Ignite is one of the key moments for Microsoft every year and packed with exciting feature announcements and product launches. Since Ignite 2018 we have released more than 100 new capabilities and updates for Microsoft Cloud App Security, seen an incredible growth in our customer base, and were repeatedly recognized by leading analyst firms - so we’re excited to share our latest news with you today.
The development of our Cloud Access Security Broker (CASB) is built on a set of core principles that guide us in building the best possible solution for our customers that supports them in better protecting their entire ecosystem of apps and cloud resources.
Principles of building a leading CASB
Image: Guiding principles of building a leading CASB
These principles are reflected across all of the below announcements that cover a breadth of new capabilities across Discovery, Threat Detection and Information Protection:
Endpoint-based cloud control
In March we announced the general availability of our single-click integration with Microsoft Defender ATP, which enables you to leverage your endpoints for the Discovery of Shadow IT beyond the corporate network. Today we are excited to announce that we are extending this integration to control access to risky and unsanctioned apps in your organization, removing the need for a Secure Web Gateway or block script on your firewall.
And because we understand that you want to better help your users understand why certain apps may not be accessible and guide them towards enterprise-ready and IT-supported solutions, we’re also adding the ability of user coaching through in-context pop-ups. This extends our seamless integration to include Cloud App Governance to help you manage the complete life cycle of your apps and ensure that your organization securely accesses cloud apps and services.
Centralized monitoring and custom reporting of Discovery data with Azure Sentinel and Power BI
You can now integrate Microsoft Cloud App Security with Azure Sentinel, Microsoft’s cloud-native SIEM, to enable centralized monitoring of alerts and discovery data, as well as new ways to correlate and visualize your most important data.
The new integration using Azure Sentinel and Power BI delivers:
- Longer data retention via Log Analytics beyond the 90-day storage in Cloud App Security.
- Out-of-the-box visualizations.
- Ability to use Microsoft Power BI or Azure Sentinel workbooks to create your own discovery data visualizations that fit your organizational needs and correlate additional data sources.
The Discovery capabilities in Microsoft Cloud App Security provide admins with rich, actionable insights about the cloud usage in their organization. While the data sets include information about target app URL, target app IP, username, uploaded bytes and more, many customers want to include additional data points and effectively correlate and analyze these data sets.
A threefold integration between Microsoft Cloud App Security, Azure Sentinel and Power BI now gives customers the ability to bring their own data, create custom queries and use these custom data sets to create visually rich reports, providing flexibility and powerful reporting options to organizations via natively integrated products and simple workflows.
Image 1: Visualization of Discovery data in Power BI
These new capabilities are now in Public Preview and are expected to be generally available be the end of 2019.
Built-in threat detection and intelligent, connected remediation
Many of our customers start with the detection of threats across their environment, because it is one of the most easily deployed use cases within Microsoft Cloud App Security. We believe that detecting threats should be easy and built in. That’s why we are continuously extending the number of apps that you can connect to our CASB solution via API and the number of built-in detection templates that we provide – this includes cross-app, as well as app-specific templates.
Protecting Workday
Workday is a leading Human Capital Management solution that by nature of the software often holds some of the most sensitive information in an organization. Hence, it’s not surprising that this has been one of the top requested apps from our customers. That’s why we’re excited to now have launched the new app connector for Workday in Preview. It enables you to gain continuous visibility into user activities and provides threat protection for your environment. It provides the same set of powerful capabilities that we have available for other API-connected apps as we continue to extend our portfolio of supported connectors.
Native Power BI detections
Power BI reports can hold some sensitive data at scale. While they provide you with powerful ways to visualize extensive information in consumable formats, in many cases they also leverage many large data sets, so ensuring that these reports are protected is critical. That’s why we are excited to announce the ability to add Power BI to the set of featured apps enabled for real-time control with ability to monitor and protect custom activities such as the sharing of reports.
