היום נדבר על Cloud App Security, מוצר CASB ייחודי המאפשר לנו לחבר אפליקציות Office 365 ואפליקציות אשר נתמכות לניטור ע"י הוספה שלהם מתוךAzure Marketplace כמו Box , Dropbox ,Salesforce.
המוצר מאפשר לנו לאסוף לוגים של ציוד תקשורת ארגוניים כמו Checkpoint , Fortinet, Cisco וכו'.
מבחינת ארכיטקטורה, MCAS מאפשר את היכולות הבאות:
Architecture
Cloud App Security integrates visibility with your cloud by:
• Using Cloud Discovery to map and identify your cloud environment and the cloud apps your organization is using.
• Sanctioning and unsanctioning apps in your cloud.
• Using easy-to-deploy app connectors that take advantage of provider APIs, for visibility and governance of apps that you connect to.
• Using Conditional Access App Control protection to get real-time visibility and control over access and activities within your cloud apps.
• Helping you have continuous control by setting, and then continually fine-tuning, policies.
Data retention & compliance
For more information about Microsoft Cloud App Security data retention and compliance, see Microsoft Cloud App Security data security and privacy.
Cloud Discovery
Cloud Discovery uses your traffic logs to dynamically discover and analyze the cloud apps that your organization is using. To create a snapshot report of your organization's cloud use, you can manually upload log files from your firewalls or proxies for analysis. To set up continuous reports, use Cloud App Security log collectors to periodically forward your logs.
For more information about Cloud Discovery, see Set up Cloud Discovery.
Sanctioning and unsanctioning an app
You can use Cloud App Security to sanction or unsanction apps in your organization by using the Cloud app catalog. The Microsoft team of analysts has an extensive and continuously growing catalog of over 16,000 cloud apps that are ranked and scored based on industry standards. You can use the Cloud app catalog to rate the risk for your cloud apps based on regulatory certifications, industry standards, and best practices. Then, customize the scores and weights of various parameters to your organization's needs. Based on these scores, Cloud App Security lets you know how risky an app is. Scoring is based on over 80 risk factors that might affect your environment.
App connectors
App connectors use APIs from cloud app providers to integrate the Cloud App Security cloud with other cloud apps. App connectors extend control and protection. They also give you access to information directly from cloud apps, for Cloud App Security analysis.
To connect an app and extend protection, the app administrator authorizes Cloud App Security to access the app. Then, Cloud App Security queries the app for activity logs, and it scans data, accounts, and cloud content. Cloud App Security can enforce policies, detects threats, and provides governance actions for resolving issues.
Cloud App Security uses the APIs provided by the cloud provider. Each app has its own framework and API limitations. Cloud App Security works with app providers on optimizing the use of APIs to ensure the best performance. Considering the various limitations that apps impose on APIs (such as throttling, API limits, and dynamic time-shifting API windows), the Cloud App Security engines utilize the allowed capacity. Some operations, like scanning all files in the tenant, require a large number of APIs, so they're spread over a longer period. Expect some policies to run for several hours or several days.
Conditional Access App Control protection
Microsoft Cloud App Security Conditional Access App Control uses reverse proxy architecture to give you the tools you need to have real-time visibility and control over access to and activities performed within your cloud environment. With Conditional Access App Control, you can protect your organization:
• Avoid data leaks by blocking downloads before they happen
• Set rules that force data stored in and downloaded from the cloud to be protected with encryption
• Gain visibility into unprotected endpoints so you can monitor what's being done on unmanaged devices
• Control access from non-corporate networks or risky IP addresses
Policy control
You can use policies to define your users' behavior in the cloud. Use policies to detect risky behavior, violations, or suspicious data points and activities in your cloud environment. If needed, you can use policies to integrate remediation processes to achieve complete risk mitigation. Types of policies correlate to the different types of information you might want to gather about your cloud environment and the types of remediation actions you might take.
