Skyfence Cloud Application Gateway
Visibility and Control for Cloud Apps
Overview:
The bring-your-own cloud app trend with apps like Salesforce.com, Dropbox, Office365, NetSuite and hundreds of others has created a blind spot for IT that cannot be addressed by traditional perimeter security and endpoint controls. The Skyfence Cloud Gateway accurately identifies all application use and analyzes related risks. With Dynamic User and Device Fingerprinting™, organizations can also enforce controls for both cloud and data center apps to prevent account-centric threats, meet compliance and protect data. With Skyfence, users get the apps they want and IT gets the visibility and control they need.
See What You Are Missing
The “bring-your-own” cloud app trend has created a blindspot for IT that cannot be addressed by traditional perimeter and endpoint controls. To fully benefit from the cloud, organizations need to gain visibility into applications being used and minimize the risks to their data. Skyfence automatically profiles all the user, endpoint and application attributes to discover app usage, assess risk and enable context-aware policies.
Cloud services including email, storage, file sharing, CRM and HR apps reduce costs for organizations but can introduce significant risks to critical information assets. As sensitive and business-critical data moves to the cloud IT must:
- Discover all cloud apps and who is using them
- Analyze app risks, monitor user activity and sensitive data access
- Enforce consistent policies across all apps and immediately detect attacks based on anomalous behavior and block compromised accounts
Skyfence addresses all of these business-critical issues. And many organizations are finding Skyfence is the solution for non-intrusive and cost-effective alternatives to VPNs, endpoint control, cloud SIEM enablement and privileged user monitoring.
Understand User Activity. Prevent Account-Centric Attacks.
Just as critical to organizations and cloud service providers are the Web apps they make available to their customers. These apps may run in the company’s data center or in public cloud computing environments and are vulnerable to a growing number of threats.
Skyfence Cloud Gateway provides the intelligence needed by organizations to act on suspicious behavior that signals an account takeover. In addition, the Skyfence Cloud Gateway provides:
- Complete profiling of customer behavior and their endpoint devices
- Monitoring administrator activity including screen views, data changes and configuration changes
- Blocking access or forcing strong authentication in response to an account takeover
Flexible Deployment Options
Skyfence offers a variety of deployment modes that support the real-world needs of organizations. Skyfence Cloud Gateway is available as a cloud service, on-premise appliance or virtual appliance, and a managed service. The cloud service is a quick and simple way to protect users inside and outside your corporate network. When using the gateway on-premise inline and offline configurations are supported.
Skyfence Cloud Gateway supports a lifecycle approach that enables continuous discovery, risk assessment and policy enforcement for cloud app protection. Each Skyfence product supports critical capabilities at each stage of the lifecycle and fits your organizations plans for cloud app adoption.
|
|
|
| Skyfence Cloud Discovery ensures organizations have complete visibility and risk scoring of all cloud apps used. | Skyfence Cloud Analytics provides detailed monitoring and real-time usage analytics for all of your cloud apps. | Skyfence Cloud Protection enables automated threat prevention ensuring safe and productive cloud app use. |
Features:
See and Control Employee Use of SAAS Apps
Cloud services including email, file sharing, CRM, financials and HR apps reduce costs for organizations but can introduce significant risks to critical information assets. As sensitive and business-critical data moves to the cloud, Skyfence helps organizations:
- Discover all cloud apps and who is using them
- Analyze app risks, monitor user activity and access to sensitive data
- Enforce consistent policies across all apps and immediately detect and prevent attacks based on anomalous behavior
Automate Cloud App Discovery
Skyfence discovers and catalogs all cloud apps accessed by users – both sanctioned and unsanctioned. Organizations get centralized data analysis and reporting of cloud app usage including which users are accessing and full details on the number of users, activity level, traffic volume and usage hours for each app.
Additionally, numerous metrics are provided to help organizations understand the risks associated with the use of each cloud app. Risk metrics such as the status of service provider audits (e.g. SSAE 16), compliance requirements (e.g. PCI AoC) and many other critical criteria are consolidated and measured so organizations can use the risk score of each app to prioritize their app migration efforts and ensure users are safe and productive.
The non-intrusive process does not require any installation of agents or changes to applications.
Understand the Big Picture, or Dive Down to the Smallest Detail
Skyfence Cloud Analytics give organizations the operational intelligence they need for a comprehensive evaluation of cloud risk. Skyfence Cloud Analytics goes beyond app discovery to provide detailed risk and analytics of user, app and endpoint usage while generating consistent user activity logs for your entire cloud environment. Skyfence Cloud Analytics is a scalable solution to monitor and analyze activity no matter how many services are in use and critically provides insight and intelligence into:
- Data usage: Who viewed or modified what, when, and how often
- Administrator activity: Including settings, permissions, and data access
- API activity: Cloud app and services data through an accessed via APIs
And Skyfence Cloud Analytics has ready-to-go enterprise integrations that make it simple to integrate with enterprise directories, Single Sign-On providers and market leading SIEM solutions.
