SlideShare a Scribd company logo

Maximize your cloud app control with Microsoft MCAS and Zscaler

A
Ankit Dua

The document discusses how Zscaler and Microsoft Cloud App Security (MCAS) can enhance cloud application security and network visibility amidst the increasing reliance on cloud services by organizations. It highlights the need for a new security model that secures user access to applications directly via the internet, addressing existing challenges like bandwidth issues and shadow IT. Additionally, it outlines specific use cases for integrating Zscaler with MCAS to manage sanctioned, permitted, and restricted cloud applications while ensuring compliance and data protection.

Internet
1 of 27
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Β©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION0 ZSCALER CONFIDENTIAL INFORMATION Maximize your cloud app control with Microsoft MCAS and Zscaler Dhawal Sharma | Director of Product Management at Zscaler Niv Goldenberg | Group Program Manager at Microsoft
Β©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION1 To ask a question β€’ Type your questions into the chat box in the Webex panel or email us at communications@zscaler.com β€’ We’ll try to get to all questions during the Q&A session. If we do not get to your question, we’ll make sure to follow up afterwards β€’ At the end of the webcast – please let us know how we did! Β©2017 Zscaler, Inc. All rights reserved. Ask your question here…
Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. HQ Branch Branch Branch Branch Branch Branch BranchBranch Home, Coffee Shop Airport, Hotel SaaS Open Internet IaaS Cloud and Mobility Break Network Security The Internet is Your New Corporate Network β€œGE will run 70 percent of its workload in the cloud by 2020” Jim Fowler, CIO β€œThe Internet will be our new corporate network by 2020” Frederik Janssen, Head of Infrastructure β€œOffice 365 was built to be accessed via direct Internet connection” How do you secure a network (Internet) you don’t control? EMEAAPJ
Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Cloud and mobility break network security HQ EMEA Branch APJ Branch Branch Branch Branch Branch BranchBranch Zscaler enables secure network and application transformation NEW SECURITY MODEL Secure the Network Securely connect users to apps Direct to Internet Broadband / Wi-Fi / LTE / 5G NEW NETWORK MODEL OLD SECURITY MODEL Hub-and-Spoke MPLS / VPN OLD NETWORK MODEL Secure the Corporate Network SaaS Open Internet IaaS Home, Coffee Shop Airport, Hotel
On average, an organization has 28 cloud storage apps and 41 collaboration apps routinely used by its employees. On-premises
But Office 365 Deployments are stuck in the slow lane! A deployment survey of over 200 customers had problems accessing business-critical applications including Office 365. 45% Many were plagued by bandwidth and network latency issues on a daily and weekly basis 70%Weekly issues reported 33%Daily issues reported Despite appliance upgrades, after deployment:
Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Categorize Cloud Apps Into Categories β€’ After discovery, categorize cloud services (CSP) using risk ratings and company policies β€’ Separate cloud services into sanctioned, permitted, and restricted services β€’ Enforce appropriate controls for each category Sanctioned Apps Permitted Apps Restricted Apps
Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Zscaler Provides CASB Functions for Inline Content Internet & Shadow Apps (managed devices and on-premise) Allow enterprises to securely enable cloud apps by providing Cloud App Visibility, Content Inspection, Security and Cloud App Compliance Visibility App Logging & Discovery Threat Prevention Stop Malware Data Protection DLP & Encryption Compliance UEBA, Access Controls User Experience Bandwidth Control, Peering Vision HQMobile BranchIOT Inline Policy Controls
Β© 2017 Riverbed Technology. All rights reserved. 8 Cloud App Security
Β©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION9 Microsoft Cloud Application Security (MCAS) Overview
A comprehensive, intelligent security solution that brings visibility, real-time controls and security to your cloud applications. ControlDiscover Protect Integrates with your SIEM, Identity and Access Management, DLP and Information Protection solutions
Discover and assess risks Protect your information Detect threats Control access in real time Identify cloud apps on your network, gain visibility into shadow IT, and get risk assessments and ongoing analytics. Get granular control over data and use built-in or custom policies for data sharing and data loss prevention. Identify high-risk usage and detect unusual behavior using Microsoft threat intelligence and research. Manage and limit cloud app access based on conditions and session context, including user identity, device, and location. 101010101 010101010 101010101 01011010 10101
Get anomalous usage alerts, new app and trending apps alerts. On-going analytics Discover 15K+ cloud apps in use across your networks and sensitive data they store. Discovery of cloud apps and data Assess cloud app risk based on ~60 security and compliance risk factors. Cloud app risk assessment Protect your employees’ privacy while discovering cloud apps in your environment. Log anonymization Investigate cloud use profiles of specific users, machines, apps and groups. Advanced investigation tools
Control access to cloud apps as well as to sensitive data within these apps based on user, location, device, and app (any SAML-based app, any OS). Context-aware session policies Limit activities performed within user sessions in SaaS apps based on user identity, location, device state, and detected sign-in risk level. Unique integration with Azure Active Directory Enforce browser-based β€œview only” mode for low-trust sessions. Classify, label, and protect on download. Gain visibility into unmanaged device activity. Investigate & enforce app and data restrictions