נלקח מן המאמר : https://docs.microsoft.com/en-us/cloud-app-security/what-is-cloud-app-security
Get started with Microsoft Cloud App Security
על מנת להתחיל לעבוד עם MCAS ישנם מס' דרישות מערכת:
• רישוי מותאם לעבודה מול MCAS – למידע נוסף לחצו כאן
• תפקידי Global Administrator או Security Administrator אשר יכולים לנהל את המוצר .
• MCAS Portal נתמך עבור דפדפנים Internet Explorer 11 , Microsoft Edge והגרסאות האחרונות של הדפדפנים : Google Chrome , Mozilla Firefox , Apple Safari .
על מנת לגשת ל-MACS Portal יש לבצע את הפעולות הבאות:
go to https://portal.cloudappsecurity.com. You can also access the portal through the Microsoft 365 admin center, as follows:
1. In the Microsoft 365 admin center, click the App launcher icon , and then select Security.
2. In the Microsoft 365 security page, click More resources, and then select Cloud App Security.
• ישנה אינטגרציה גם עם Microsoft Defender ATP .
• ניתן ליצור דוחות והגדרת Application Policies Protection עבור כלל האפליקציות אופיס כולל OneDrive .
Step 1. Set instant visibility, protection, and governance actions for your apps
Required task: Connect apps
1. From the settings cog, select App connectors.
2. Click the plus sign to add an app and select an app.
3. Follow the configuration steps to connect the app.
Why connect an app? After you connect an app, you can gain deeper visibility so you can investigate activities, files, and accounts for the apps in your cloud environment.
Step 2. Control cloud apps with policies
Required task: Create policies
To create policies
1. Go to Control > Templates.
2. Select a policy template from the list, and then choose (+) Create policy.
3. Customize the policy (select filters, actions, and other settings), and then choose Create.
4. On the Policies tab, choose the policy to see the relevant matches (activities, files, alerts). Tip: To cover all your cloud environment security scenarios, create a policy for each risk category.
How can policies help your organization?
You can use policies to help you monitor trends, see security threats, and generate customized reports and alerts. With policies, you can create governance actions, and set data loss prevention and file-sharing controls.
Step 3. Set up Cloud Discovery
Required task: Enable Cloud App Security to view your cloud app use
1. Integrate with Microsoft Defender ATP to automatically enable Cloud App Security to monitor your Windows 10 devices inside and outside your corporation.
2. If you use Zscaler, integrate it with Cloud App Security.
3. To achieve full coverage, create a continuous Cloud Discovery report
1. From the settings cog, select Cloud Discovery settings.
2. Choose Automatic log upload.
3. On the Data sources tab, add your sources.
4. On the Log collectors tab, configure the log collector.
To create a snapshot Cloud Discovery report
Go to Discover > Snapshot report and follow the steps shown.
Why should you configure Cloud Discovery reports?
Having visibility into shadow IT in your organization is critical. After your logs are analyzed, you can easily find which cloud apps are being used, by which people, and on which devices.
Step 4. Personalize your experience
Recommended task: Add your organization details
To enter email settings
1. From the settings cog, select Mail settings.
2. Under Email sender identity, enter your email addresses and display name.
3. Under Email design, upload your organization's email template.
To set admin notifications
1. In the navigation bar, choose your user name, and then go to User settings.
2. Under Notifications, configure the methods you want to set for system notifications.
3. Choose Save.
To customize the score metrics
1. From the settings cog, select Cloud Discovery settings.
2. From the settings cog, select Cloud Discovery settings.
3. Under Score metrics, configure the importance of various risk values.
4. Choose Save.
Now the risk scores given to discovered apps are configured precisely according to your organization needs and priorities.
Why personalize your environment?
Some features work best when they're customized to your needs. Provide a better experience for your users with your own email templates. Decide what notifications you receive and customize your risk score metric to fit your organization’s preferences.
