Need Capability Matrix for CASB (Cloud Access Security Broker)

Hello, I'm looking to build a CASB (Cloud Access Security Broker) Capability Matrix to compare against major Vendors.

For example, some vendors offer Network Behavior Analytics and some dont or what integrations I should check for ..etc

I am looking for a "feature list" to help me compare.

Views: 268

Reply to This

Replies to This Discussion

Will help you

See this document for possibly some help. I am interested in the feature list as well.
https://cultureofresilience.com/pop-bp-taxonomy.pdf Best regards, PaulFeldman@Gmail.com

I follow this link -

https://www.skyhighnetworks.com/cloud-security-university/what-is-c...

Maybe a small writeup help -

CASB scope applies broadly across the SaaS, PaaS, and IaaS cloud service delivery models.
For SaaS coverage, CASBs commonly work with the most popular content collaboration platform (CCP), CRM, HR, ERP, service desk, office productivity suites, and enterprise social networking sites. Some CASBs extend support to less common SaaS applications through custom plug-ins or automated learning of application behaviour.
For IaaS and PaaS coverage, several CASBs govern the consoles of popular cloud service providers (CSPs) and extend visibility and governance to applications running in these clouds. Several CASBs now also offer cloud security posture management (CSPM) capabilities to assess and reduce configuration risk in IaaS, PaaS, and SaaS cloud services, sometimes by reconfiguring native security controls directly in cloud services. However, IaaS and PaaS governance are new for almost every CASB, and therefore not yet as developed as SaaS governance. A few CASBs can be deployed in front of enterprise web-enabled applications to bring these under a consistent cloud service management framework, although this is an uncommon scenario.
CASBs deliver functionality through four pillars:
• Visibility. CASBs provide shadow IT discovery, a consolidated view of an organization’s cloud service landscape, and details about the users who access data in cloud services from any device or location. Leading CASBs take this further with a cloud service security rating database to provide visibility into the trustworthiness of the CSP and associated risks it might introduce.
• Data security. CASBs provide the ability to enforce data-centric security policies to prevent unwanted activity based on data classification, on data discovery, and on user activity monitoring of access to sensitive data or privilege escalation. Policies are applied through controls, such as audit, alert, block, quarantine, delete and view only. Data loss prevention (DLP) features are prevalent and are one of the most commonly deployed controls after visibility. CASB DLP operates natively and in conjunction with enterprise DLP products via ICAP or RESTful API integration. Some CASBs provide the ability to encrypt, tokenize, or redact content at the field and file level in cloud services. But because encryption and tokenization outside a SaaS application can affect functionality, CASB-facilitated encryption and tokenization are not commonly used.
• Threat protection. CASBs prevent unwanted devices, users and versions of applications from accessing cloud services by providing adaptive access controls (AACs). Cloud application functionality can be changed based on signals observed during and after login. Other examples of CASB capabilities in this category are embedded user and entity behavior analytics (UEBA) for identifying anomalous behavior, and the use of threat intelligence, network sandboxing, and malware identification and remediation. All CASBs are primarily using OEMs of existing enterprise-grade anti-malware and sandbox tools rather than building their own. In some cases, CASB vendors have their own analyst teams researching cloud-specific and cloud-native attacks.
• Compliance. CASBs help organizations demonstrate that they are governing the use of cloud services. They provide information to determine cloud risk appetite and establish cloud risk tolerance. Through their various visibility, control, and reporting capabilities, CASBs assist efforts to conform to data residency and regulatory compliance requirements. Many CASB vendors have added CSPM capabilities to their products. CSPM assesses and manages the security posture of the cloud control plane, mostly for IaaS and occasionally for SaaS. The better offerings provide this across multiple public cloud providers for consistent policy enforcement.
CASB capabilities are delivered primarily as a SaaS application, occasionally accompanied by an on-premises virtual or physical appliance. SaaS delivery is significantly more popular for most use cases. However, an on-premises appliance might be required for conformance with certain regulatory or data sovereignty rules, especially if in-line encryption or tokenization is performed.

CASB comes in modules and we have carefully craft our requirements and use case. In my case we used it for G-Suite management and access control along with AWS. You get Application access and Shadow IT report along with. Let me know if you are looking specifically for these I will share for this use case.

You might want to checkout the CISO Platform "free comparison tool", here is the link:
http://products.cisoplatform.com/security/market/cloud-access-secur...

Some Points to Consider:

-> Some CASB vendors may not support all the use cases or only have limited support for some

-> Existing SaaS applications in use and CASB vendor support – Nearly everyone supports popular applications like O365, SF, Box, AWS, Google

-> Point solutions maybe better for certain use cases – specially if you’re already invested

-> Performance Impact

-> Very dynamic market – M&A is common (nearly every quarter)

-> Check for supported standards (through they’re still evolving) – CSA, OpenAPI, NIST, ISO

>>Here are more details

The capabilities and functionality of different CASBs vary significantly, but at a minimum, Gartner suggests that CASBs should offer organizations:

Visibility into cloud usage throughout the organization
A way to ensure and prove compliance with all regulatory requirements
A way to ensure that data is stored securely in the cloud
A satisfactory level of threat protection to ensure that the security risk of using the cloud is acceptable
In practice this means that at a bare minimum, CASBs need to be able to:

Provide the IT department with visibility into sanctioned and unsanctioned cloud service usage, including "cloud to cloud" usage
Provide a consolidated view of all cloud services being used by the organization – and the users who access them from any device or location
Control access to cloud services
Help administrators ensure that the organization complies with all relevant regulations and standards (such as data residency) when using cloud services
Allow IT departments to set and enforce security policies on cloud usage and the use of corporate data in cloud services, and apply them through audit, alert, block, quarantine, delete and other controls
Enable administrators to encrypt or tokenize data stored in the cloud
Provide data loss prevention (DLP) capabilities, or interface with existing corporate DLP systems
Provide access controls to prevent unauthorized employees, devices or applications from using cloud services
Offer threat prevention methods such as behavioral analytics, anti-malware scanning and threat intelligence.

I suggest you take a look at Gartner Magic Quadrant for CASB. They have grouped CASB functionalities into 4 buckets - Visibility, Data Security, Threat Protection and Compliance
Thanks a lot for your help..

You can use the Compare products tool here to see a few.

RSS

FireCompass

Forum

CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by SACHIN BP SHETTY Apr 24. 1 Reply

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service