• Latest
  • Trending
  • All
  • News
  • Business
  • Politics
  • Science
  • World
  • Lifestyle
  • Tech
Microsoft Cloud App Security: Everything You Need to Know

Microsoft Cloud App Security: Everything You Need to Know

November 17, 2020
How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Cloud Announces Three New Vertical Cloud Solutions

February 26, 2021
Innovative solutions for IT workers at home

Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

February 26, 2021
Innovative solutions for IT workers at home

What is database encryption?

February 26, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Releases Azure Firewall Premium in Public Preview

February 26, 2021
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

February 25, 2021
8×8 makes raft of updates to platform

Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

February 25, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

February 25, 2021
Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

February 24, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

February 24, 2021
Innovative solutions for IT workers at home

SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

February 23, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

February 23, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

February 22, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Monday, March 1, 2021
  • Login
Azure Security News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
    • Home – Layout 4
    • Home – Layout 5
  • News
    • All
    • Business
    • Politics
    • Science
    • World
    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Microsoft Cloud Announces Three New Vertical Cloud Solutions

    Innovative solutions for IT workers at home

    Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

    Innovative solutions for IT workers at home

    What is database encryption?

    A moment of reckoning: the need for a strong and global cybersecurity response

    Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

    Innovative solutions for IT workers at home

    ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

    A moment of reckoning: the need for a strong and global cybersecurity response

    ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

    Innovative solutions for IT workers at home

    SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

    8×8 makes raft of updates to platform

    Indonesian Mobile Operator Selects NTT for Microsoft Security Project

    Microsoft To Build New Azure Cloud Data Centers In Greece

    NTT completes Microsoft security project for Indonesian mobile operator

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Tech
    • All
    • Apps
    • Gear
    • Mobile
    • Startup
    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Releases Azure Firewall Premium in Public Preview

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

    8×8 makes raft of updates to platform

    Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

    Microsoft To Open Azure Cloud Data Center Region In Spain

    EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

    A moment of reckoning: the need for a strong and global cybersecurity response

    Azure Engineer at VillageMD

    Innovative solutions for IT workers at home

    How to Sync On-Premise Active Directory Passwords with Office 365 and Google Apps in Real-Time

    Microsoft Azure Forms Collaboration to Enhance AI in Healthcare

    Azure Defender is now available for all IoT and OT devices

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Google and Microsoft ID Group Targeting Security Researchers

    Trending Tags

    • Flat Earth
    • Sillicon Valley
    • Mr. Robot
    • MotoGP 2017
    • Golden Globes
    • Future of News
  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    • Sports
    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Meet the woman who’s making consumer boycotts great again

    New campaign wants you to raise funds for abuse victims by ditching the razor

    Twitter tweaks video again, adding view counts for some users

    A beginner’s guide to the legendary Tim Tam biscuit, now available in America

    People are handing out badges at Tube stations to tackle loneliness

    Trump’s H-1B Visa Bill spooks India’s IT companies

    Magical fish basically has the power to conjure its own Patronus

    This Filipino guy channels his inner Miss Universe by strutting in six-inch heels and speedos

    Oil spill off India’s southern coast leaves fisherman stranded, marine life impacted

  • Lifestyle
    • All
    • Fashion
    • Food
    • Health
    • Travel
    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Offers More ‘Solorigate’ Advice Using Microsoft 365 Defender Tools

    A moment of reckoning: the need for a strong and global cybersecurity response

    Solar Winds, Office 365 & Shipbuilding…

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Imprivata Expands Collaboration with Microsoft on New Digital Identity Innovations

    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Canada’s 10 biggest stories of 2020

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    AMD breaks revenue records for 2019 and 4Q

    AMD breaks revenue records for 2019 and 4Q

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft is killing off insecure Cloud App Security cipher suites

    Microsoft is killing off insecure Cloud App Security cipher suites

    Rap group call out publication for using their image in place of ‘gang’

    Meet the woman who’s making consumer boycotts great again

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
No Result
View All Result
Azure Security News
No Result
View All Result
Home Uncategorized

Microsoft Cloud App Security: Everything You Need to Know

by AZURE SECURITY NEWS EDITOR
November 17, 2020
in Uncategorized
0
Microsoft Cloud App Security: Everything You Need to Know
496
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

The days of relying solely on a “blinky light firewall” to give you a sense of security are gone, and you need a cloud-based security solution for controlling your users’ cloud access, such as Microsoft Cloud App Security. Paul Schnackenburg details what MCAS can do for your business, how it integrates with other security technologies and the different flavors it’s available in.

Are you protecting your business users with firewalls? The same firewall that you’ve been using for a few years? Do you feel confident that it’s protecting you against today’s risks?

