CipherCloud Chronicles #5: Insights Investigate

In today’s IT security environment, the work of uncovering “bad actors” and their nefarious sources is most often the responsibility of security administrators. To help enable this effort, CipherCloud CASB+ provides a single pane of glass view across SaaS apps, users and data to help unearth and remediate cloud-based threats.

Insights Investigate specifically enables administrators to focus on those incidents that directly involve the most troublesome policy violations, assign a severity level to those incidents, and then specify the appropriate response actions. Importantly, this powerful feature provides a 360-degree view of all these incidents and related resources all in a centralized manner, including:

• Incident Management – listing all the policy violations and allowing administrators to filter incidents based on the timeframe (day, date, hour), specific cloud (both managed or unmanaged), severity (low, medium, high), or status (open, under investigation, resolved).

• Incident Insights – presenting a detailed graphical view of incident counts based on type of violation – including login, DLP, DRM, and external sharing violations, as well as malware threats, geography-based anomalies, and location-based anomalies.
• Entity Insights – highlighting incident counts based on their source, including user, device, location, application, content, and external user, among many others.

Insights Investigate further enables strategic analysis and response in concert with other CipherCloud CASB+ product capabilities such as:

• User Management – providing user-based profiling, based on the involved policy violation count. For example, users with higher counts are rated as risky such that admins can identify them and better configure related policies.
• User and Entity Behavior Analytics (UEBA) – detecting patterns of anomalous user behavior in real-time, across multiple clouds, and preventing accounts from being compromised by malicious insiders and external threats.

CipherCloud CASB+ Insights Investigate clearly enables centralized visibility into the most important, problematic cloud and data security policy violations to detect and weed out bad actors from the larger environment.