Set granular policies to control data in the cloudβ€”either automated or based on file labelβ€”using out-of-the-box policies or ones you customize. Granular Data loss prevention (DLP) policies Control and protect sensitive files through policies and governance to comply with regulations (e.g., GDPR, HIPAA, PCI, SOX). Compliance policies Identify policy violations, enforce actions such as quarantine and permissions removal. Policy enforcement Apply protection, including encryption and classification, to files with sensitive information Native protection – at rest and inline
User manually classifies a file in Office apps, Cloud App Security reads classification from the file to give admins visibility to cloud activities on this data: Upload, sharing & download. Sharing control based on user input Proxy automatically encrypts files labeled as β€œinternal” upon download to non-corporate owned devices Prevent corporate data leakage based on classification
Assess risk in each transaction and identify anomalies in your cloud environment that may indicate a breach. Behavioral analytics Enhance behavioral analytics with insights from the Microsoft Intelligent Security Graph to identify anomalies and attacks. Threat intelligence Customize detections based on your findings. Customization Gain useful insights from user, file, activity, and location logs. Pivot on users, file, activities and locations. Advanced investigation & multiple views Remediate threats and security issues with a single click. Single-click remediation
Why Cloud App Security is different Discover SaaS apps & assess risk Identify more than 15,000 apps and assess their risk based on 60 different parameters, including regulatory compliance. Gain unified information protection Set granular control policies and enforce them on your cloud apps and dataβ€”whether from Microsoft or other vendorsβ€”using powerful remediation actions. Control and limit access in real time Set granular access- and activity-level policies, such as allowing access from an unmanaged device while blocking downloads of sensitive data. Support your compliance journey with key regulations Discover and control data in the cloud with granular policies to help you comply with regulations such as Payment Card Industry (PCI) and General Data Protection Regulation (GDPR). Detect & mitigate ransomware attacks Identify potential ransomware activity with a built-in template that can search for unique file extensions, suspend suspect users, and prevent further encryption of user files. Integrate with your existing SIEM & DLP solutions Preserve your usual workflow and set a consistent policy across on-premises and cloud activities while automating security procedures.
Β©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION18 MCAS and Zscaler Use Cases
Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Users: Identify and Control Restricted Apps Protect users and data using closed loop control (Zscaler) Restricted Apps Discover risky cloud usage (Zscaler + Microsoft Cloud App Security)
Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Users and Data: Securely Enable Permitted Apps Permitted Apps DLP to block sensitive data (e.g. Source code uploaded to GitHub) (Zscaler) Granular visibility (e.g. GitHub repositories in use) (Microsoft Cloud App Security) Visibility into mobile users (e.g. GitHub use from a coffee shop) (Zscaler) Granular DLP (e.g. Allow uploads to permitted GitHub repositories, block uploads to others) (Zscaler & Microsoft Cloud App Security) Detect and prevent malware (e.g. malware distributed via personal email) (Zscaler)
Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Data: Securely Enable Adoption of Sanctioned Apps Sanctioned Apps Enforce DLP and collaboration controls (e.g. Prevent sharing files from OneDrive with unauthorized domains) (Microsoft Cloud App Security) Encrypt data using customer-controlled keys (e.g. Encrypt PII within Salesforce) (Microsoft Cloud App Security) Audit data and configuration, identify violations (Microsoft Cloud App Security) Enforce access control policies on managed/unmanaged devices (e.g. Block download of a Salesforce report to an unmanaged device) (Zscaler + Microsoft Cloud App Security) UEBA to protect against malicious insiders, negligent use, and compromised accounts (e.g. Download customer list from Salesforce) (Microsoft Cloud App Security) Data exfiltration by malware and malicious insiders to shadow apps (e.g. Download customer list from Salesforce and upload to ZippyShare) (Zscaler) Predictable user experience (e.g. Guaranteed bandwidth for O365 vs. YouTube) (Zscaler)
Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Zscaler and MCAS Integration
Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Setting up Zscaler & Microsoft Cloud App Security Integration Microsoft Cloud App Security Tenant Bonding Tenant Bonding SSO Zscaler NSS Log Forwarding Create Unsanctioned App PolicyAPI Polling Unsanctioned Apps URL category SSO Enforce Policy End User PAC/ZApp Planned with 5.6
Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Solution Demo
Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Thank You! Questions and Next Steps 25 Dhawal Sharma Director, Product Management at Zscaler dhawal@zscaler.com Zscaler Cloud App Control zscaler.com/cloudapp Microsoft Cloud App Security aka.ms/Cloudappsecurity Overcoming the Challenges of Architecting for the Cloud Slow Office 365 Deployment? Let Zscaler help you get in the fast lane! zscaler.com/webcasts Niv Goldenberg Group Program Manager at Microsoft Niv.Goldenberg@microsoft.com Learn more about Microsoft Cloud App Security zscaler.com/webcasts Other On-Demand Webcasts
Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. June 25-27, 2018 The Cosmopolitan, Las Vegas Register at zenithlive.zscaler.com Join the conversation at community.zscaler.com

