Major Categories
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
9 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Transcription
00:04
>> CSA guidance describes
00:04
several major categories of SECaaS providers.
00:04
In this video, we are going to review all of them.
00:04
The list is up there,
00:04
I'm going to be moving
00:04
through different slides pretty quickly,
00:04
and I'm not going to sit here and read off the list,
00:04
but then we'll recap it at the end.
00:04
One popular category of
00:04
SECaaS providers is identity
00:04
>> access management services.
00:04
>> This can be federated
00:04
identity brokers and we covered
00:04
>> this in previous videos,
00:04
>> the whole federated identity and what is
00:04
the role of a federated identity broker?
00:04
This includes companies such as Ocado and Auth0.
00:04
You may leverage a SECaaS provider
00:04
to improve your authentication.
00:04
Implementing a multi-factor authentication service,
00:04
outsourcing parts of it and in pieces,
00:04
so that you're leveraging this Cloud
00:04
hosted capabilities to realize that.
00:04
Then finally, there's directory-as-a-service.
00:04
Cloud-based directory services, these include things like
00:04
Azure Active Directory and so
00:04
was AWS as directory services.
00:04
CASB is a Cloud application security broker.
00:04
You may recall it intercepts communication going
00:04
from your organization to Cloud services,
00:04
specifically looking at the SaaS services.
00:04
This allows for monitoring, enforcing policies,
00:04
providing risk ratings of the SaaS providers being used,
00:04
and even integrating with data loss prevention.
00:04
We covered this topic much more
00:04
extensively in data and encryption domain.
00:04
I'm not going to reiterate it.
00:04
But if you do feel a little fuzzy about it,
00:04
by all means, go back and check out that video.
00:04
Web security gateways are similar to
00:04
a CASB and all the traffic
00:04
flows through the web security gateway.
00:04
These are used to provide real-time protection
00:04
of that traffic by examining and analyzing that.
00:04
For example, it can be enforcing access policies.
00:04
It could insulate you by seeing some malware,
00:04
some JavaScript malware on a web page
00:04
and intercepting that and destroying that for you.
00:04
Very similar, but a little more
00:04
broad than a CASB because a CASB,
00:04
keep in mind, is focused on the SaaS providers used,
00:04
whereas the web security gateways are going to be
00:04
focusing on all web usage and access,
00:04
even if it's just traditional websites
00:04
that aren't a SaaS provider.
00:04
Email security is a very common SECaaS use.
00:04
This is where the inbound and
00:04
outbound e-mail gets scanned
00:04
and reviewed by the third party
00:04
that's operating in the Cloud.
00:04
This will filter fishing or a virus type attachments.
00:04
It can even break out your spam
00:04
and create some prevention policies,
00:04
so your employees don't get overrun.
00:04
You can even employ policy-based encryption.
00:04
I've seen this where you put in the subject
00:04
line bracket encrypt brackets and then
00:04
this utility is sitting there
00:04
is going to see an e-mail like that and it's
00:04
going to automatically encrypt
00:04
that e-mail and send it off to
00:04
the recipient and those recipients
00:04
will have to go through different actions
00:04
to view that encrypted email.
00:04
Then finally, another area that
00:04
email security SECaaS can provide is digital signatures,
00:04
which is often used for non-repudiation.
00:04
A fancy way of saying,
00:04
proving the person that sent it was indeed the individual
00:04
that sent the e-mail and that
00:04
their identity was not being falsely assumed.
00:04
SECaaS provides security assessments as well.
00:04
It's going to be a Cloud-based tool that assesses
00:04
the Cloud services or
00:04
it can even be used to assess on-prem services.
00:04
Remember we talked about SECaaS can do
00:04
on-prem Cloud or hybrid.
00:04
For that matter, there are some main categories
00:04
this SECaaS provider is going to look at.
00:04
It's going to do traditional vulnerability assessments.
00:04
So it might look at your IS environment and
00:04
the servers running there or the on-prem servers,
00:04
port scanning, trying to figure out do
00:04
you have the necessary patches and so forth.
00:04
It can do application security capabilities.
00:04
Static application security testing,
00:04
dynamic application security testing,
00:04
even run time application security protection.
00:04
That's the RASP. That's the last one,
00:04
I don't think we've touched on that much.
00:04
Cloud platform assessments can also be done.
00:04
Not just assessing the IS,
00:04
the virtual machines themselves,
00:04
but the overall Cloud
00:04
assets and the way they're configured,
00:04
the way you have virtual networks setup,
00:04
the way you've done micro-segmentation hopefully.
00:04
Giving you feedback to make sure
00:04
you haven't unduly exposed
00:04
any storage accounts for anonymous
00:04
read-only access to the entire Internet.
00:04
Even going so far as to make sure that you've
00:04
set up the management plane,
00:04
so that those administrative accounts have to have
00:04
MFA enabled before those individuals
00:04
can login to the management plane.