If not, you may need to augment your approach with a solution for today’s Software-as-a-Service (SaaS) cloud services world — a Cloud Access Security Broker (CASB). Microsoft has one such cloud-based solution, Microsoft Cloud App Security (MCAS).

In this article we’ll look at what MCAS can do for your business, how it integrates with other security technologies and the different flavors it’s available in. We touched briefly on MCAS in earlier articles: A Look at Security in the Microsoft Cloud and Review: Azure Advanced Threat Protection and Advanced Threat Analytics.

Favorite Flavor
There are three different versions of MCAS: Office 365 Cloud App Security, Azure Active Directory Cloud App Discovery and Cloud App Discovery. As you might deduce from the name, the first one comes with Office 365 E5 licensing and provides a subset of capabilities, with manual upload of logfiles only (see below) and Threat Detection, Conditional Access and Information Protection for Office 365 workloads only. The Azure AD version is part of AAD Premium P1 licensing (itself part of Microsoft 365 E3 licensing) and does both manual and automatic log uploads but doesn’t provide Information Protection or Threat Detection.

How MCAS Works
MCAS gives you a catalog of over 16,000 cloud apps that it’ll look for in the firewall/proxy logs that you upload to it and it’ll discover (hence the name) the apps that are in use in your environment. For each of these apps you’ll see traffic volumes across internal IP addresses and users on an ongoing basis. For each app you can do a risk assessment, based on the rich information in the catalog, and identify services that you want to sanction (and probably bring into Azure Active Directory to be published for single-sign-on and governance) and others that you want to un-sanction/block

For each service there’s in-depth information such as when they were founded, hosting datacenters, security configuration and policies, along with legal and compliance information. The catalog (available in all three flavors of MCAS) alone is worth the price of admission; a poor security admin that’s given a list of 50 different cloud services in use by the organization and asked to rank them by trustworthiness would spend weeks gathering this information. You can also alter the weights that make up the score between 1 and 10 that each service receives, perhaps your business doesn’t care about FedRAMP but GDPR compliance is crucial, for example.

Additionally, you can control data uploads and downloads to any app for Data Loss Prevention (DLP) and also integrate with Azure Information Protection. The former works both with the built-in DLP engine in Office 365 as well as third-party DLP solutions. An example of the latter would be automatically identifying a Word document being uploaded to Dropbox as containing sensitive information (credit-card numbers, for one example, but it could be any type out of 100 different templates) and applying a sensitivity label to it (“Confidential”) and protecting it with encryption and restricting access to internal employees only.

You can also use the supplied templates to detect anomalous behavior such as mass downloads by a single user, public sharing of confidential files, odd mailbox rules, impossible travel and deletion of multiple VMs in Azure, AWS or GCP, along with many other potential threats.

To feed the insights and machine learning engine behind MCAS it needs log data. This can be uploaded from your on-premises firewalls or proxy servers (all major brands supported), or Zscaler, iboss, Corrata and Microsoft Defender ATP (MDATP). Or you can use a custom log format.

The other main integration point is connecting MCAS to cloud service APIs for apps such as:

  • AWS
  • Azure
  • Box
  • Dropbox
  • GCP
  • G Suite
  • Office 365
  • Okta
  • Salesforce
  • ServiceNow
  • Webex
  • Workday

Depending on the capabilities of each API, you can set up policies to detect and respond to malware, unusual file sharing/deletion activities or unusual administrative activities.

The integration with MDATP deserves extra mention as many IT pros dismiss “Windows Defender” as a basic antivirus solution (which was true a few years ago), but today Microsoft Defender provides full-fledged Endpoint Detection and Response (EDR), machine learning-based agents for Windows, Mac, Linux and, in public preview, Android.

The integration with Windows 10 is particularly powerful. Taking only a minute to configure, it enforces your sanctioned/blocked cloud apps on any endpoint (whether they’re connecting from the corporate office or from home), enforces policies and uploads logs from each endpoint to MCAS. In essence MDATP acts as an agent for MCAS without you having to deploy anything.

Another feature that I think is going to become increasingly important is the ability to enforce policies around OAuth apps. Recently here in Australia there’s been a heightened focus on the use of “fake” applications that pretend to be a real service (for instance MailGuard 365, a popular email hygiene service here) that tricks users into accepting various OAuth permissions, giving the attackers “legitimate” access to data, often flying totally under the radar of the defenders.

Integrations
Apart from the MDATP integration, MCAS also integrates with Azure Advanced Threat Protection. This excellent cloud service, born out of the on-premises application Advanced Threat Analytics (ATA), uses agents in your on-premises Active Directory (AD) environment to identify malicious attackers as they gain a foothold and start moving laterally, eventually compromising privileged accounts. Laser focused on AD, it provides high-fidelity signals that are now integrated into the MCAS console for easy correlation with other identity-based incidents.

