![Page 1: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/1.jpg)
Stop Hackers with Integrated CASB & IDaaS Security
![Page 2: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/2.jpg)
Speakers
Brad PielechIntegrations Architect
Mario TarabbiaDirector of Sales Engineering
@OneLogin
@CloudLock
![Page 3: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/3.jpg)
Agenda
● IT Complexity Today & Where Organizations Struggle
● Top 5 Cyber Threats to Your Cloud Environment○ Challenge○ Solution
○ What You Can Do Now
● CASB + IDaaS - What We Do
● Q&A
![Page 4: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/4.jpg)
Increasing IT Complexity
Thousands of employees, partners, customers, and
multiple devices...
Working with many, many apps, both in the cloud and on-
premise.
![Page 5: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/5.jpg)
Where Organizations Struggle
Access?
Security?
Cost?
Usage?
Compliance?
![Page 6: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/6.jpg)
Top 5 Cyber Threats To Your Cloud Environment
Data Breaches
Insider Threats
Account Compromis
es
Cloud-Resident Malware
Shadow IT & Cloud-Native
MalwareTop Cyber Threats
![Page 7: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/7.jpg)
#1 Account Compromises
Source: someecards.com
![Page 8: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/8.jpg)
▪ Login to:
▪ File download using:
▪ Massive file downloads using:
▪ Email sent from:
▪ Export using:
09:03
09:26
10:29
11:46
10:11
#1 Account Compromises
![Page 9: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/9.jpg)
▪ Login to:
▪ File download using:
▪ Massive file downloads using:
▪ Email sent from:
▪ Export using:
09:03
09:26
10:29
11:46
Admin
10:11
#1 Account Compromises
![Page 10: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/10.jpg)
Catching, Stopping & Acting
![Page 11: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/11.jpg)
#1 Account CompromisesThe Solution - IDaaS & CASB
Eliminate need for application passwords with SSO & enforce adaptive authenticationDig up behavioral anomalies for signs of a compromiseDevelop procedure to remediate when a user’s account is compromised:
Detect suspicious
activityEnforce MFA
User proves identity, access granted
Attacker cannot verify identity, access denied
! Enforce Directory Password
Reset
![Page 12: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/12.jpg)
Write down a deprovisioning plan
Tomorrow’s Task:+1
Today
![Page 13: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/13.jpg)
#2 Insider Threats
** CloudLock Cybersecurity Report: The 1% Who Can Take Down Your Organization
![Page 14: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/14.jpg)
#2 Insider Threats
Louise was refused the promotion she applied for. Louise quit.
Before quitting, she downloads all customer lists and contracts she can find on Google Drive.
18 months later, Louise’s account downloads 2 more contracts.
What This Looks Like
PII
![Page 15: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/15.jpg)
Finding the Suspicious andTaking Action Quickly
![Page 16: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/16.jpg)
#2 Insider ThreatsThe Solution - IDaaS & CASB
Proactively enforce appropriate access with IDaaS based on existing AD user groups
Monitor for employees-gone-rogue by looking for off-normal SaaS activity
Take an action - communicate, suspend access, enforce authentication across cloud platforms
Be mindful of dormant accounts from ex-employees, contractors, and partners.
All Employees:
Sales:
HR:
Finance:
![Page 17: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/17.jpg)
Identify the dormant accounts in each SaaS platform
Tomorrow’s Task:+1
Today
![Page 18: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/18.jpg)
#3 Cloud-Resident Malware
Bob receives a phishing email from his “boss” asking him to review a malware infected PDF.
Bob believing the file is legitimate, saves it to his team’s folder storage in Sharepoint
Sharepoint synchronizes the file across all team member’s devices thereby automatically propagating the malware.
What This Looks Like
![Page 19: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/19.jpg)
Staying Ahead of the Spread of Malware
![Page 20: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/20.jpg)
#3 Cloud-Resident Malware
Proactively enforce appropriate access
with IDaaS provisioning engine
Leverage CASB to discover malware inside
SaaS apps
Take an action, remove malware
Step up authentication policies
The Solution - IDaaS & CASB
![Page 21: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/21.jpg)
Kick off a phishing awareness campaign
Tomorrow’s Task:+1
Today
![Page 22: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/22.jpg)
#4 Shadow IT and Cloud-Native Malware
Charlie’s organization has more connected cloud apps than there are minutes in the year. Some are good, some are bad, some are ugly.
