What is the Cato CASB Solution

This article provides information about the Cato Cloud Access Security Broker (CASB) solution and suggestions for how to implement this solution for your account.

Overview of Cato's CASB Solution

In today's environment, users need access to a variety of apps which can create challenges for enforcing your organization's security and compliance policies. Cloud apps are now an integral part of the working day and require a different solution beyond firewalls and threat protection. To help users safely access and use cloud apps, Cato's Cloud Access Security Broker (CASB) solution lets you enforce a corporate policy that minimizes security incidents and compliance violations.

Cato's CASB solution is designed to enable your organization to deliver these core functions:

  • Visibility for risks related to app usage and shadow IT

  • Enforce the app policy to meet compliance requirements and for access control

  • Threat protection from known and unknown cloud threats

  • Data protection

The unique architecture of the Cato Cloud is the basis of Cato's robust CASB solution. All Socket and SDP user traffic is connected to cloud apps and servers via the Cato Cloud. Cato can then easily inspect, monitor, and enforce all of this traffic from your account to the different cloud assets. In addition, Cato's Security team analyzes traffic data from billions of flows and is constantly adding new apps and updating and enhancing the existing ones based on actual usage and proprietary data mining technology.

An additional CASB license is required for the Application Control Policy and Cloud Apps Dashboard. For more about purchasing a CASB license, please contact your Cato representative.

Understanding the Components of the CASB Solution

The Cato Management Application lets you manage all the components of the Cato CASB solution from a single console. The data and analytics are unified and shared between the CASB components, giving you clarity and control for cloud app usage.

These are the screens in the Cato Management Application that are the components of the CASB solution:

  • Visibility, assessing app usage, and risk analysis

    • Cloud Apps Dashboard - overview of the cloud apps usage and risk analysis (requires CASB license)

    • Application Analytics - helps you to analyze the network and application usage for your entire account, a specific site, or a specific user

    • Threat Dashboard - shows threats related to IPS and Anti-Malware and drill-down and analyze the threat types and event data

    • Apps Catalog - get detailed information, compliance data, and risk analysis for the cloud apps that are used in your account

  • Enforcing the app policy and controlling shadow IT

  • Threat protection for cloud threats

Implementing the Cato CASB Solution

This section contains a suggested workflow to implement the CASB solution in your account. The initial stage is to monitor app traffic in your account and identify the different types of app activity. Then define the sanctioned apps and create the Application Control policy. Run the policy in monitor to mode to make sure that you don't accidentally block legitimate and necessary apps. In addition, check to see if there are other risky apps that you need to block. Then enable the policy and continue to monitor and review the traffic. Finally, you can fine-tune the policy and update rules as needed.

Note

Note: The CASB solution, and especially the Application Control policy, relies on the ability to inspect all traffic for your account. We strongly recommend that you enable the TLS Inspection policy for your account as part of implementing CASB. Otherwise, it's not possible to inspect and manage access for apps that use HTTPS traffic.

These are suggested steps to take to implement the CASB solution in your account.

  1. Monitoring app activity -

    1. When you activate the CASB license, a rule that monitors Any Activity for Any Cloud Application is automatically added at the bottom of the Application Control rulebase. Review the events to discover all of the granular apps and activities used on your network.

      • If you already have an existing CASB license and want to monitor your network's app traffic, add a rule near the bottom of the rulebase configured to monitor Any Activity for Any Cloud Application. If the rule is added with a high priority in the rulebase, it may prevent block rules lower in the rulebase from blocking traffic.

    2. Use the Cloud Apps Dashboard and Application Analytics to further monitor the app activity in your account.

      For existing accounts, when you activate the CASB license, no initial configuration is required for the Cloud Apps Dashboard. It is immediately populated with the relevant data history.

  2. Identifying types of apps - What are the top apps used in your account? Identify the sanctioned apps, unsanctioned benign apps, and high-risk apps.

    • Sanctioned apps represent approved activity that is totally compliant with your privacy and security policy, such as Office365 and Slack.

    • Unsanctioned benign apps have a minimal security risk and are not key business apps, such as Spotify and YouTube.

    • High-risk apps are potential security risks and are not related to your business. Apps with a Cato risk score of 7 and higher are high-risk apps.

  3. Add the applicable apps to the Sanctioned Apps category.

  4. In the Internet firewall, block the high-risk apps.

    For the initial implementation, monitor traffic (and review the events) for a few weeks to make sure that you don't block legitimate apps.

  5. Create the Application Control Policy for your account. These are some suggested rules

    1. Allow all sanctioned apps. You can also create granular rules for specific apps, for example block download from Salesforce.

    2. Block traffic that doesn't meet the compliance policy for your organization. For example, block traffic from apps that are NOT SOC-2 compliant.

      For the initial implementation, monitor traffic (and review the events) for a few weeks to make sure that you don't block legitimate apps.

  6. Review the rules for the cloud apps traffic and fine-tune the CASB rules:

    • Are there additional risky apps that you need to block?

    • Are there additional apps that are key business apps and you need to sanction them?

  7. Change the block rules from Monitor to Block.

  8. Continue to monitor and review the cloud apps traffic in your account. Fine-tune the CASB policy so that it meets the requirements for your account.

If the data or information for a cloud app needs to be updated, or there are other cloud apps that we need to add to the catalog, please contact Support.

Was this article helpful?

4 out of 5 found this helpful

0 comments

Add your comment