As departments adopt more cloud services to perform business critical activities, the Symantec cloud team is working hard to help IT organizations quickly extend their cloud monitoring and control capabilities to protect more cloud services.
SuccessFactors, Google Hangouts, and Facebook Workplace are among the many new and enhanced services supported by CloudSOC to help organizations monitor and secure data and accounts in the cloud. The CloudSOC data science team recently deployed a new machine learning system that can automatically learn to read cloud app traffic. Within weeks of being deployed, this new system has already added granular activity monitoring and control for over 30 new cloud apps to the CASB Gateway.
The data science core in CloudSOC helps IT departments secure a constantly changing, vast landscape of cloud territory, providing intelligence to address cloud challenges, such as:
●Cloud providers update and change their services without warning.
●End users regularly adopt new cloud apps without notifying IT.
●End users control what content they choose to upload and share—often without fully understanding the risks associated with what they do.
●Third parties opportunistically uncover confidential company data accidentally shared with the public.
●Cyber criminals target cloud accounts to access data, spread malware, or exfiltrate data.
Organizations need deep visibility into real-time traffic, not just what apps users are accessing, but also what exactly users are doing with a cloud app. Getting to this level of granular and contextual knowledge is difficult. It requires a system with the ability to read the real meaning in volumes of traffic that uses obscure machine language identifiers to communicate with disparate systems. Additionally, this system must be adaptive, able to use a foundation of knowledge based on a continually learning system because these machine language identifiers can be changed without notice or documentation at any time by 3rd party cloud service development teams.
One of the ways CloudSOC tracks transactions with cloud apps (sanctioned and unsanctioned platforms, corporate and personal accounts) is through an inline gateway. The CloudSOC CASB Gateway relies on an artificial intelligence engine called StreamIQ to read the machine language in real time to identify and control risky behavior and confidential content between end users and cloud apps. The CloudSOC data science team leverages the horsepower of cloud computing and both supervised and unsupervised machine learning to create StreamIQ. This intelligence system drives accurate and deep activity tracking for a broad and continually increasing range of cloud apps. StreamIQ intelligence also enables CloudSOC to detect more threats such as malicious insiders and abnormal behavior, enforce protection with a more granular level of control, and investigate security incidents more effectively.
The latest enhancements to StreamIQ accelerate CloudSOC’s ability to learn to read new cloud service machine languages. After only one month of deployment, CloudSOC has already added granular visibility and control for more than 30 new apps. The CloudSOC CASB Gateway can monitor and enforce granular security controls on sanctioned and unsanctioned cloud apps and with the powerful StreamIQ system, it can easily learn new apps as they become important to our customers.
Learn more about CloudSOC here.