Goodbye, Point Solution. Hello, Integrated CASB.
When Imperva made the first acquisition of a Cloud Access Security Broker (CASB) vendor by purchasing Skyfence over two years ago, it was to support the Imperva strategy of helping our customers secure data and apps wherever they are – in the cloud or on-premises. Following Imperva’s acquisition, Microsoft, Cisco, Blue Coat (now Symantec) and Palo Alto Networks have all made CASB product acquisitions.
While the vendor landscape has evolved, so have customers’ expectations of their CASB. Many IT security teams have moved well beyond the need for simply identifying Shadow IT use and are more focused today on enabling IT-sanctioned apps such as Office 365, Workday, Google Apps, Salesforce, and Dropbox, to name a few. Securing these sanctioned cloud applications is not a binary “block or allow” problem, but rather an issue of enablement – use cases include securing access for the right people, monitoring user and admin activity, dealing with anomalies and mobile users, preventing data leaks and ensuring data in the cloud is protected. Many of these security use cases are strengthened by integrating a CASB with existing threat intelligence and breach prevention technologies already deployed.
The Imperva Skyfence approach to enabling sanctioned cloud apps is two-fold. First, build the best CASB offering that helps organizations actually improve their security posture by adopting cloud apps. When you migrate from your on-premises Exchange servers to Office 365 you should expect to be more secure as a result, not less secure. CASBs can help you achieve this. Secondly, innovate through integration with existing Imperva products. In our view, a CASB need not be another point solution, but rather, an integral component of a larger data and application security infrastructure working collectively to help you safely adopt sanctioned cloud apps. The new integration of Skyfence with Imperva ThreatRadar – along with previous integrations with Imperva Incapsula and Imperva CounterBreach – supports this vision.
A Sense of Community: Skyfence Integration with Crowd-Sourced Threat Intelligence
Cyber-attacks often involve the use of anonymous proxies or Tor sites in order to hide the true identity of the hacker and to disrupt forensics investigations. The motive to deliberately use these anonymizer frameworks – specifically to hide the user’s identity – doesn’t make sense for legitimate employees who are accessing enterprise cloud apps to get their jobs done. Therefore, this anonymized access should be highly visible and treated as potentially hostile by IT security staff. Increasingly, hackers are attempting to steal organizational data by accessing cloud app accounts via compromised credentials while employing these same identity-hiding techniques. The bad actors and cyber criminals usually target the valuable data (e.g., PII, PCI DSS) that can be monetized – and chances are that this data is often stored within your authorized cloud apps. Imperva Skyfence mitigates this risk with the IP reputation and threat intelligence database of Imperva ThreatRadar which includes:
- Globally crowd-sourced attack signatures from worldwide SecureSphere Web Application Firewall (WAF) deployments to arm ThreatRadar with near real-time attack vectors your peers are already seeing.
- Imperva Defense Center expertise: Imperva’s premier security research team curates threat data from multiple sources and delivers attack signature updates, pre-defined security policies and compliance reports made available via the Skyfence management interface. The Imperva Defense Center also discovers and provides advisories covering application and cloud vulnerabilities.
- Feeds from third-party sources to get best-of-breed reputation data, geo-location data, and threat intelligence.
Read our blog for a deeper dive on ThreatRadar for Skyfence.
The Inside Outsider: Skyfence Integration with CounterBreach Helps Prevent Insider Breaches
The biggest threats to enterprise security are often people – potentially even the people already on your payroll. Employees certainly need legitimate access to sensitive and valuable data stored in databases, file shares and SaaS applications such as Office 365, Dropbox and Workday. However, when insiders abuse this access, or when insiders’ accounts are compromised by outside attackers, your data is exposed. Accurately identifying potential data breaches requires deep contextual understanding of not just user activity, but the data users typically access and how they access it. With Imperva CounterBreach, security teams can analyze the data access behavior of particular users with a consolidated view of database, file and cloud app activities. This allows security teams to investigate incidents and anomalies specific to the individual, view the baseline of typical user activity and compare a given user with their baseline or their peer group. Every Skyfence implementation includes connectors that integrate with the CounterBreach API out-of-the box – making it much easier to correlate user-based anomalies across cloud and on-premises activity.
Performance Matters: Skyfence Delivered on Imperva Incapsula Reduces Latency and Enhances Security
Proving that you can have your cake and eat it, too, the unique integration with ImpervaIncapsula ensures that every Skyfence customer instance benefits from enhanced security without sacrificing performance. In fact, the integration can actually minimize app latency while providing protection against DDoS and bot attacks for Skyfence customer tenants. This is important, since deploying a proxy between users and their apps essentially opens a hole in the security for that app and potentially makes the proxy a point of attack. This product integration, or “CASB hardening” capability, is delivered for every customer at no additional cost.
Expect More from Your CASB.
The majority of Skyfence customers have more than one Imperva product. They realize that Internet-facing SaaS applications have become a prime target for cyber-attacks, because these apps are easily accessible and they contain sensitive corporate data. The portfolio of Imperva products – Skyfence, Incapsula, ThreatRadar and CounterBreach – goes far beyond the security offered by a stand-alone CASB and together can help better detect and prevent threats related to these authorized cloud apps.
Request a demo and meeting to learn more.