Thursday, October 29, 2015

Are Cloud Apps the Invisible Man?

Are Cloud Apps the Invisible Man?



Are Cloud Apps the Invisible Man? from IBM Security

 Are Cloud Apps the Invisible Man?

  1. 1. © 2015 IBM Corporation The first CASB solution with integrated access control, visibility, and threat protection Patrick Wardrop, Chief Product Architect October 7th, 2015 IBM Cloud Security Enforcer
  2. 2. 2© 2015 IBM Corporation MOBILE BYOD ON PREM RISKY APPS APPROVED APPS A new SaaS solution to help securely deploy cloud services EMPLOYEES Identity and Access Control Threat Prevention Policy Enforcement Discovery and Visibility Cloud Event Correlation DETECT CONNECT PROTECT
  3. 3. 3© 2015 IBM Corporation Integrating leading IBM security technology into a single platform •  Risk scoring for 1000’s of apps •  Continuous stream of cloud activity data •  Mapping of network data to specific users •  Mobile integration to uncover blind spots •  Federated cloud SSO •  Connectors to popular cloud apps •  Simplified access controls •  Self-service catalogs •  Delegated administration •  User activity and traffic monitoring •  Behavioral analysis and correlation to company policies •  Alerting, reporting, and auditing •  Intrusion Prevention and global threat intelligence from IBM X-Force •  Threat signatures, network analysis, and zero-day threat protection •  User coaching •  Redirection for out-of-policy usage •  Policy and anomaly rule implementation Identity and Access Control Threat Prevention Policy Enforcement Discovery and Visibility Cloud Event Correlation DETECT CONNECT PROTECT
  4. 4. 4© 2015 IBM Corporation IBM Cloud Security Enforcer – Discovery and monitoring Microsoft Active Directory Enterprise Cloud, SaaS, & Private Applications Secure Gateway . . .(plus many more) - Users authenticate against Active Directory - All Cloud, SaaS & Private Applications traffic is logged by the Secure Gateway (e.g., Bluecoat, WebSense, McAfee, XGS … etc) - Active Directory, Secure Gateway logs can be manually uploaded to IBM Cloud Security Enforcer or an appliance can be deployed to continually upload them automatically on a scheduled basis Enterprise Bridge Appliance Log Collection ID Bridge Directory Sync IBM Cloud Security Enforcer Application Discovery Optional SIEM (or other log archiving)
  5. 5. 5© 2015 IBM Corporation IBM Cloud Security Enforcer – World Wide Mobile Cloud Proxy Home WiFi / Cellular Data Network Cloud, SaaS, & Private Applications . . .(plus many more) - Users use mobile device at the office and out of the office via their home WiFi or cellular data networks. - This creates a ‘mobile blind spot’ for most corporations. - Without a secure gateway or IPS there is a risk of malware being downloaded or other threats. - Leveraging the built-in mobile VPN clients we will direct traffic to our WW deployments of Cloud Proxies to inspect, monitor, and provide controls on the traffic. IBM Cloud Security Enforcer World Wide Mobile Cloud Proxy Client Gateway [VPN] Intrusion Prevention System
  6. 6. 6© 2015 IBM Corporation Live Walkthrough Discovery and Visibility
  7. 7. 7© 2015 IBM Corporation IBM Cloud Security Enforcer – Single Sign-On & Launchpad Microsoft Active Directory Enterprise Cloud, SaaS, & Private Applications Secure Gateway . . .(plus many more) - SSO from either the Enterprise Bridge Identity Bridge component or via a federation product (TFIM, ADFS or Ping) - User arrives at launch pad and can single click on an entitled application or browser application catalog Enterprise Bridge Appliance Log Collection ID Bridge Directory Sync IBM Cloud Security Enforcer Launchpad & Catalog SSO [Service Provider] SSO [Identity Provider] FIM (or federation product) Optional
  8. 8. 8© 2015 IBM Corporation Live Walkthrough Single Sign-on & Access Control
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)