Working with the Cloud Apps Dashboard

This article discusses how to use the Cloud Apps Dashboard to get a quick overview of the cloud apps usage and risk analysis in your network. You can then drill-down and analyze the traffic in the Application Analytics screen.

Overview of the Cloud Apps Dashboard

As part of Cato's Cloud Access Security Broker (CASB) solution, the Cloud Apps Dashboard lets you quickly view the cloud app activity in your network. The dashboard contains a number of widgets that provide visibility and analytics including:

  • Potentially risky apps

  • Sanctioned vs. unsanctioned apps (according to number of users or total network usage)

  • Top apps (according to number of users or total network usage)

  • Total network usage

Some widgets let you drill-down and see the data automatically filtered in the Application Analytics screen.

The Cloud Apps Dashboard is included in the CASB license. For more about purchasing the CASB license, please contact your Cato representative.

Understanding Sanctioned vs Unsanctioned Apps

Industry standards for CASB policies distinguish between sanctioned and unsanctioned apps that are used in your organization. Some widgets in the Cloud Apps Dashboard let you research the usage for sanctioned and unsanctioned apps, and shows the relevant analytics.

Sanctioned apps are approved and generally represent an understood and acceptable level of risk. The IT staff has researched these apps, and allow employees to use the company’s network to access the services in the cloud. Salesforce.com, Office365, and Zoom are some examples of sanctioned apps. Use the Categories screen to define the cloud apps which are sanctioned by your organization (see below, Defining Sanctioned Apps in the Categories Screen).

Unsanctioned apps constitute an unknown risk, however they are not necessarily malicious or a definite security risk. The Cloud Apps Dashboard can give you more insight into the traffic of unsanctioned apps and help determine if an app meets the security requirements for your organization.

Understanding the Risk Score

Cato assigns each cloud app a Risk Score between 0 (no risk) to 10 (very high risk) to help you evaluate if the app meets the requirements of your security policy. Cato uses an in-house artificial intelligence engine to analyze the relevant data and metrics and generate the Risk Score, including:

  • General, Compliance, and Security data (shown in the Cloud Apps Catalog)

  • Sentiment analysis (machine learning technique) based on recent news articles regarding the company

  • Information about relevant software vulnerabilities and breaches

  • Internal threat intelligence and domain related information from the Cato Research Labs

The Risk Score is divided into the following risk levels:

  • Low - apps with a Risk Score between 0 - 3

  • Medium - apps with a Risk Score between 4 - 6

  • High - apps with a Risk Score between 7 - 10

Getting Started with the Cloud Apps Dashboard

The Cloud Apps Dashboard contains a number of widgets that present an overview of the app usage and risk level in your network. Use the time range filter to determine the time window for the data and analytics in the dashboard. For more about the time range filter, see Setting the Time Range Filter.

CloudAppsDashboard.png

To show the Cloud Apps Dashboard:

  • From the navigation menu, click Monitoring > Cloud Apps Dashboard.

Working with Sanctioned Apps

You can decide which apps used by your organization are categorized as Sanctioned Apps. The following sections explain how you can add sanctioned apps directly from the Cloud Apps Dashboard, or in the Categories screen.

Adding a Sanctioned App from the Cloud Apps Dashboard

The pop-up menus in the Top Apps widget let you easily add an app to the Sanctioned Apps category without using the Categories screen.

Top_Apps_Pop-up.png

To add a Sanctioned App from the Cloud Apps Dashboard:

  1. In the Top Apps widget, hover the mouse over the row for the app and then open the app options menu TD_Filter.png.

  2. Select Add to sanctioned apps. The app is added to the Sanctioned Apps category.

Defining Sanctioned Apps in the Categories Screen

The Categories screen contains a section that lets you define the sanctioned apps for the account. After you define the sanctioned apps, you can go to the Cloud Apps Dashboard and view the analytics for the sanctioned vs. unsanctioned apps. You can choose to add Cato's predefined apps, or custom applications that you previously configured, see Working with Custom Applications.

SanctionedApps.png

To define a Sanctioned App in the Categories screen:

  1. From the navigation panel, click Assets > Categories.

  2. Click Sanctioned Apps.

    The Add Sanctioned Apps panel opens.

  3. In the Members drop-down menu, select Application or Custom Application.

  4. Select or enter the app your are adding as a sanctioned app.

  5. Click Apply, and then click Save.

Working with Cloud Apps Dashboard Widgets

This section explains the widgets that are available in the Cloud Apps Dashboard. The data in the dashboard is based on the configured time range.

These are the widgets:

  1. High Risk Apps - Shows the number of new high risk apps used in the network.

  2. Discovered Apps - Total number of apps used.

  3. Total Users - Total number of users and hosts that accessed a cloud app.

  4. Network Usage - Total volume of data transferred for all cloud apps in your network.

  5. Top Apps - Select the criteria to show the top apps according to the chosen priority:

    • Unsanctioned only, Sanctioned only, or All apps

    • Risk Score, network Usage, or Users

    Click the Users for an app, to drill-down and show user analytics data for this app in the Application Analytics screen. Click an app to show the information for that app in the Cloud Apps Catalog.

    Hover the mouse over the row for the app and then open the app options menu and select one of the following actions:

    • Go to Apps Catalog - Opens the Apps Catalog screen pre-filtered for the app

    • View App Analytics - Opens the Application Analytics screen pre-filtered for the app, and lets you drill-down and analyze the app usage

    • Add to sanctioned apps - See Adding a Sanctioned App from the Cloud Apps Dashboard above

  6. Apps Risk Breakdown - Discovered Apps classified according to their high, medium, or low Risk Score.

    Click on a Risk Score in the widget to drill-down and show the Application Analytics screen filtered for those apps.

  7. Sanctioned vs. Unsanctioned Apps - Discovered Apps classified according to:

    • Usage - Network Usage classified according to sanctioned and unsanctioned apps.

    • Users - Total users classified according to sanctioned and unsanctioned apps.

    Click on Unsanctioned or Sanctioned apps in the widget to drill-down and show the Application Analytics screen filtered for those apps.

  8. Top Categories - Shows the top System categories that contained the apps with the most Network Usage.

  9. Unsanctioned Apps - Total number of unsanctioned apps that were accessed:

    • According to the app Risk Score (you can select more than one Risk Score).

    • Traffic direction - upstream, downstream, or both.

  10. Apps Headquarters - Geographical map that shows country where the HQ for the app is physically located.

    Click a physical location in the widget to drill-down and show the Application Analytics screen filtered for those apps.

Was this article helpful?

0 out of 0 found this helpful

2 comments

  • Comment author
    Neil neilt

    Seems that the dashboard will only show the "top" ones of a group -- and not all listed.  Is there a way to easily see the complete lists of apps, users, usage?

  • Comment author
    Yaakov Simon

    Neil,

    Thanks for the question! You can click the Top Apps by or Top Categories widget, and drill down to automatically open the Application Analytics screen filtered for the data in the widget. The Application Analytics screen shows the complete lists of apps, users, and usage in your account.

    Yaakov

Add your comment