More Related Content

PPTX
Secure remote access to AWS your users will love
Zscaler
Β 
PPTX
Zscaler ThreatLabz dissects the latest SSL security attacks
Zscaler
Β 
PPTX
Rethinking Cybersecurity for the Digital Transformation Era
Zscaler
Β 
PPTX
MCAS High Level Architecture May 2021
Matt Soseman
Β 
PPTX
Microsoft Cloud Application Security Overview
Syed Sabhi Haider
Β 
PDF
Security Challenges in Cloud
MarketingArrowECS_CZ
Β 
PDF
Azure Information Protection
Microsoft
Β 
PPTX
Using m365 defender to protect against solorigate
Matt Soseman
Β 
Secure remote access to AWS your users will love
Zscaler
Β 
Zscaler ThreatLabz dissects the latest SSL security attacks
Zscaler
Β 
Rethinking Cybersecurity for the Digital Transformation Era
Zscaler
Β 
MCAS High Level Architecture May 2021
Matt Soseman
Β 
Microsoft Cloud Application Security Overview
Syed Sabhi Haider
Β 
Security Challenges in Cloud
MarketingArrowECS_CZ
Β 
Azure Information Protection
Microsoft
Β 
Using m365 defender to protect against solorigate
Matt Soseman
Β 

What's hot (20)