Charlie’s colleague authenticates into “Mocusign” using corporate credentials
An external 3rd party now has access Charlie’s Docusign username and password.
Docusign data and any other applications accessible with this same set of credentials are now exposed.
Johndoe
LOGINRemember Me
What This Looks Like
![Page 23: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/23.jpg)
#4 Shadow IT and Cloud-Native Malware
![Page 24: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/24.jpg)
Getting Clear on the Good, the Bad,
and the Ugly
![Page 25: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/25.jpg)
#4 Shadow IT and Cloud-Native MalwareThe Solution - IDaaS & CASB
● Audit firewall logs in CASB● Audit oauth connected apps in CASB● Review Unsanctioned App Ratings
● Detect, block & blacklist malicious apps
● Ensure low-rated apps are not provisioned within IDaaS
● Sanction productivity apps and provision access in IDaaS
** CloudLock Cybersecurity Report: The Extended Parameter
![Page 26: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/26.jpg)
#4 Shadow IT and Cloud-Native Malware
** CloudLock Cybersecurity Report: The Extended Parameter
The Solution - IDaaS & CASB● Sanctioned Apps
● Monitor for license compliance and bandwidth
● Eliminate app passwords with SSO and set up automatic app access permissions rules and mappings based on user roles and groups
![Page 27: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/27.jpg)
Audit Top 250 apps on firewall logs
Tomorrow’s Task:+1
Today
![Page 28: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/28.jpg)
#5 Data Breaches
** CloudLock Cybersecurity Report: The Extended Parameter
![Page 29: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/29.jpg)
#5 Data Breaches
Francisco accidentally shares the company’s upcoming product design files to Matthew’s personal email address instead of his corporate account.
Matthew’s personal address may get hacked
Matthew may leave the company tomorrow
Francisco will never realize such sensitive data is exposed
What This Looks Like
Personal Account Hacked
App/Access Locked Down
Unknown
Sent files to personal email
![Page 30: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/30.jpg)
Protecting Sensitive Data from
the Next Breach
![Page 31: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/31.jpg)
#5 Data BreachesThe Solution - IDaaS & CASB
Leverage IDaaS to ensure appropriate entitlements for applications with sensitive data, restricting access via intelligent SAML configurations
Leverage CASB to detect and remediate improperly shared data
Selectively encrypt dataTie CASB and IDaaS security policies for
immediate mitigation of suspicious behavior
Policy Apps
![Page 32: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/32.jpg)
Tomorrow’s Tasks:+1
Today
Get all business owners
in a room to redefine what is sensitive.
Educate end users on safe sharing.
Do’s & Don’t.
![Page 33: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/33.jpg)
Lessons Learned
IDaaS and CASB together enable a complete sanctioned IT solution● Be proactive against the top 5 cyber security threats● IDaaS and CASB two-way integration protects both admins and
end-users ● CASB identifies misuse of services● IDaaS enables easy access to all sanctioned applications, based on
user permissions - e.g. enables HR to do HR tasks without IT friction
![Page 34: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/34.jpg)
CloudLock at a Glance
a
Coverage Surface
In-App Cybersecurit
y
ISV Securit
y
DLP User Behavior Analytics
AppsFirewall
EncryptionManagement
Configuration
SecurityCentralAuditing
IaaS & PaaS
SaaS(CASB)
On-premise +Cloud +
SecurityOrchestratio
n
![Page 35: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/35.jpg)
OneLogin at a Glance
Offboarding and
Revocation
Governance and
Compliance
Analytics
Manage your entire application portfolio.Cloud. On-premise. Mobile.
All users. All devices. All locations.
Deployment of Apps
Content Search
Onboarding and
Engagement
![Page 36: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/36.jpg)
Questions?
bit.ly/onelogin-cloudlock ● Try OneLogin for Free
● Get a Free Cloud Cybersecurity Assessment● See a CloudLock + OneLogin Integration Demo
● Read Our White Paper
![Page 37: Stop Hackers with Integrated CASB & IDaaS Security](https://reader033.vdocument.in/reader033/viewer/2022052606/5875da0a1a28ab8f438b726b/html5/thumbnails/37.jpg)
Thank you +