Prevent Account-Centric Threats for all your Apps
Skyfence Cloud Protection is a cloud app security and control solution that provides comprehensive management – including discovery, risk, analytics and policy enforcement – for all your cloud apps. As the flagship Skyfence offering, it integrates the discovery, risk and analytic capabilities of other Skyfence products with granular policy enforcement and endpoint access control.
Skyfence Cloud Protection employs unique Dynamic User and Device Fingerprinting™ technology to quickly establish a complete and detailed profile of behavior based on the normal patterns of use for each user and department, including all the endpoints used. Any access that fails the fingerprint test can be configured to immediately alert, block or require two-factor identity verification in real-time, giving enterprises the ability to automatically enforce security policies across all their cloud services without impacting user experience or burdening IT operations staff.
Your cloud – seen, understood and protected.
Secure your Data Center Apps & Enhance your WAF Deployment
Just as critical to enterprises and cloud service providers are the Web apps they make available to their customers and partners. These apps may run in the company’s data center or in public cloud computing environments and are vulnerable to a growing number of account-centric threats.
Skyfence Cloud Gateway provides the intelligence needed by organizations to act on suspicious behavior that signals an account takeover. In addition, the Skyfence Cloud Gateway provides:
- Complete profiling of customer behavior and their endpoint devices
- Monitoring of administrator and privileged user activity
- Blocking access or enforcing policy in response to an account takeover
Skyfence Cloud Discovery:
See through your blindspots – bring “Shadow IT” into the light
Cloud apps such as Dropbox, Salesforce, NetSuite, Office365 and Google Apps make adoption and account creation easy for users but IT is often blind to which cloud apps are being used and what users are doing with them.
Skyfence Cloud Discovery is the first step in eliminating IT blindspots created by the rapid adoption of cloud apps and the “bring-your-own-app” trend. Skyfence discovers and catalogs all cloud apps accessed by users – both sanctioned and unsanctioned – providing detailed visibility of usage, activities and risk information.
Skyfence Cloud Discovery is part of the Skyfence Cloud Gateway family of products that includes Skyfence Cloud Analytics and Skyfence Cloud Protection.
Features in Skyfence Cloud Discovery include:
Cloud App Discovery
Skyfence uncovers cloud apps by inspecting data in user access logs across the enterprise. The solution aggregates multiple user access logs from web-proxies and firewalls providing global and regional views of app discovery, risk scoring and usage levels. This facilitates the distribution of scans and consolidates the results in an intuitive and easy to navigate central console.
The Skyfence discovery process is enterprise-grade following best practices that log files are never exposed outside the corporate network. The app discovery scan and risk scoring is done by a locally executable tool that scans existing logs files either manually or on an automatic schedule. The non-intrusive process does not require any installation of agents or changes to applications.
Cloud App Usage Summary
Skyfence Cloud Discovery automates the process of determining which cloud apps users are accessing and details the number of users, activity level, traffic volume and usage hours for each app.
Cloud App Risk Scoring and Advanced Metrics
Skyfence Cloud Discovery gives organizations the ability to categorize cloud apps and prioritize each cloud app as high, medium or low risk. Risk metrics such as the status of service provider audits (e.g. SSAE-16), compliance requirements (e.g. PCI AoC) and many other critical criteria are consolidated and measured so organizations can use the risk score of each app to prioritize their risk migration efforts.
In addition, the advanced risk metrics feature lets organizations customize risk weightings so app metrics can be adjusted to reflect the risk to their specific business operations.
Centralized Discovery Dashboard
Skyfence Cloud Discovery supports a dashboard for centralized review and analysis of scan results. Organizations can review the details of discovered apps per scan, compare scans from different corporate locations or aggregate all scans into one consolidated view. The dashboard ensures IT and Risk managers can get a global view of what is happening in their cloud environment.
Skyfence Cloud Discovery eliminates cloud app “blind spots” by providing summarized and detailed categorization of apps, traffic, users and risk metrics. Easily import logs from Palo Alto Networks, Blue Coat and other systems to generate reports & obtain comprehensive visibility over who is doing what in the cloud – without having log files leave your network.
Discovery Analytics
Skyfence Cloud Discovery gives IT staff and risk managers’ flexible tools to clearly understand the risk metrics associated with each app in use by their organization. Intelligent filtering and sorting of all cloud app metrics helps organizations understand and prioritize the risks of each cloud app as it relates to their business.