PDF
Microsoft threat protection + wdatp+ aatp overview
Allessandra Negri
Β 
PDF
Azure Sentinel Tips
Mario Worwell
Β 
PDF
CSS17: Houston - Azure Shared Security Model Overview
Alert Logic
Β 
PPTX
3 Modern Security - Secure identities to reach zero trust with AAD
Andrew Bettany
Β 
PPTX
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
Netskope
Β 
PPTX
Azure Security Center- Zero to Hero
Kasun Rajapakse
Β 
PPTX
Dissecting ssl threats
Zscaler
Β 
PPTX
Get an office 365 expereience your users will love v8.1
Zscaler
Β 
PDF
Msft cloud architecture_security_commonattacks
Akram Qureshi
Β 
PPTX
Power of the cloud - Introduction to azure security
Bruno Capuano
Β 
PDF
Azure Security Center
Microsoft
Β 
PPTX
Azure Sentinel Jan 2021 overview deck
Matt Soseman
Β 
PDF
Microsoft Zero Trust
David J Rosenthal
Β 
PDF
introduction to Azure Sentinel
Robert Crane
Β 
PPTX
Migration to microsoft_azure_with_zscaler
Zscaler
Β 
PDF
How to protect your corporate from advanced attacks
Microsoft
Β 
PPTX
5 Highest-Impact CASB Use Cases - Office 365
Netskope
Β 
PPTX
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale
Β 
PPTX
Azure sentinel
Marius Sandbu
Β 
PPTX
Moving from appliances to cloud security with phoenix children's hospital
Zscaler
Β 
Microsoft threat protection + wdatp+ aatp overview
Allessandra Negri
Β 
Azure Sentinel Tips
Mario Worwell
Β 
CSS17: Houston - Azure Shared Security Model Overview
Alert Logic
Β 
3 Modern Security - Secure identities to reach zero trust with AAD
Andrew Bettany
Β 
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
Netskope
Β 
Azure Security Center- Zero to Hero
Kasun Rajapakse
Β 
Dissecting ssl threats
Zscaler
Β 
Get an office 365 expereience your users will love v8.1
Zscaler
Β 
Msft cloud architecture_security_commonattacks
Akram Qureshi
Β 
Power of the cloud - Introduction to azure security
Bruno Capuano
Β 
Azure Security Center
Microsoft
Β 
Azure Sentinel Jan 2021 overview deck
Matt Soseman
Β 
Microsoft Zero Trust
David J Rosenthal
Β 
introduction to Azure Sentinel
Robert Crane
Β 
Migration to microsoft_azure_with_zscaler
Zscaler
Β 
How to protect your corporate from advanced attacks
Microsoft
Β 
5 Highest-Impact CASB Use Cases - Office 365
Netskope
Β 
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale
Β 
Azure sentinel
Marius Sandbu
Β 
Moving from appliances to cloud security with phoenix children's hospital
Zscaler
Β 
Ad

Similar to Maximize your cloud app control with Microsoft MCAS and Zscaler (20)

PPTX
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Karim Vaes
Β 
PPTX
What Comes After VPN?
Zscaler
Β 
PPTX
Faster, simpler, more secure remote access to apps in aws
Zscaler
Β 
PDF
Cloud Application Security --Symantec
Abhishek Sood
Β 
PDF
netskope-casb-for-microsoft-365.pdf
test888649
Β 
PDF
netskope-casb-for-microsoft-365.pdf
test888649
Β 
PDF
Cloud App Security Customer Presentation.pdf
ErikHof4
Β 
PPTX
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Cristian Garcia G.
Β 
PDF
EveryCloud_Company_Intro_Piece
Keith Purves
Β 
PDF
EveryCloud_Company_Intro_Piece
Paul Richards
Β 
PDF
Securing Your Cloud Applications
IBM Security
Β 
PPTX
01-Chapter 01-Introduction to CASB and Netskope.pptx
ssuser4c54af
Β 
PDF
Cloud Security (CASB) for Slack
Sachin Yadav
Β 
PDF
Microsoft Cloud App Security CASB
Ammar Hasayen
Β 
PPTX
casb_by_.pptx
shahnawaz_pirates
Β 
PPTX
Key Capibilities.pptx
MuhammadNaumanAkram1
Β 
PDF
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera Technologies
Β 
PDF
Cloud Security, Standards and Applications
Dr. Sunil Kr. Pandey
Β 
PDF
Cloudflare_Everywhere_Security_Solution_Brief (1).pdf
petchphumsanit40
Β 
PPTX
FullDay on Fridays Feb. 3, 2017
Adam Faeder
Β 
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Karim Vaes
Β 
What Comes After VPN?
Zscaler
Β 
Faster, simpler, more secure remote access to apps in aws
Zscaler
Β 
Cloud Application Security --Symantec
Abhishek Sood
Β 
netskope-casb-for-microsoft-365.pdf
test888649
Β 
netskope-casb-for-microsoft-365.pdf
test888649
Β 
Cloud App Security Customer Presentation.pdf
ErikHof4
Β 
Proteja sus datos en cualquier servicio Cloud y Web de forma unificada
Cristian Garcia G.
Β 
EveryCloud_Company_Intro_Piece
Keith Purves
Β 
EveryCloud_Company_Intro_Piece
Paul Richards
Β 
Securing Your Cloud Applications
IBM Security
Β 
01-Chapter 01-Introduction to CASB and Netskope.pptx
ssuser4c54af
Β 
Cloud Security (CASB) for Slack
Sachin Yadav
Β 
Microsoft Cloud App Security CASB
Ammar Hasayen
Β 
casb_by_.pptx
shahnawaz_pirates
Β 
Key Capibilities.pptx
MuhammadNaumanAkram1
Β 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera Technologies
Β 
Cloud Security, Standards and Applications
Dr. Sunil Kr. Pandey
Β 
Cloudflare_Everywhere_Security_Solution_Brief (1).pdf
petchphumsanit40
Β 
FullDay on Fridays Feb. 3, 2017
Adam Faeder
Β 
Ad