00:04
There's a lot of directions at
00:04
these assessment tools can look at.
00:04
Some are going to be better at solving
00:04
certain areas and problems than others.
00:04
This is why it's important that you have a good feel for
00:04
what assessments you really want to
00:04
outsource and can make that determination.
00:04
Is it worth your money to pay for
00:04
a provider and the services that are being given?
00:04
Web application firewalls are great.
00:04
This is so when you are hosting
00:04
an application on your web server and you want to
00:04
have some filtering for
00:04
all those incoming requests from
00:04
various users across the general Internet.
00:04
It's going to analyze the intake traffic.
00:04
It's going to filter it out.
00:04
It's going to recognize if someone is sending
00:04
you HTTP posts let's say with
00:04
SQL injection attacks or what could look like
00:04
if they're trying to do some SQL injection attacks.
00:04
Maybe you want to block a certain IP ranges.
00:04
So you don't want anybody coming to your site
00:04
if they're coming these IPs that are
00:04
traditionally considered the dark web and
00:04
they've been using onion and masquerading their IP.
00:04
The Web Application Firewall says, "Well,
00:04
that's nice, but we just don't
00:04
want you coming to our site.
00:04
We're not willing to accept traffic from the dark web."
00:04
Then other big thing that's incorporated
00:04
is anti-DDoS capabilities,
00:04
so that distributed denial of service attack,
00:04
this is the example of where
00:04
the SECaaS provider is insulating the client.
00:04
Because they're getting all the traffic first,
00:04
they're recognizing what's going on
00:04
and they're not forwarding the DDoS
00:04
onto your actual web servers
00:04
that are providing your web application.
00:04
Intrusion detection,
00:04
intrusion prevention systems have
00:04
been around for quite a while.
00:04
They monitor behavioral patterns within your network.
00:04
They detect anomalies,
00:04
behaviors that they feel are risky.
00:04
In this case, because we're talking about
00:04
a Cloud based IDS and then a Cloud-based IPS,
00:04
that information gets fed to
00:04
the provider and it gets
00:04
analyzed in their Cloud environment,
00:04
and then the unnecessary alerts,
00:04
actions and so forth that you've set up are going to
00:04
transpire if it feels like there's an intrusion going on.
00:04
Security information and event management
00:04
is similar in that sense.
00:04
It aggregates lots of log data, event data.
00:04
It looks at virtual networks.
00:04
It looks at real networks, applications, servers.
00:04
All that data is analyzed,
00:04
it applies your rule sets,
00:04
and it triggers real-time reports or alerts.
00:04
The key thing is the Cloud collects and
00:04
analyzes the data itself in
00:04
the Cloud as opposed to on-premise.
00:04
Encryption and key management type SECaaS providers
00:04
allow you to encrypt data and manage encryption keys.
00:04
Major Cloud providers include this service and it's often
00:04
limited to just the keys
00:04
related to the Cloud provider assets.
00:04
We previously discussed key management.
00:04
Definitely go back to that video
00:04
if you want to see more detail
00:04
about data encryption and how you manage keys,
00:04
and using Cloud providers,
00:04
key management capabilities,
00:04
HSM key stores, and so forth.
00:04
Finally, there's business continuity, disaster recovery.
00:04
This is where you have your backup data is
00:04
being moved over to a Cloud platform.
00:04
This can be when you have
00:04
an on-prem servers workloads data center or of course,
00:04
storage, and you're moving that off to a Cloud.
00:04
It's even possible to do Cloud to Cloud.
00:04
But if you start going down
00:04
that path and that line of thinking,
00:04
just bear in mind some of our prior conversations about
00:04
being Cloud agnostic and the difficulty in
00:04
having sufficient competencies with
00:04
numerous Cloud providers within
00:04
your organization to truly allow you to fail
00:04
over from one Cloud provider to another Cloud provider.
00:04
It's not as common that you're going to
00:04
see this service used in
00:04
a business continuity and
00:04
disaster recovery across Cloud providers,
00:04
but I have seen vendors advertising it.
00:04
When you're going through the implementation,
00:04
it could include some local gateway,
00:04
especially when we're talking on-prem to Cloud provider,
00:04
and that's to optimize the data communications
00:04
between your on-premise systems and the Cloud provider.
00:04
A great examples of this include AWS's CloudEndure.
00:04
They bought that company and it's
00:04
a great service that they have to perform
00:04
this as well as Azure's site recovery capabilities.
00:04
In this video, we went over major categories that the
00:04
CSA guidance outlines for SECaaS providers.
00:04
This included Identity Access Management Services,
00:04
Cloud application security brokers,
00:04
web security gateways, email security,
00:04
security assessments,
00:04
web application firewalls, system incident,
00:04
and event management, key management encryption,
00:04
as well as business continuity and disaster recovery.
Up Next
Similar Content
