CloudSOC CASB Gateway

 View Only
  • 1.  CASB Gateway

    Posted Sep 24, 2019 11:16 AM

    Guys, i will be working on CASB Policy for a deployment. Can anyone share the policy list that is available on the CASB. ?

    Any policy deployment guide that was done on previous deployment. Anyone?

     

    Thank you



  • 2.  RE: CASB Gateway

    Broadcom Employee
    Posted Sep 24, 2019 02:36 PM

    I have a new document I'm proofing for publication both on our external web page and the Tech Notes.

    Drop me a line at jeannie_warner@symantec.com and we'll find out if I cover what you're looking for.

     



  • 3.  RE: CASB Gateway
    Best Answer

    Broadcom Employee
    Posted Sep 24, 2019 06:34 PM

    It's clearest to talk about Policy Types. Here's how I've written it up in the manual:

    Policy Types Explained

    Data Exposure & Access Monitoring Securlet Policies – as above, policy types use the Securlet/API connection to work

    Access Enforcement, File Sharing, and Data Exposure via Gatelets – these are the policies are managed by the CloudSOC Gateway

    Shadow IT Discovery - Audit Policies are available that allow alerting of the user, admin, or IT team when a cloud service/application is used which violates policy on BRR score – or simply outside the company’s policy. For instance, if you have an HR rule stating no use of Netflix during work hours, you can enforce this with a warning and notifications.

    Detector Based Policies – These policies are based on four detector types:

    • Threshold-based UBA with customizable thresholds for actions to identify when behavior exceeds normal use and indicates a potential threat. For example, a threshold for number of login attempts within a timeframe and if the number of login attempts exceeds this number, trigger a policy. Another example could be identifying login attempts from different locations in quick succession, which would indicate an attempt to compromise an account.
    • Threats-based detectors are triggered when network users upload or download content containing viruses or malware.
    • Sequence UBA detects risk based on a sequence of user actions. The sequence detection feature can identify a series of events that in concert signify high risk activity which individually would not be identifiable as a risk. For example, a rogue employee wants to share a sensitive file with an external accomplice. He does not want to be noticed doing any share, upload or download operation on the sensitive file. The following sequence accomplishes the exfiltration. He creates a new file F, then opens and views the sensitive file, selects all of the text from the sensitive file, copies and pastes it in file F, shares the file F with the accomplice, and then deletes the file F after the accomplice has downloaded it. (Advanced)
    • Multi-user UBA correlates UBA data across multiple users to detect behavior patterns that are only abnormal when viewed as a multi-user trend. This is a good identifier for low and slow attacks such as when multiple malware infected machines are trying to log in to accounts by guessing common passwords.


  • 4.  RE: CASB Gateway
    Best Answer

    Posted Sep 24, 2019 10:23 PM

    Great. Thank you Jeannie