6 hours 59 minutes
Welcome back, Siberians
to the M s 3 65 Security Administration. Course.
I'm your instructor, Jim Daniels.
We're on Model four in S 3 65. Information protection,
and we're going to go over Cloud at security.
In this lesson. We're gonna cover the framework of cloud at security Cast
cloud at security deployment, troubleshooting and best practices
Cloud Discovery dashboard
and a lark Management within cloud application security.
So the framework for calling AB security really revolves around four areas. Cyber threat protection, shadow I t
information protection and assess the compliance
of your organization.
Clot up security is a cloud access security broker, casby,
that supports various deployment models, including long collection, A PR connectors and reverse proxy.
Provides risk visibility, control over data travel.
Identifying combat cyber threats across all your Microsoft and third party cloud services.
CASS doesn't just work with Microsoft products. It helps you discover
the shadow I t. That your users are utilizing within your organization.
There are a few steps to implement. Calling up security.
Set up quality. Discovering
step two set instant visibility, protection and governance for your APS.
Step three, control cloud apse with policies that would create the policy.
Step four personalized the experience for your organization,
Threat, tolerance. Remember? Yeah, that threshold
over what is allowed and what isn't allowed. Maybe you're a consultant. One organization allows Facebook for recreational use of their boys. Another organization expressly did. For business.
Everything is different. Each organization has its own stance, policies and procedures.
Step five Organized data according to your needs.
Some of the prerequisite is for Claude up security license. You have to have the appropriate licence
you can do.
Call that security Allen Court
War. It's include automatically with the enterprise of building Security E five sleep
as well as the M s 3 65 e five. Sweet.
After the license or active,
you get activation. You know
you have to have incorrect admiralty implemented.
You have to be a global ad man or azure active directory security admin.
That's the role of the user that implements cast
for browser requirements. You got to use I 11.
Mm. I mean,
do what you want to do about.
I would never recommend using i e. Anything.
Use the latest versions off edge as chromium, fantastic browser, Chrome and Firefox.
Any modern browser will suffice for the cloud of security portal.
So Microsoft keeps a cannibal of third party
cloud services cloud applications
within that kind of log. They have various risk factors,
various compliance standards that those applications have.
Those were horse change as the services come out as the services evolved.
So whenever a and applications discovered in your cast, you actually have credible
information about that website.
As far as his support. TLS, Is it encrypted
here? Is it
hit? The compliant
has all of that information. So you, as a security professional, can either make the correct decision
or take the information that's given and give it to the person who does make that decision.
Applications are given metadata to use for filtering alerts. Categorization
sanction. Unsanctioned custom
tags are your organization so you can help
filter and do reports
you can view based on application. I P addresses users and machines.
thing I like to know with CASS
garbage in garbage out
policies association controls more flexible,
better data. You have
more organized, and the more tag that data is,
if you don't have applications telling to ask, compliant or non compliant,
what good does it do for you to do is start for compliant. APS
doesn't do any good. You have to take the time
to sit down and plan your strategy when your people may cast.
There are two times of discovery reports
This is at high visibility
when a set of traffic clogs air manually uploaded from firewalls and proxies.
This is for manually uploaded logs. Continuous reports is continual analysis of all logs they're afforded
automatically from your network by using Claude have security.
This is for automatically Ford a box. Of course, between those two, you want to try to get continuous reports
because you want the
breath of data over time so you can actually have legitimate and efficient analysis
process. For those reports,
you have to up one.
CASS processes it and then you assess it.
Upload manual automatic.
You know what if firewall
it even has built in integrations with Microsoft products like Defender 80 p
process it will Parson analyse and compare against the app cattle we told about. There's thousands of third party websites software as a service platform as a service type shadow. I see and third party applications assess
as your Discovery Area. Your reports in your alerts
we just had on Windows Defender 80 p integration.
To turn on that integration feature, go into the Defender security center
and Utah. Go on like herself, quite out security
that will automatically four defender a TV signals
que viene Claude have security a
Think about it if your user has a Windows 10 enterprise machine with
defender ESE P.
If you're just boarding viral logs,
you only get information on that machine when they're connected to your
network or your VPN the guests of your firewall.
If you allow people to work remote where you work from home, connect to another network.
You don't have this ability at that point in your car. That security module. So why you want to do is you actually want to integrate
defender ese thing. For that reason,
here's a screenshot of the dashboard.
You can actually see what applications of the most popular
and you're discovered after you console back home.
This allows a view of the highest traffic uses, transaction volume, users, machines, etcetera, etcetera.
So, in this particular example, we can see YouTube is being utilized quite frequently, depending on the policies we may want to go in and look at YouTube usage. Maybe there's one or two users that are spiking at.