Step 5. Organize the data according to your needs
Recommended task: Configure important settings
To create IP address tags
1. From the settings cog, select Cloud Discovery settings.
2. From the settings cog, select IP address ranges.
3. Click the plus sign to add an IP address range.
4. Enter the IP range details, location, tags, and category.
5. Choose Create.
Now you can use IP tags when you create policies, and when you filter and create continuous reports.
To create continuous reports
1. From the settings cog, Cloud Discovery settings.
2. Under Continuous reports, choose Create report.
3. Follow the configuration steps.
4. Choose Create.
Now you can view discovered data based on your own preferences, such as business units or IP ranges.
To add domains
1. From the settings cog, select Settings.
2. Under Organization details, add your organization's internal domains.
3. Choose Save.
Why should you configure these settings?
These settings help give you better control of features in the console. With IP tags, it's easier to create policies that fit your needs, to accurately filter data, and more. Use Data views to group your data into logical categories.
מצ"ב מסמך Best Practices עבור MCAS: https://docs.microsoft.com/en-us/cloud-app-security/best-practices
• ב-MCAS עבור כל אפליקציה ניתן לנתח את הכניסה לפורטל 365 מתוך הארגון ולדעת מאיזה כתובת IP נכנס המשתמש , מיקום , אפליקציה שבה השתמש וניתן ליצור Policies ברמת הטננט .
• עבודת מול AIP ברמת סיווג ותיוג המידע הרגיש בארגון .
• הגדרת DLP בעבודה מול MCAS על מנת למנוע זליגת מידע ארגוני .
• Conditional Access App Control
• Audit Trial + Forensic Investigations
• Detect Cloud Threats, Compromised Accounts, Malicious Insiders and Ransomware Attacks
• MCAS Portal מצריך גישה לכתובת 104.42.231.28 לצורך ניהול , למידע נוסף לחצו כאן
מאת : עידן נפתלי | יועץ וארכיטקט תשתיות מחשוב , פתרונות ענן ,אבטחת מידע וסייבר | U-BTech Solutions
היום נדבר על Cloud App Security, מוצר CASB ייחודי המאפשר לנו לחבר אפליקציות Office 365 ואפליקציות אשר נתמכות לניטור ע"י הוספה שלהם מתוךAzure Marketplace כמו Box , Dropbox ,Salesforce.
המוצר מאפשר לנו לאסוף לוגים של ציוד תקשורת ארגוניים כמו Checkpoint , Fortinet, Cisco וכו'.
מבחינת ארכיטקטורה, MCAS מאפשר את היכולות הבאות:
Architecture
Cloud App Security integrates visibility with your cloud by:
• Using Cloud Discovery to map and identify your cloud environment and the cloud apps your organization is using.
• Sanctioning and unsanctioning apps in your cloud.
• Using easy-to-deploy app connectors that take advantage of provider APIs, for visibility and governance of apps that you connect to.
• Using Conditional Access App Control protection to get real-time visibility and control over access and activities within your cloud apps.
• Helping you have continuous control by setting, and then continually fine-tuning, policies.
Data retention & compliance
For more information about Microsoft Cloud App Security data retention and compliance, see Microsoft Cloud App Security data security and privacy.
Cloud Discovery
Cloud Discovery uses your traffic logs to dynamically discover and analyze the cloud apps that your organization is using. To create a snapshot report of your organization's cloud use, you can manually upload log files from your firewalls or proxies for analysis. To set up continuous reports, use Cloud App Security log collectors to periodically forward your logs.
For more information about Cloud Discovery, see Set up Cloud Discovery.
Sanctioning and unsanctioning an app
You can use Cloud App Security to sanction or unsanction apps in your organization by using the Cloud app catalog. The Microsoft team of analysts has an extensive and continuously growing catalog of over 16,000 cloud apps that are ranked and scored based on industry standards. You can use the Cloud app catalog to rate the risk for your cloud apps based on regulatory certifications, industry standards, and best practices. Then, customize the scores and weights of various parameters to your organization's needs. Based on these scores, Cloud App Security lets you know how risky an app is. Scoring is based on over 80 risk factors that might affect your environment.