App Catalog and Risk Updates
Skyfence Cloud Discovery automatically distributes regular updates to Skyfence’s large and growing app catalog. In addition, app risk properties are continuously updated using research from Skyfence professionals and third-party sources.
Skyfence Cloud Analytics:
Understand the big picture; dive down to the smallest detail – in real-time.
Skyfence Cloud Analytics delivers a complete picture of cloud app risks and enables operational intelligence through detailed analytics of cloud app usage. In addition, Skyfence gives IT staff deeper insights by offering a detailed picture of cloud app usage through detailed monitoring – from the casual user to the savviest privileged users.
Skyfence Cloud Analytics integrates Skyfence Cloud Discovery’s aggregation of multiple app scans and app risk metrics with detailed monitoring and analytics of user, app and endpoint usage. The solution also generates consistent user activity logs for IT staff across the entire cloud environment – critical for effective risk management and for correlation with your existing SIEM environments.
Skyfence Cloud Analytics is a scalable solution to monitor and analyze activity no matter how many services are in use and provides critical insight and intelligence into:
- Data usage: Who viewed or modified what, when, and how often
- Privileged user monitoring: Including data access, configuration and user permission modifications
- API activity: Cloud app and services data accessed via APIs
And Skyfence Cloud Analytics has built-in enterprise integrations that make it simple to integrate with enterprise directories and market leading SIEM solutions from Arcsight, Splunk and Q1 Labs.
Features in Skyfence Cloud Analytics include:
Activity Monitoring and Analytics
Skyfence Cloud Analytics includes monitoring and analytics that creates a clear and accurate picture of user activity attributes including user ID, department, location, time, device, application actions and data objects accessed. Analyzing these details give IT valuable insights that only a real-time and proactive solution like Skyfence can provide. For example, Skyfence details who is using unmanaged endpoints, what data they accessed and from which locations.
View analytics detail by location, department, endpoint type, most active asset and more.
Privileged User Monitoring
Skyfence Cloud Analytics allows organizations to track, monitor and report all administrative and privileged user activity including data accesses, configuration changes, user permission modifications and developers use of APIs.
Role-based Administration
Skyfence Cloud Analytics supports granular, role-based administration enabling admin permissions to be defined for assets, policies and system settings.
Enterprise Reports
Skyfence Cloud Analytics includes advanced reports that generate detailed account, alert and activity information in tabular or chart formats. Using the intuitive reporting tool organizations can ensure that internal and external auditors have the reports they need for governance, risk management and compliance mandates such as PCI DSS, HIPAA and SOX.
Enterprise Infrastructure Integrations
Skyfence has built-in support for enterprise infrastructures that speeds up an organization’s ability to incorporate cloud app use into their existing operations including:
- Integration with Active Directory and other enterprise directories.
- Adaptors for direct feeds into popular SIEM solutions such as ArcSight, Splunk and Q1 Labs.
Skyfence Cloud Protection:
Your apps – seen, understood and protected.
Skyfence Cloud Protection is a cloud app visibility and control solution that provides comprehensive management – including discovery, risk, analytics and policy enforcement – for all your cloud apps. As the flagship Skyfence offering, it integrates the discovery, risk and analytic capabilities of Skyfence products with granular policy enforcement and endpoint access control.
Skyfence Cloud Protection includes innovative Dynamic User and Device Fingerprinting™ technology to quickly establish a complete and detailed profile of behavior based on the normal patterns of use for each user, department, and device. Any access that fails the fingerprint test can be configured to immediately alert, block or require two-factor identity verification in real-time, giving IT staff the ability to strongly authenticate users performing higher risk activity while automatically enforcing security policies across all their cloud services.
Features in Skyfence Cloud Protection include:
Automatic Anomaly Detection
Securing apps against account-centric threats is the highest priority for organizations looking to protect customer and employee facing applications and data. Combining detailed profiling across the user, endpoint devices and applications, Skyfence automatically detects anomalous usage and suspicious behavior allowing you to respond to external threats and malicious insider activity in real-time.
Granular, built-in policies enable Skyfence to automatically detect inside and outside attacks including account takeover, use of stolen credentials, brute force, man-in-the-middle attacks and suspicious data access activity.
Real-time Threat Prevention
Skyfence Cloud Protection uses advanced fingerprinting technology to respond to account-centric threats in real-time based on context sensitive intelligence spanning users, endpoints and apps. Skyfence can respond with monitoring, strong user verification and blocking of specific actions within an app or blocking account access entirely – putting control in the hands of IT and virtually eliminating the use of stolen credentials and breaches resulting from account centric attacks.
Skyfence Cloud Gateway includes a centralized dashboard that analyzes all activity, risks and threats for your cloud apps, allowing you to monitor and prevent account-centric attacks before they happen.