MCAS also works with Azure AD Identity Protection, which uses machine learning-based analysis to identify risky users and risky sign-ins to AAD, letting you apply policies based on identity risk signals. Furthermore MCAS also integrates tightly with Conditional Access (CA), the AAD technology that’s used to evaluate access to particular resources based on who the user is, what groups they’re a member of, the security posture of the device they’re using and whether it’s a managed or unmanaged device. CA lets you build a zero-trust approach to security.

tegrations
Apart from the MDATP integration, MCAS also integrates with Azure Advanced Threat Protection. This excellent cloud service, born out of the on-premises application Advanced Threat Analytics (ATA), uses agents in your on-premises Active Directory (AD) environment to identify malicious attackers as they gain a foothold and start moving laterally, eventually compromising privileged accounts. Laser focused on AD, it provides high-fidelity signals that are now integrated into the MCAS console for easy correlation with other identity-based incidents.

MCAS also works with Azure AD Identity Protection, which uses machine learning-based analysis to identify risky users and risky sign-ins to AAD, letting you apply policies based on identity risk signals. Furthermore MCAS also integrates tightly with Conditional Access (CA), the AAD technology that’s used to evaluate access to particular resources based on who the user is, what groups they’re a member of, the security posture of the device they’re using and whether it’s a managed or unmanaged device. CA lets you build a zero-trust approach to security.

MCAS also uses the logs generated in Azure Security Center, a service in Azure that applies policies and protections for your cloud-deployed Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) resources. MCAS is updated several times per month, with new features coming at cloud speed. Here’s a good source for understanding your licensing options with MCAS.

Conclusion
If you don’t have a CASB in place for your business today you need to take a good, hard look at where the data and applications that run your organization are located and how you’re protecting them. The days of relying solely on a “blinky light firewall” to give you a sense of security are gone, and you need a cloud-based security solution for controlling your users’ cloud access.

Reference: https://virtualizationreview.com/articles/2020/07/02/cloud-app-security.aspx

Share198Tweet124Share50
AZURE SECURITY NEWS EDITOR

AZURE SECURITY NEWS EDITOR

Related Posts

Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

Azure Digital Twins now generally available: Create IoT solutions that model the real world

by AZURE SECURITY NEWS EDITOR
December 18, 2020
0

Today, organizations are showing a growing appetite for solutions that provide a deeper understanding of not just assets, but also...

What’s New: Reduce alert noise with Incident settings and alert grouping in Azure Sentinel

by AZURE SECURITY NEWS EDITOR
December 6, 2020
0

This installment is part of a broader series to keep you up to date with the latest features in Azure...

What’s New: Cross Workspace Incident View in Public Preview!

by AZURE SECURITY NEWS EDITOR
December 6, 2020
0

This installment is part of a broader series to keep you up to date with the latest features in Azure...

Microsoft Seriously Beefs Up Security in Windows Server 2019

Get to know cloud IoT services on AWS, Azure and Google Cloud

by AZURE SECURITY NEWS EDITOR
December 6, 2020
0

AWS, Microsoft and Google offer a range of cloud IoT services, as each tries to gain a foothold in this...

  • Trending
  • Comments
  • Latest
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

AZURE DEFAULT RESOURCE GROUP AND DEFAULT WORKSPACE: WHAT ARE THEY?

December 14, 2020
Microsoft Seriously Beefs Up Security in Windows Server 2019

TCS Launches Cloud Exponence on Microsoft Azure

January 21, 2021
Microsoft Launches Host of Security Products in Time for RSA

Microsoft to add two new Microsoft 365 security, compliance bundles to its line-up

November 26, 2020

Lady Gaga Pulled Off One of the Best Halftime Shows Ever

0

Barack Obama’s Now Mainly Focusing on Wearing This Casual Backwards Hat

0

Watch Justin Timberlake’s ‘Cry Me a River’ Come to Life in Mesmerizing Dance

0
How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Cloud Announces Three New Vertical Cloud Solutions

February 26, 2021
Innovative solutions for IT workers at home

Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

February 26, 2021
Innovative solutions for IT workers at home

What is database encryption?

February 26, 2021
Azure Security News

Copyright © 2020 - Azure Security

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

No Result
View All Result
  • Home
  • News
    • Politics
    • Business
    • World
    • Science
  • Entertainment
    • Gaming
    • Music
    • Movie
    • Sports
  • Tech
    • Apps
    • Gear
    • Mobile
    • Startup
  • Lifestyle
    • Food
    • Fashion
    • Health
    • Travel

Copyright © 2020 - Azure Security

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In