App connectors
App connectors use APIs from cloud app providers to integrate the Cloud App Security cloud with other cloud apps. App connectors extend control and protection. They also give you access to information directly from cloud apps, for Cloud App Security analysis.
To connect an app and extend protection, the app administrator authorizes Cloud App Security to access the app. Then, Cloud App Security queries the app for activity logs, and it scans data, accounts, and cloud content. Cloud App Security can enforce policies, detects threats, and provides governance actions for resolving issues.
Cloud App Security uses the APIs provided by the cloud provider. Each app has its own framework and API limitations. Cloud App Security works with app providers on optimizing the use of APIs to ensure the best performance. Considering the various limitations that apps impose on APIs (such as throttling, API limits, and dynamic time-shifting API windows), the Cloud App Security engines utilize the allowed capacity. Some operations, like scanning all files in the tenant, require a large number of APIs, so they're spread over a longer period. Expect some policies to run for several hours or several days.
Conditional Access App Control protection
Microsoft Cloud App Security Conditional Access App Control uses reverse proxy architecture to give you the tools you need to have real-time visibility and control over access to and activities performed within your cloud environment. With Conditional Access App Control, you can protect your organization:
• Avoid data leaks by blocking downloads before they happen
• Set rules that force data stored in and downloaded from the cloud to be protected with encryption
• Gain visibility into unprotected endpoints so you can monitor what's being done on unmanaged devices
• Control access from non-corporate networks or risky IP addresses
Policy control
You can use policies to define your users' behavior in the cloud. Use policies to detect risky behavior, violations, or suspicious data points and activities in your cloud environment. If needed, you can use policies to integrate remediation processes to achieve complete risk mitigation. Types of policies correlate to the different types of information you might want to gather about your cloud environment and the types of remediation actions you might take.
נלקח מן המאמר : https://docs.microsoft.com/en-us/cloud-app-security/what-is-cloud-app-security
Get started with Microsoft Cloud App Security
על מנת להתחיל לעבוד עם MCAS ישנם מס' דרישות מערכת:
• רישוי מותאם לעבודה מול MCAS – למידע נוסף לחצו כאן
• תפקידי Global Administrator או Security Administrator אשר יכולים לנהל את המוצר .
• MCAS Portal נתמך עבור דפדפנים Internet Explorer 11 , Microsoft Edge והגרסאות האחרונות של הדפדפנים : Google Chrome , Mozilla Firefox , Apple Safari .
על מנת לגשת ל-MACS Portal יש לבצע את הפעולות הבאות:
go to https://portal.cloudappsecurity.com. You can also access the portal through the Microsoft 365 admin center, as follows:
1. In the Microsoft 365 admin center, click the App launcher icon , and then select Security.
2. In the Microsoft 365 security page, click More resources, and then select Cloud App Security.
• ישנה אינטגרציה גם עם Microsoft Defender ATP .
• ניתן ליצור דוחות והגדרת Application Policies Protection עבור כלל האפליקציות אופיס כולל OneDrive .
Step 1. Set instant visibility, protection, and governance actions for your apps
Required task: Connect apps
1. From the settings cog, select App connectors.
2. Click the plus sign to add an app and select an app.
3. Follow the configuration steps to connect the app.
Why connect an app? After you connect an app, you can gain deeper visibility so you can investigate activities, files, and accounts for the apps in your cloud environment.
Step 2. Control cloud apps with policies
Required task: Create policies
To create policies
1. Go to Control > Templates.
2. Select a policy template from the list, and then choose (+) Create policy.
3. Customize the policy (select filters, actions, and other settings), and then choose Create.
4. On the Policies tab, choose the policy to see the relevant matches (activities, files, alerts). Tip: To cover all your cloud environment security scenarios, create a policy for each risk category.
How can policies help your organization?