Recently uploaded (20)

PPTX
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
Β 
PPTX
CHE NAA, , b,mn,mblblblbljb jb jlb ,j , ,C PPT.pptx
sumodmjohn3
Β 
PDF
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
Β 
PPTX
Internet___Basics___Styled_ presentation
poonam62133
Β 
PDF
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
Β 
PDF
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
Β 
PDF
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
Β 
PDF
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
Β 
PPTX
QR Codes Qr codecodecodecodecocodedecodecode
SRMediaZone
Β 
PDF
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
Β 
PPTX
artificial intelligence overview of it and more
yafotin445
Β 
PPTX
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
Β 
PPTX
Introuction about WHO-FIC in ICD-10.pptx
naveenithkrishnan
Β 
PDF
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
Β 
PPTX
SAP Ariba Sourcing PPT for learning material
NKKumar16
Β 
PDF
πŸ’° π”πŠπ“πˆ πŠπ„πŒπ„ππ€ππ†π€π πŠπˆππ„π‘πŸ’πƒ π‡π€π‘πˆ 𝐈𝐍𝐈 πŸπŸŽπŸπŸ“ πŸ’°
GRAB
Β 
PPT
tcp ip networks nd ip layering assotred slides
pakadamfdp
Β 
PDF
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
Β 
PDF
Testing WebRTC applications at scale.pdf
Giacomo Vacca
Β 
PPTX
Funds Management Learning Material for Beg
NKKumar16
Β 
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
Β 
CHE NAA, , b,mn,mblblblbljb jb jlb ,j , ,C PPT.pptx
sumodmjohn3
Β 
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
Β 
Internet___Basics___Styled_ presentation
poonam62133
Β 
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
Β 
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
Β 
Cloud-Scale Log Monitoring _ Datadog.pdf
MuhammadDhomanhuriMa
Β 
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
Β 
QR Codes Qr codecodecodecodecocodedecodecode
SRMediaZone
Β 
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
Β 
artificial intelligence overview of it and more
yafotin445
Β 
international classification of diseases ICD-10 review PPT.pptx
naveenithkrishnan
Β 
Introuction about WHO-FIC in ICD-10.pptx
naveenithkrishnan
Β 
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
Β 
SAP Ariba Sourcing PPT for learning material
NKKumar16
Β 
πŸ’° π”πŠπ“πˆ πŠπ„πŒπ„ππ€ππ†π€π πŠπˆππ„π‘πŸ’πƒ π‡π€π‘πˆ 𝐈𝐍𝐈 πŸπŸŽπŸπŸ“ πŸ’°
GRAB
Β 
tcp ip networks nd ip layering assotred slides
pakadamfdp
Β 
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
Β 
Testing WebRTC applications at scale.pdf
Giacomo Vacca
Β 
Funds Management Learning Material for Beg
NKKumar16
Β 

