Consider the central deployment and management methodology for MMA. Determine which endpoints are in scope for deployment as these affect the log ingestion volume significantly.  Azure Monitor Agent (AMA) Organizations with MMA as the main Microsoft Sentinel agent should start planning the migration to AMA as soon as possible to avoid a rushed migration. One of the main advantages of AMA is the ability to control the log collection policy centrally and apply different policies against different groups of computers, re
Read more

Project Resourcing (Part 2)

By Ashwin Venugopal -
Image
  To read part 1, please click  here Engineering - SIEM The SIEM engineers configures Microsoft Sentinel, including Log Analytics, Logic Apps, workbooks, and playbooks. They are also responsible for the following high-level tasks: Initial configuration of Azure tenant, including provisioning required resources, assigning access roles, and configuring workspace parameters like log retention, resource tagging, and blueprints.  Deployment and configuration of syslog/CEF log collection agents in appropriate locations to collect logs from on-premises devices. Generally, it will be joint effort of both system engineer and SIEM engineer, involving configuration and potential troubleshooting.  Working with system owners to enable log forwarding and configuring any required parsing of log data in Log Analytics.  Working with security operations to create and deploy KQL analytic rules to offer detections for SOC/Computer Security Incident Response Team (CSRIT) use. Tuning of alert rule parameter
Read more

Design Planning (Part 3)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 2, please click  here Complex Organizational Structures SIEM can be an expensive security control, hence, it is common multiple businesses to contribute to the overall expense. Various organizational units may require a level of access to specific dashboards or sets of data. Microsoft Sentinel offers the ability to assign table-level permissions and limit the level of access to the minimum required to perform requisite job functions.  Role-based Access Control (RBAC) Requirements Microsoft Sentinel offers an extensive list of Azure built-in roles that can be used to provide granular access according to the job requirements and permitted level of access. Some of them are various Microsoft Sentinel dedicated roles: Microsoft Sentinel Contributor- Can perform all engineering-related configuration, such as creating alert rules, configuring data connectors, and additional similar tasks.  Microsoft Sentinel Reader- Can query the log data stor
Read more