You can use policies to help you monitor trends, see security threats, and generate customized reports and alerts. With policies, you can create governance actions, and set data loss prevention and file-sharing controls.
Step 3. Set up Cloud Discovery
Required task: Enable Cloud App Security to view your cloud app use
1. Integrate with Microsoft Defender ATP to automatically enable Cloud App Security to monitor your Windows 10 devices inside and outside your corporation.
2. If you use Zscaler, integrate it with Cloud App Security.
3. To achieve full coverage, create a continuous Cloud Discovery report
1. From the settings cog, select Cloud Discovery settings.
2. Choose Automatic log upload.
3. On the Data sources tab, add your sources.
4. On the Log collectors tab, configure the log collector.
To create a snapshot Cloud Discovery report
Go to Discover > Snapshot report and follow the steps shown.
Why should you configure Cloud Discovery reports?
Having visibility into shadow IT in your organization is critical. After your logs are analyzed, you can easily find which cloud apps are being used, by which people, and on which devices.
Step 4. Personalize your experience
Recommended task: Add your organization details
To enter email settings
1. From the settings cog, select Mail settings.
2. Under Email sender identity, enter your email addresses and display name.
3. Under Email design, upload your organization's email template.
To set admin notifications
1. In the navigation bar, choose your user name, and then go to User settings.
2. Under Notifications, configure the methods you want to set for system notifications.
3. Choose Save.
To customize the score metrics
1. From the settings cog, select Cloud Discovery settings.
2. From the settings cog, select Cloud Discovery settings.
3. Under Score metrics, configure the importance of various risk values.
4. Choose Save.
Now the risk scores given to discovered apps are configured precisely according to your organization needs and priorities.
Why personalize your environment?
Some features work best when they're customized to your needs. Provide a better experience for your users with your own email templates. Decide what notifications you receive and customize your risk score metric to fit your organization’s preferences.
Step 5. Organize the data according to your needs
Recommended task: Configure important settings
To create IP address tags
1. From the settings cog, select Cloud Discovery settings.
2. From the settings cog, select IP address ranges.
3. Click the plus sign to add an IP address range.
4. Enter the IP range details, location, tags, and category.
5. Choose Create.
Now you can use IP tags when you create policies, and when you filter and create continuous reports.
To create continuous reports
1. From the settings cog, Cloud Discovery settings.
2. Under Continuous reports, choose Create report.
3. Follow the configuration steps.
4. Choose Create.
Now you can view discovered data based on your own preferences, such as business units or IP ranges.
To add domains
1. From the settings cog, select Settings.
2. Under Organization details, add your organization's internal domains.
3. Choose Save.
Why should you configure these settings?
These settings help give you better control of features in the console. With IP tags, it's easier to create policies that fit your needs, to accurately filter data, and more. Use Data views to group your data into logical categories.
מצ"ב מסמך Best Practices עבור MCAS: https://docs.microsoft.com/en-us/cloud-app-security/best-practices
• ב-MCAS עבור כל אפליקציה ניתן לנתח את הכניסה לפורטל 365 מתוך הארגון ולדעת מאיזה כתובת IP נכנס המשתמש , מיקום , אפליקציה שבה השתמש וניתן ליצור Policies ברמת הטננט .
• עבודת מול AIP ברמת סיווג ותיוג המידע הרגיש בארגון .
• הגדרת DLP בעבודה מול MCAS על מנת למנוע זליגת מידע ארגוני .
• Conditional Access App Control
• Audit Trial + Forensic Investigations
• Detect Cloud Threats, Compromised Accounts, Malicious Insiders and Ransomware Attacks
• MCAS Portal מצריך גישה לכתובת 104.42.231.28 לצורך ניהול , למידע נוסף לחצו כאן
מאת : עידן נפתלי | יועץ וארכיטקט תשתיות מחשוב , פתרונות ענן ,אבטחת מידע וסייבר | U-BTech Solutions