Maximize your cloud app control with Microsoft MCAS and Zscaler

  • 1. Β©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION0 ZSCALER CONFIDENTIAL INFORMATION Maximize your cloud app control with Microsoft MCAS and Zscaler Dhawal Sharma | Director of Product Management at Zscaler Niv Goldenberg | Group Program Manager at Microsoft
  • 2. Β©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION1 To ask a question β€’ Type your questions into the chat box in the Webex panel or email us at communications@zscaler.com β€’ We’ll try to get to all questions during the Q&A session. If we do not get to your question, we’ll make sure to follow up afterwards β€’ At the end of the webcast – please let us know how we did! Β©2017 Zscaler, Inc. All rights reserved. Ask your question here…
  • 3. Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. HQ Branch Branch Branch Branch Branch Branch BranchBranch Home, Coffee Shop Airport, Hotel SaaS Open Internet IaaS Cloud and Mobility Break Network Security The Internet is Your New Corporate Network β€œGE will run 70 percent of its workload in the cloud by 2020” Jim Fowler, CIO β€œThe Internet will be our new corporate network by 2020” Frederik Janssen, Head of Infrastructure β€œOffice 365 was built to be accessed via direct Internet connection” How do you secure a network (Internet) you don’t control? EMEAAPJ
  • 4. Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Cloud and mobility break network security HQ EMEA Branch APJ Branch Branch Branch Branch Branch BranchBranch Zscaler enables secure network and application transformation NEW SECURITY MODEL Secure the Network Securely connect users to apps Direct to Internet Broadband / Wi-Fi / LTE / 5G NEW NETWORK MODEL OLD SECURITY MODEL Hub-and-Spoke MPLS / VPN OLD NETWORK MODEL Secure the Corporate Network SaaS Open Internet IaaS Home, Coffee Shop Airport, Hotel
  • 5. On average, an organization has 28 cloud storage apps and 41 collaboration apps routinely used by its employees. On-premises
  • 6. But Office 365 Deployments are stuck in the slow lane! A deployment survey of over 200 customers had problems accessing business-critical applications including Office 365. 45% Many were plagued by bandwidth and network latency issues on a daily and weekly basis 70%Weekly issues reported 33%Daily issues reported Despite appliance upgrades, after deployment:
  • 7. Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Categorize Cloud Apps Into Categories β€’ After discovery, categorize cloud services (CSP) using risk ratings and company policies β€’ Separate cloud services into sanctioned, permitted, and restricted services β€’ Enforce appropriate controls for each category Sanctioned Apps Permitted Apps Restricted Apps
  • 8. Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Zscaler Provides CASB Functions for Inline Content Internet & Shadow Apps (managed devices and on-premise) Allow enterprises to securely enable cloud apps by providing Cloud App Visibility, Content Inspection, Security and Cloud App Compliance Visibility App Logging & Discovery Threat Prevention Stop Malware Data Protection DLP & Encryption Compliance UEBA, Access Controls User Experience Bandwidth Control, Peering Vision HQMobile BranchIOT Inline Policy Controls
  • 9. Β© 2017 Riverbed Technology. All rights reserved. 8 Cloud App Security
  • 10. Β©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION9 Microsoft Cloud Application Security (MCAS) Overview
  • 11. A comprehensive, intelligent security solution that brings visibility, real-time controls and security to your cloud applications. ControlDiscover Protect Integrates with your SIEM, Identity and Access Management, DLP and Information Protection solutions
  • 12. Discover and assess risks Protect your information Detect threats Control access in real time Identify cloud apps on your network, gain visibility into shadow IT, and get risk assessments and ongoing analytics. Get granular control over data and use built-in or custom policies for data sharing and data loss prevention. Identify high-risk usage and detect unusual behavior using Microsoft threat intelligence and research. Manage and limit cloud app access based on conditions and session context, including user identity, device, and location. 101010101 010101010 101010101 01011010 10101
  • 13. Get anomalous usage alerts, new app and trending apps alerts. On-going analytics Discover 15K+ cloud apps in use across your networks and sensitive data they store. Discovery of cloud apps and data Assess cloud app risk based on ~60 security and compliance risk factors. Cloud app risk assessment Protect your employees’ privacy while discovering cloud apps in your environment. Log anonymization Investigate cloud use profiles of specific users, machines, apps and groups. Advanced investigation tools
  • 14. Control access to cloud apps as well as to sensitive data within these apps based on user, location, device, and app (any SAML-based app, any OS). Context-aware session policies Limit activities performed within user sessions in SaaS apps based on user identity, location, device state, and detected sign-in risk level. Unique integration with Azure Active Directory Enforce browser-based β€œview only” mode for low-trust sessions. Classify, label, and protect on download. Gain visibility into unmanaged device activity. Investigate & enforce app and data restrictions
