Guide Making the Most of Forcepoint Web Security Shadow IT … · 2020-01-24 · For example, if your employees use Trello or Asana for productivity and project management, you can

GuideMaking the Most of Forcepoint Web Security Shadow IT Reporting and Control for Cloud Applications

forcepoint.com

Making the Most of Forcepoint Web Security Shadow IT Reporting and Control for Cloud Applications

2

Table of Contents

Summary 3

Finding and Using the Shadow IT Reports within Forcepoint Web Security (On-Premises & Hybrid) v8.5 3

Implementing Automated Policies to Block High-risk Shadow IT Cloud Apps 4

Finding and Using the Shadow IT Reports within Forcepoint Web Security (Cloud) 4

Interpreting the Results 6

High-risk Categories within the Reports 7

http://forcepoint.com

forcepoint.com 3


Cloud applications are everywhere—and often they are unsanctioned and self-adopted. To protect the modern enterprise, security professionals need additional visibility and control for data that moves in and out of the cloud.

Forcepoint Web Security now has essential cloud access security broker (CASB) functionality, providing Shadow IT Reporting, Ranking, and Discovery capabilities to enable better, more informed decision-making. The purpose of this document is to show you where to find these reports and share best practices around interpreting the results.

Finding and Using the Shadow IT Reports Within Web Security (On-Premise & Hybrid) Versions 8.5+In the Cloud Apps tab, sort and filter applications by risk level, type, number of users, volume of data, and the time last accessed.

Summary

Click directly on the cloud application to view details about the application and identified risk factors.

Filter specific cloud applications by time to see which end-users accessed them and when.

In the report catalog, there are a number of pre-built reports you can use to analyze the results and enable reporting with regard to the cloud applications posing the greatest risk and the effect of any actions you may take.

Alternatively, you can build your own granular reports using the report builder function in the same way as you would normally create web usage reports.


forcepoint.com 4


Implementing Automated Policies to Block High-risk Shadow IT Cloud AppsIn the Cloud Apps tab, sort and filter applications by risk level, type, number of users, volume of data, and the time last accessed.

Older releases of Forcepoint Web Security allow you to make policy decisions to block specific high-risk cloud sites. Our latest release for Forcepoint Web Security (On-Premises & Hybrid) v8.5, takes it one step futher, enabling you to block all high-risk applications at use with a single click.

Need to apply controls to important cloud apps without blocking them? Now you can, using the integrated forward proxy capability alongside the Forcepoint Security Manager Center (SMC).

Finding and Using the Shadow IT Reports Within Forcepoint Web Security (Cloud)Within the report catalog, you have a wealth of predefined and customizable reports. Let’s look at a few of them.

In the Cloud Apps tab, you will find pre-defined reports that show the top cloud apps by category, usage, and risk.

Within the Cloud Apps Dashboard, you will see the proportion of low, medium, and high-risk cloud applications your end-users are accessing.

You can drill down into the most used cloud applications by the number of “hits” or sessions…


forcepoint.com 5


Or you can view the amount of bandwidth consumed by those applications.

You can view the top cloud applications by their risk level to the business.

Or you can drill down to the most used cloud applications, helping you prioritize those that need attention first.

List view makes it easy to see cloud apps by category, number, user count, and bandwidth.

Hovering over an application gives you a summary of that application.

Clicking on an application gives you a much more granular view on its associated risk, enabling you to make a better informed decision on accepting or blocking access.


forcepoint.com 6


Additional CASB functionality is available, including the Cloud App Control Module for Web Security and our full enterprise CASB suite. For more information regarding additional CASB capability, please contact your Forcepoint respresentative or supplier.

Interpreting the ResultsInformation from the results section can help you make more informed choices about which actions to take. You can easily find the cloud applications that are highest risk to your business and make decisions to allow or block specific actions from within your management console.

With this information, you can begin to craft your cloud application security strategy. Forcepoint offers two solutions for your strategy execution:

1. Cloud Application Control Module for Web Security a. Available for cloud deployments, and on-premises and hybrid deployments on version 8.5 or newer

2. Full CASB suitea. Available for all customers with no restrictionsb. Customers who already have the Cloud Application

Control Module can purchase a CASB upgrade

The Cloud App Control Module add-on for Web Security allows you control up to 15 sanctioned cloud applications across managed devices, giving you the ability to transparently proxy traffic through Forcepoint CASB and reduce the associated risk (tolerate). The Cloud App Control Module also provides anomaly detection and behavior analytics, enabling automated alerts based on user behavior and patterns.