Mobile and Endpoint Access Control
Skyfence Cloud Protection can control access from managed and unmanaged endpoints, blocking access or restricting activity like downloads and data modifications from endpoints that are not registered with an organizations mobile device management platform. And Skyfence supports any mobile device, laptop or desktop with built-in device enrollment or integration with an organizations existing MDM infrastructure. This approach enhances any investment already made in MDM by ensuring all endpoint access is secured.
Skyfence endpoint control is a cost-effective alternative to cloud app access enforced through a VPN, which is cumbersome for users and overloads VPN infrastructure and extra support burden for IT.
Dynamic Alerts
Skyfence Cloud Protection’s real-time SMS and email notification of policy violations and activity thresholds ensures security staff is aware of suspicious behavior –before an incident happens.
Custom Policies Using Visual Policy Editor
In addition to a rich collection of built-in policies, Skyfence Cloud Protection supports the creation of custom policies so that organizations can define their own rules for account-centric threats and remediation. Policies can combine multiple filters including user, group, location, time of day, action, app, and much more to create any custom policy.
Production Application Protection
In addition to cloud apps, Skyfence Cloud Protection detects and prevents threats targeted at in-house web applications safeguarding an enterprise’s customers against account-centric threats and strengthening existing Web Application Firewall deployments.
Compare Product Features:
The Skyfence Cloud Gateway accurately identifies all application use and analyzes related risks. With Dynamic User and Device Fingerprinting™, organizations can also enforce controls for both cloud and data center apps to prevent account-centric threats, meet compliance and protect data. Multiple packaging options allow customers to choose the right feature set and easily upgrade to additional capabilities, as required.
 |
 |
 |
||
| App Discovery, Usage & Risk | ||||
| Cloud App Discovery | Leverage existing log files to automate discovery and categorization of all cloud apps used | ● | ● | ● |
| Cloud App Risk Scoring | Categorize overall high, med or low risk for each Cloud Application based on technology, regulatory & industry certifications and best practices | ● | ● | ● |
| Cloud App Usage Summary | Report usage metrics including number of users, activities, traffic volume and typical usage hours for each Cloud Application | ● | ● | ● |
| Advanced Risk Metrics | Detailed Cloud App risk posture metrics with customizable weighting of parameters to meet IT operations needs | ● | ● | ● |
| Centralized Discovery Dashboard | Centralized dashboard for managing & analyzing aggregated discovery results | ● | ● | ● |
| App Catalog & Risk Updates | Automatic updates to Cloud App Catalog and changes in risk properties as they are available | ● | ● | ● |
| Customer Support | Includes technical support via phone & email, and optional deployment/consulting services | ● | ● | ● |
| Activity Monitoring & Analytics | ||||
| Acitivity Monitoring & Analytics | Activity monitoring and analytics by user, group, location, device, application action, data object, time of day and department | ● | ● | |
| Privileged User Monitoring | Monitor and report on all privileged user and administrator activity including data access, configuration changes user permission | ● | ● | |
| Enterprise SIEM Integration | Adaptors to directly feed activity logs into leading SIEM solutions including Arcsight, Splunk and Q1 Labs. | ● | ● | |
| Enterprise Directory Integration | Use existing Active Directory or LDAP directory infrastructure for user, group and organziational reporting and policy | ● | ● | |
| Role Based Administration | Define administrative persmissions for editing assets, policies and system settings | ● | ● | |
| Enterprise Reporting | Flexibile reporting options including pre-defined reports with ability to edit and save customized reports | ● | ● | |
| Cloud App Control & Protection | ||||
| Automatic Anomaly | Users and Device Fingerpinting ™ continuously monitors behavior & automates detection for anomalous behavior including high risk insider and external attacks | ● | ||
| Real-Time Threat Prevention | Stop account centric threats by applying policy to monitor, block, allow or require identity verification for any app or upon specific actions wtihin the app | ● | ||
| Dynamic Alerts | Receive real-time notifications for any policy violation or activity threshold via SMS or email | ● | ||
| Mobile & Endpoint Access Control | For Cloud Access, eliminate need for VPN and enable unique policies for managed and unmanaged mobile phones, tablets and laptops | ● | ||
| MDM Integration | Leverage existing MDM deployment to distinguish between managed vs. unmanaged devices for cloud access | ● | ||
| Custom Policies | Visual policy editor enables easy configuration of granular policies based on any combination of user, endpoint, location, data object, action, time of day and more | ● | ||
| Production Application Protection | Prevent account takeover and other account centric threats and provide detailed activity logs for data center and customer facing applications | ● | ||
*Stand-alone, local executable for Red Hat Linux, Mac and Windows
Documentation:
Download the Skyfence Cloud Gateway Datasheet (PDF).