  • 15. Set granular policies to control data in the cloudβ€”either automated or based on file labelβ€”using out-of-the-box policies or ones you customize. Granular Data loss prevention (DLP) policies Control and protect sensitive files through policies and governance to comply with regulations (e.g., GDPR, HIPAA, PCI, SOX). Compliance policies Identify policy violations, enforce actions such as quarantine and permissions removal. Policy enforcement Apply protection, including encryption and classification, to files with sensitive information Native protection – at rest and inline
  • 16. User manually classifies a file in Office apps, Cloud App Security reads classification from the file to give admins visibility to cloud activities on this data: Upload, sharing & download. Sharing control based on user input Proxy automatically encrypts files labeled as β€œinternal” upon download to non-corporate owned devices Prevent corporate data leakage based on classification
  • 17. Assess risk in each transaction and identify anomalies in your cloud environment that may indicate a breach. Behavioral analytics Enhance behavioral analytics with insights from the Microsoft Intelligent Security Graph to identify anomalies and attacks. Threat intelligence Customize detections based on your findings. Customization Gain useful insights from user, file, activity, and location logs. Pivot on users, file, activities and locations. Advanced investigation & multiple views Remediate threats and security issues with a single click. Single-click remediation
  • 18. Why Cloud App Security is different Discover SaaS apps & assess risk Identify more than 15,000 apps and assess their risk based on 60 different parameters, including regulatory compliance. Gain unified information protection Set granular control policies and enforce them on your cloud apps and dataβ€”whether from Microsoft or other vendorsβ€”using powerful remediation actions. Control and limit access in real time Set granular access- and activity-level policies, such as allowing access from an unmanaged device while blocking downloads of sensitive data. Support your compliance journey with key regulations Discover and control data in the cloud with granular policies to help you comply with regulations such as Payment Card Industry (PCI) and General Data Protection Regulation (GDPR). Detect & mitigate ransomware attacks Identify potential ransomware activity with a built-in template that can search for unique file extensions, suspend suspect users, and prevent further encryption of user files. Integrate with your existing SIEM & DLP solutions Preserve your usual workflow and set a consistent policy across on-premises and cloud activities while automating security procedures.
  • 19. Β©2017 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION18 MCAS and Zscaler Use Cases
  • 20. Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Users: Identify and Control Restricted Apps Protect users and data using closed loop control (Zscaler) Restricted Apps Discover risky cloud usage (Zscaler + Microsoft Cloud App Security)
  • 21. Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Users and Data: Securely Enable Permitted Apps Permitted Apps DLP to block sensitive data (e.g. Source code uploaded to GitHub) (Zscaler) Granular visibility (e.g. GitHub repositories in use) (Microsoft Cloud App Security) Visibility into mobile users (e.g. GitHub use from a coffee shop) (Zscaler) Granular DLP (e.g. Allow uploads to permitted GitHub repositories, block uploads to others) (Zscaler & Microsoft Cloud App Security) Detect and prevent malware (e.g. malware distributed via personal email) (Zscaler)
  • 22. Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Data: Securely Enable Adoption of Sanctioned Apps Sanctioned Apps Enforce DLP and collaboration controls (e.g. Prevent sharing files from OneDrive with unauthorized domains) (Microsoft Cloud App Security) Encrypt data using customer-controlled keys (e.g. Encrypt PII within Salesforce) (Microsoft Cloud App Security) Audit data and configuration, identify violations (Microsoft Cloud App Security) Enforce access control policies on managed/unmanaged devices (e.g. Block download of a Salesforce report to an unmanaged device) (Zscaler + Microsoft Cloud App Security) UEBA to protect against malicious insiders, negligent use, and compromised accounts (e.g. Download customer list from Salesforce) (Microsoft Cloud App Security) Data exfiltration by malware and malicious insiders to shadow apps (e.g. Download customer list from Salesforce and upload to ZippyShare) (Zscaler) Predictable user experience (e.g. Guaranteed bandwidth for O365 vs. YouTube) (Zscaler)
  • 23. Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Zscaler and MCAS Integration
  • 24. Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Setting up Zscaler & Microsoft Cloud App Security Integration Microsoft Cloud App Security Tenant Bonding Tenant Bonding SSO Zscaler NSS Log Forwarding Create Unsanctioned App PolicyAPI Polling Unsanctioned Apps URL category SSO Enforce Policy End User PAC/ZApp Planned with 5.6
  • 25. Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Solution Demo
  • 26. Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Thank You! Questions and Next Steps 25 Dhawal Sharma Director, Product Management at Zscaler dhawal@zscaler.com Zscaler Cloud App Control zscaler.com/cloudapp Microsoft Cloud App Security aka.ms/Cloudappsecurity Overcoming the Challenges of Architecting for the Cloud Slow Office 365 Deployment? Let Zscaler help you get in the fast lane! zscaler.com/webcasts Niv Goldenberg Group Program Manager at Microsoft Niv.Goldenberg@microsoft.com Learn more about Microsoft Cloud App Security zscaler.com/webcasts Other On-Demand Webcasts
  • 27. Β©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. June 25-27, 2018 The Cosmopolitan, Las Vegas Register at zenithlive.zscaler.com Join the conversation at community.zscaler.com