Maybe they're violating the policy or maybe a sanctioned.
Why can that an app
caught up security? After you connect the APP, you can gain deeper visibility seeking and investigate activities, files and accounts
for the apse in your cloud environment.
One of the connectors that has is service now
so we can actually go in
connect cloud up security and the service now.
So when users utilise service now we can get those reports. We can get the whole entire visibility weaken, get where they're accessing it from what users are utilizing service. Now what users aren't what I P addresses
all source of information. We can go through by tagging
to get various reports that may be useful for the services manager operations manager were even department Andrew for their employees.
AP connectors Use a P I of application providers like service Now to enable greater visibility and control about Microsoft, climbed up security over the actually connect to
some of the ones available. Now our office 3 65 Azure Box G suite service now and a few other. They are adding
more after Nectars on a regular basis.
You can use policies to help monitor trends, see security threats and generate customised reports with alerts.
With policies, you can create governance actions, set deal P
and file sharing controls.
There are multiple types of policies
that correlates to the different types of information. You want to gather about your environment,
and it's after remediation actions that you may want to take
that's needs to be followed to control risk policies.
Create the policy. Of course, you have to have a created either from a template for Macquarie custom.
Analyze it. You will find. Tune that
until you get the results you want,
you add automated actions to respond to the risk automatically.
So if this happens
you're pretty confident that when it says that happens, it actually happens. Then you can apply the automated action to it.
There are a few different types of cast policies
available. Policy times depend on the data sources and features you have enabled within your cloud app. Security environment
access policy requires conditional access at control,
so we have access policy activity,
Cloud Discovery, anomaly, final policy and session policy.
Each one of those policies has their own corresponding automated response.
To create a cast policy,
we go to control templates. We saw it in a policy template from the list and then choose create policy.
You can customize the policy so, like the filters, actions,
other settings and then choose create.
When a policy's tab, we're gonna choose the policy to see relevant mashes
such as activities. But I always alerts.
Cover all of your scenarios created policy for each risk
credit policy you're not applying the action
policy is your checking out your environment. You're seeing what's going on.
So if you create a policy that doesn't lead to an action for a user,
it just gives you visibility on those things that you want to track
to look at and analyze
Personalized cloud of security.
Some of the features work best when they're customized for your organisational needs
and provide a better experience for your users. Utilizing your own custom email templates,
you decide what notifications you receive and customize your risk or based on your organization's preference.
Washington You configure the organizational settings you wanna? You wanna have them organized? Remember
garbage in garbage out.
You want everything organizing special. If you have a massive amount of data,
the settings help give you better control over features in the console. With I p tanks, you create policies that fit your name
to accurately thoughts of data etcetera
you can use that have used to group your data in a logical categories.
I feed tags within our environment. We have multiple geo locations, so we actually have a tag based on the location.
You know, if you have an office in one city with certain i p scheme and another city with a start 90 scheme
you concerning that
so you can run and
filter your reports based on those tags
to create those ah p address ranges
from the settings
we select crowd club discovery settings.
From here we go to select off the address. Rangers were quickly the plus the ad arrange and then we enter the range details location. What kind of tired you want to call it?
And then when she was created
for these ranges, we do use cider notation,
cast policies and alerts can be associated with the fine risk
Access what from where in what
config control monitor changes
a lot of discovery as shadow I t. Application usage. Privileged accounts. You can even monitor
the activity of global admin is and other defined purpose accounts.
Sharing controlled GOP in compliance
can monitor permissions, final types content label sharing activities.
You can even get an alert whenever someone shares something externally with a user, not when your domain
threat detection machine Learning detection of misuse of data
loss statement is true about CASS. Discovery reports.
continuous reports require a manual upload of log fouls
be continues. Reports are based on automatically forded and ingested logs
see snatch up and continuous reports are based on automatically forded and ingested logs.
The snapshot reports are not generated from manually uploaded of all fouls. Why do you think I'll give you a few
to ponder your choices?
The correct answer
to this multiple choice question
is either a, B, C or D.
See, I'm buying you a bit more time. Right now.
The correct answer is B
CASS Discovery Force Continuous reports. A basin automatically afforded an ingested logs.
So, for instance, within our environment with a pile of also firewall.
We have a UNIX
there's firewall afford of the events
and then uploads it securely into our clot AB security environment.
Continuous automatic Snapshot manual
to recap. The lesson
Microsoft clawed at security is a cloud access security broker that supports various deployment moves, including long collections. AP I connectors and reverse proxy.
More integrations. You add within, clawed at security them or of a complete picture you get of your organization.
You can use the Lord's End Claude have security to fine tune policies and initiate security activities.
Thank you for joining me in this lesson, which is the last of model for
hope to see you back for the beginning. The module five. Thank you.