Microsoft Cloud App Security

By Ashwin Venugopal -

 





The Cloud App Security Framework

Cloud App Security Brokers (CASBs) are defined by Gartner as security policy enforcement points placed between cloud service consumers and cloud service providers to combine as well as interject enterprise security policies as cloud-based resources are accessed. 

Microsoft Cloud App Security is a CASB  helps you to identify as well as combat cyber threats across Microsoft and third-party cloud services while easily integrating with Microsoft solutions, providing simple deployment, centralized management, and innovative automation capabilities. There are four elements to your Cloud App Security framework:

  • Discover & control the use of Shadow IT-  It Identifies the cloud apps, IaaS, and PaaS services used by your organization. As the apps you don't know about, on average totaling more than 1000, are your "Shadow IT", but when you know which apps are being used, you can better understand and control your risk.

  • Protect your sensitive information anywhere in the cloud- It can understand, classify, and protect sensitive information at rest which helps you to avoid accidental data exposure, while providing Data Loss Prevention (DLP) capabilities that covers the various data leak points that exist in organizations. 

  • Protect against cyber threats & anomalies- It can detect unusual behavior across apps, users, and potential ransomware. Cloud App Security can easily combine the multiple detection methods, including anomaly, User Entity Behavioral Analytics (UEBA), and rule-based activity detections, to show who is using the apps in your environment and how they are using them.

  • Assess the compliance of your cloud apps- It can assess if your cloud apps comply with the regulations and industry standards specific to your organization or not while helping you to compare your apps and usage against relevance compliance requirements, prevent data leaks to non-compliant apps, as well as limit access to the regulated data. 

Explore Your Cloud Apps With Cloud Discovery

You can use Cloud Discovery to see what's happening in your network as it easily analyzes your traffic logs against a catalogs of more than 80 risk factors to give you visibility into cloud use, Shadow IT, and the risk it poses to your organization. Its dashboard also provides an at-a-glance overview of what kinds of apps are being used, your open alerts, and the risk levels of the apps in your organization while also helping you to filter the data collected by the Cloud Discovery to generate the specific views depending on what interests you the most.

Protect Your Data & Apps With Conditional Access App Control

Microsoft Cloud App Security integrates with the Identity Providers (IdPs) to protect your data & devices with access and session controls through Conditional Access App Control. To further refine filters as well as set actions to be taken on a user, you can also use access and session policies in the Cloud App security portal. With the access and session policies, you can:
  • Prevent data exfiltration- Block the download, cut, copy, and print of sensitive documents on, for example, unmanaged devices.

  • Protect on download- Instead of blocking the download of the sensitive documents, you can require them to be labeled and protected with the Azure Information Protection while ensuring that the document is protected and  the user access is restricted in a potentially risky session.

  • Prevent upload of unlabeled files- It enforces the use of labeling as before any sensitive file is uploaded, distributed, and used by the others, it's important to make sure that it has the right label as well as protection. You can also block a file upload until the content is classified.

  • Monitor user sessions for compliance- Monitors risky users when they sign in to apps and log their actions from within the sessions while investigating as well as analyzing user behavior to understand where, and under what conditions, you can apply session policies in the future.

  • Block access- You can block access to the specific apps and users depending on several risk factors. For example, you can block a user if they are using a client certificate as a form of device management. 

  • Block custom activities- Some apps have unique scenarios that carry risk; for example, sending messages with sensitive content in the apps like Microsoft Teams or Slack. In these kinds of scenarios,  you can scan messages for sensitive content and block them in real time. 

Classify & Protect Sensitive Information

One of the key elements of the Cloud App Security framework is protecting your sensitive information which is a subjective phrase, as this can vary from one organization to another.

What is Information Protection?

An employee might accidentally upload a file to the wrong place or they could send confidential information to someone who shouldn't have it which may result in the loss of information or it may made accessible to the wrong person that can further lead to serious financial, legal, or reputational consequences for your organization. An information is vital to any modern organization,and you want to ensure that it's protected at all times. 

To help you with it, Microsoft Cloud App Security natively integrates with the Azure Information Protection, a cloud-based service that helps classify as well as protect files and emails across your organization. 

Note: You have to enable the app connector for Microsoft 365 to take advantage of the azure Information Protection.  





Comments

Post a Comment

Popular posts from this blog

Query, Visualize, & Monitor Data in Azure Sentinel

By Ashwin Venugopal -
Image
  Azure Sentinel Workbooks Several ready for use templates are provided by the Azure Sentinel that can be used to create your own workbook and then modify them as needed for Contoso. Most of the data connectors it uses to ingest data come with their own workbooks, but better insight can be obtained by simply looking into the data that is being ingested by using tables and visualizations, including bar and pie charts. You can also make your own workbook easily by using this data from the beginning instead of using the predefined templates. Workbook Page You can easily access the workbook page from the Azure Sentinel from the navigation pane which consists of the: Workbook header- You can add a new workbook and review the saved workbooks as well as templates that are available on the workbook page. Templates section- You can access existing workbook templates on the Templates tab. You can save some of the workbooks for quick access and they will appear on the My Workbooks tab.  From the
Read more

Work with String Data Using KQL Statements

By Ashwin Venugopal -
Image
  Extract Data from Unstructured String Fields Unstructured string fields often contains the Security log data and requires parsing to extract data. There are multiple ways of pulling information from string fields in KQL and the two primary operators used are extract and parse.  Extract It gets a match for a regular expression from a text string. You can convert the extracted substring to the indicated type.  Arguments regex- A regular expression. captureGroup- A positive int constant indicating the capture group to extract. 0 stands for the entire match, 1 for the value matched by the first '('parenthesis')' in the regular expression, 2 or more for subsequent parenthesis.  text- A string to search. typeLiteral- An optional type literal. If provided, the extracted substring is converted to this type.  Returns If regex finds a match in text- the substring matched against the indicated capture group captureGroup, optionally converted to typeLiteral. If there's no mat
Read more

Threat Hunting in Microsoft Sentinel (part 1)

By Ashwin Venugopal -
Image
  To read part 2, please click  here To read part 3, please click  here Introducing the Microsoft Sentinel Hunting Page Threat hunting is a series activities performed while investigating and as there are no guidelines to perform it, the available tools on the Microsoft Sentinel can be introduced to perform better in your investigations. Firstly, you have to choose the Hunting link in the Microsoft Sentinel navigation menu to get to the Hunting page which is divided into the following sections: The header bar- It is located at the top of the page as usual and contains Refresh as well as timespan drop down menu. The New Query button can help you with creating a new query and the Run all queries button can run all the hunting queries in the background while also updating the hunting query list section with the number of results found.  The summary bar- Here, you can view the total number of queries available to run, the total number of bookmarks, the number of results from running live
Read more