GIF 1: Blocking download of sensitive Power BI report in real-time
In addition, we have built a set of threat detection templates, specifically for Power BI reports, that leverage Microsoft Cloud App Security’s built-in intelligence to determine suspicious activities. These include a detection for Multiple Power BI report sharing – which will alert admins when a user performs an unusual number of Power BI report sharing activities, compared to the learned baseline of a user. The second detection is focused on suspicious sharing of Power BI reports, that is triggered when a potentially sensitive report is shared outside of your organization in an unusual way, leveraging the baseline insights of a user.
Image 2: Detection - Suspicious sharing of a Power BI report
Furthermore, we have released additional detections for Office 365, including a detection focus on Suspicious email deletion activity, which can help you detect user mailboxes that may be compromised by potential attack vectors such as command-and-control communication over email.
In addition to the many new detections we believe that security solutions need to be integrated with one another so that user risk information is shared across them and you can act based on the latest user risk insights. To further build on our approach of building a uniquely integrated CASB, we have extended the integration with Azure Active Directory to share signals about user risk. Microsoft Cloud App Security now enables admins to confirm individual users as “compromised’ as they investigate suspicious activities. This flag will automatically inform Azure AD about the compromise and in turn affect Conditional Access policies and the reported user risk to protect access to other apps and resources in your environment.
Securing your AWS and Google Cloud Platform resources
For many companies their cloud journey started with the adoption of Software as a Service (SaaS) apps. So when Cloud Access Security Brokers were first introduced, they were focused on helping you monitor and protect those same SaaS apps. But as the use of cloud continues to mature and organizations are moving additional workloads and processes to the cloud, CASBs needed to evolve alongside the needs of organizations.
Microsoft Cloud App Security now provides a breadth of capabilities for your cross-cloud resources ranging across discovery, threat detection and security configuration assessments for Azure, Amazon Web Services (AWS) and Google Cloud Platform (GCP). The support of cloud beyond Azure is another testament to the goal of supporting your entire ecosystem with the help of Microsoft security solutions as outlined in yesterday’s blog post by Corporate Vice President, Rob Lefferts.
Earlier this year we released the ability to assess your security configuration for AWS and we have since extended this support to include an assessment of regulatory compliance against the AWS CIS Benchmark as well.
Image 3: Security Configuration Assessment for AWS environments
In addition to our support for AWS we are announcing the availability of a new connector for Google Cloud Platform that is available in Preview today. Initially this will provide you with increased visibility over user activities, as well as the ability to be alerted on suspicious user actions and detect threats across the platform. Over time we will expand our support to include a security configuration assessment to and give you the same set of rich capabilities that is already available for Azure and AWS.
Image 4: Detection - Multiple VM deletion activities
Lastly, we are introducing a new set of threat detection templates that are focused on uncovering insider threats, for example disgruntled employees that misuse their access to important corporate resources, as well as compromised user accounts across your cross-cloud infrastructure services. Examples of these detections include suspicious VM creation activities and storage deletion activities. Initially these will be available for Azure, and will soon be available for all cloud platform connectors
Whether you’re in Orlando this week and attending Microsoft Ignite in person or tuning in remotely, we will be discussing and demoing our latest capabilities, outline some of the key CASB use cases and dive deep into select topics and capability areas. Below is a list of key session you don’t want to miss out on:
- Securing AWS and Google Cloud Platform
- Protecting any app – in the cloud and on-premises
- Top CASB use cases to boost your cloud security strategy
- Integrating CASB into IAM for a comprehensive identity security strategy
- Discover shadow IT across all your SaaS, IaaS, and PaaS resources
- Detecting cloud native attacks and automating remediation
More info and feedback
- Haven’t tried Microsoft Cloud App Security yet? Start a free trial today.
- For more resources and information go to our website.
- Stay up to date with our latest releases and technical documentation.
- As always, we want to hear from you! If you have any suggestions, questions, or comments, please visit us on our Tech Community page.