Editor's Notes

  • #4: As users moved out side corporate networks and applications moved out of data center into SaaS and IaaS platforms, Internet became your corporate network. By 2020, many progressive CIOs like at Siemens and GE will adapt Internet as corporate network and start getting rid of the whole DMZ or corporate β€˜moat and castles’ they have built since 1990s.
  • #6: Statistic source: ** http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report https://www.mcafee.com/us/solutions/lp/cloud-security-report.html
  • #10: β€œWe are the perfect complement” Β We are the Ying and the Yang. Riverbed provides the SD WAN to allow local internet breakout and banch internet offload, which Zscaler secures the new perimeter i.e. Internet with its 100+ data centers.
  • #13: Purpose of slide: Describe Cloud App Security at a high level Key takeaways Microsoft Cloud App Security is a comprehensive service providing deep visibility, granular controls and enhanced threat protection for your cloud apps. It identifies 14,000+ cloud applications in your networkβ€”from all devicesβ€”and provides ongoing risk assessment and analytics. No agents required: information is collected from your firewalls and proxies to give you complete visibility and context for cloud usage and shadow IT.
  • #17: Purpose of slide: Describe integration of Cloud App Security and Azure Information Protection Key takeaways Through integration with Azure Information Protection, you can use the Cloud App Security portal to set policies for files sharing – based on their level of sensitivity to the business as set by Azure Information Protection. Integration of Azure Information Protection and Cloud App Security extends visibility into sensitive data at it moves to cloud locations. Cloud App Security admins can configure policies to read Azure Information Protection labels and take appropriate actions or raise alerts. When there is a violation against your policies, you will receive an alert. After you have thoroughly investigated and learned about this violation, you can use governance actions to protect your data in the cloud apps right away. Every insight is actionable, allowing you to remediate with a single click or implement data sharing and granular usage policies. For instance, you can: Put files into quarantine so only user can access the file Restrict sharing (i.e. make a link private) Send notifications to users who shared these sensitive files
  • #18: Purpose of slide: Describe how Cloud App Security assists with threat detection Key takeaways In addition to the capabilities we outlined earlier, Cloud App Security helps you to protect your data in cloud apps from cybersecurity threats. You can identify anomalies in your cloud usage that may be indicative of a data breach. Cloud App Security advanced machine learning heuristics learn how each user interacts with each SaaS application and, through behavioral analysis, assesses the risks in each transaction. This includes simultaneous logins from two countries, the sudden download of terabytes of data, or multiple failed login attempts that may signify a brute force attack. Anomaly detection draws from Microsoft’s vast amount of threat intelligence and security research data. Cloud App Security benefits from Microsoft’s holistic, agile security platform, and is informed by insights from Microsoft Intelligent Security Graph.