A Typical Cloud Governance Board Structure Many customers are forming cloud governance boards to help them decide how important certain cloud applications are to the business, and how cloud applications affect security, financial, and legal risk.

This gives you better control over the applications your organization already uses, making sure your data and your users are protected. For example, if your employees use Trello or Asana for productivity and project management, you can allow use of, but block the uploading of company documents to those applications.

It’s important to note that even sanctioned cloud applications can be the source of a potential risk—visibility and control with the Cloud App Control Module extends the native CASB functionality within Forcepoint Web Security to not only start your journey to data safety in the cloud, but also secure access to the cloud.

If your organization needs to control unsanctioned cloud applications, across unmanaged devices (BYOD), or if you require API mode, our full CASB suite is the path to choose. Customers can add CASB regardless of product version or deployment. For those who already have the Cloud App Control Module for Forcepoint Web Security, they can simply purchase CASB upgrade module.

Forcepoint CASB reduces risk by adding mitigating controls such as identity management, endpoint management. Forcepoint CASB can even help you shortlist potential cloud vendors. This user-generated innovation can be a powerful way of delivering a better service to your users, replacing costlier on-premise applications (such as storage) with cheaper, cloud-based alternatives.

‘the business’

Finance/Legal Privacy

IT

CISO

� Looking to reduce risk

� Looking to reduce cost

� Want to innovate faster

� Concern is user experience

� Stakeholders will change

� Looking to reduce risk

� Innovate

� Often struggling with complexity

� Looking to reduce risk (R=C+D+UBA)?

Don’t see the report that suits your needs? The report builder can help group and filter by the risk-based aspects that matter to you.


forcepoint.com 7


High-risk Categories within ReportsCloud applications typically deemed high-risk are those in which users upload data to share or collaborate with others. Pay extra attention to the following categories:

Storage and Documents, Collaboration Apps. Users upload sensitive documents potentially containing personally identifiable information (PII)—often via SSL encrypted channels—and share the data with unauthorized users. In the event the user leaves the business, they may retain access to the documents.

Marketing, HR Apps. PII is uploaded to a third-party data processor, exposing the business to GDPR-related risk.

Productivity Apps. These apps help people with tasks such as online scheduling, payroll tracking, and project management.

CRM. Customer lists and other sensitive information is stored outside of the customer’s protective boundary.

Finance. These apps include payment systems, online expense management, and tax management systems that contain highly sensitive information, increasing a businesses’ compliance risk.

IT. These apps include cloud-based alternatives to on-premise applications like web-based email systems, instant messaging, VoIP applications, and help desk services.

Each of the cloud applications within the Shadow IT reports have been researched by our in-house team, who monitor a multitude of risk factors that are added up to a high, medium, or low risk score. The factors tracked for each cloud application are in the categories on the right.

Web Security

Web Security + Cloud App Control

Web Security + Cloud App Control + CASB Security Suite

Upgrade

Shadow IT discovery (usage & risk reporting/blocking)

x x x

Real-time auditing & con-trol for managed devices x x

Anomaly detection & user behavioral analytics (UBA) x x

Full AD & SIEM integration x x

Real-time auditing & control for unmanaged devices

x

Service API’s activity audit-ing (+API mitigation) x

Data at rest x

Configuration governance x

If you would like to learn more about how to manage cloud applications via Forcepoint Cloud App Control Module add-on for Forcepoint Web Security, or our full CASB suite, please speak to your Forcepoint representative or supplier.

When interpreting the results and deciding if you should take an action, we recommend that you consider whether the cloud application is important to the business or irrelevant (e.g., advertising, search, news).


About ForcepointForcepoint is transforming cybersecurity by focusing on what matters most: people’s behavior

as they interact with critical data and systems. This human-centric approach to cybersecurity

frees employees to innovate by understanding the normal rhythm of user behavior and the flow

of data in and out of an organization. Forcepoint behavior-based solutions adapt to risk in real

time and are delivered via a converged security platform to protect network users and cloud

access, prevent confidential data from leaving the corporate network, and eliminate breaches

caused by insiders. Based in Austin, Texas, Forcepoint protects the human point for thousands

of enterprise and government customers in more than 150 countries.

forcepoint.com/contact

© 2019 Forcepoint. Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint. All other trademarks used in this document are the property of their respective owners.

[SHADOW-IT-REPORTING-WEB-SECURITY-CLOUD-GLOBAL-CUSTOMER-GUIDE] 200077.032119

https://www.forcepoint.com/company/contact-us