Cloud Application Security

00:00

Welcome back, Siberians

00:02

to the M s 3 65 Security Administration. Course.

00:06

I'm your instructor, Jim Daniels.

00:08

We're on Model four in S 3 65. Information protection,

00:13

and we're going to go over Cloud at security.

00:16

In this lesson. We're gonna cover the framework of cloud at security Cast

00:20

cloud at security deployment, troubleshooting and best practices

00:25

Cloud Discovery dashboard

00:27

and a lark Management within cloud application security.

00:31

So the framework for calling AB security really revolves around four areas. Cyber threat protection, shadow I t

00:39

information protection and assess the compliance

00:43

of your organization.

00:46

Clot up security is a cloud access security broker, casby,

00:51

that supports various deployment models, including long collection, A PR connectors and reverse proxy.

00:58

Provides risk visibility, control over data travel.

01:02

Identifying combat cyber threats across all your Microsoft and third party cloud services.

01:07

CASS doesn't just work with Microsoft products. It helps you discover

01:14

the shadow I t. That your users are utilizing within your organization.

01:19

There are a few steps to implement. Calling up security.

01:23

Stem one.

01:25

Set up quality. Discovering

01:27

step two set instant visibility, protection and governance for your APS.

01:33

Step three, control cloud apse with policies that would create the policy.

01:38

Step four personalized the experience for your organization,

01:44

your organizations.

01:46

Threat, tolerance. Remember? Yeah, that threshold

01:49

over what is allowed and what isn't allowed. Maybe you're a consultant. One organization allows Facebook for recreational use of their boys. Another organization expressly did. For business.

02:00

Everything is different. Each organization has its own stance, policies and procedures.

02:07

Step five Organized data according to your needs.

02:12

Some of the prerequisite is for Claude up security license. You have to have the appropriate licence

02:17

you can do.

02:19

Call that security Allen Court

02:22

War. It's include automatically with the enterprise of building Security E five sleep

02:25

as well as the M s 3 65 e five. Sweet.

02:30

After the license or active,

02:31

you get activation. You know

02:35

you have to have incorrect admiralty implemented.

02:37

You have to be a global ad man or azure active directory security admin.

02:40

That's the role of the user that implements cast

02:46

for browser requirements. You got to use I 11.

02:51

Mm. I mean,

02:53

do what you want to do about.

02:53

I would never recommend using i e. Anything.

02:58

Use the latest versions off edge as chromium, fantastic browser, Chrome and Firefox.

03:04

Any modern browser will suffice for the cloud of security portal.

03:08

So Microsoft keeps a cannibal of third party

03:13

cloud services cloud applications

03:15

within that kind of log. They have various risk factors,

03:20

various compliance standards that those applications have.

03:23

Those were horse change as the services come out as the services evolved.

03:30

So whenever a and applications discovered in your cast, you actually have credible

03:37

information about that website.

03:39

As far as his support. TLS, Is it encrypted

03:43

here? Is it

03:45

hit? The compliant

03:46

has all of that information. So you, as a security professional, can either make the correct decision

03:52

or take the information that's given and give it to the person who does make that decision.

03:57

Applications are given metadata to use for filtering alerts. Categorization

04:01

tags

04:02

sanction. Unsanctioned custom

04:05

tags are your organization so you can help

04:10

filter and do reports

04:13

you can view based on application. I P addresses users and machines.

04:18

One important

04:19

thing I like to know with CASS

04:23

garbage in garbage out

04:25

policies association controls more flexible,

04:28

better data. You have

04:30

more organized, and the more tag that data is,

04:33

if you don't have applications telling to ask, compliant or non compliant,

04:38

what good does it do for you to do is start for compliant. APS

04:42

doesn't do any good. You have to take the time

04:45

to sit down and plan your strategy when your people may cast.

04:50

There are two times of discovery reports

04:54

snaps up.

04:55

This is at high visibility

04:57

when a set of traffic clogs air manually uploaded from firewalls and proxies.

05:01

This is for manually uploaded logs. Continuous reports is continual analysis of all logs they're afforded

05:09

automatically from your network by using Claude have security.

05:13

This is for automatically Ford a box. Of course, between those two, you want to try to get continuous reports

05:19

because you want the

05:21

breath of data over time so you can actually have legitimate and efficient analysis

05:30

process. For those reports,

05:31

you have to up one.

05:33

CASS processes it and then you assess it.

05:38

Upload manual automatic.

05:41

You know what if firewall

05:42

it even has built in integrations with Microsoft products like Defender 80 p

05:47

process it will Parson analyse and compare against the app cattle we told about. There's thousands of third party websites software as a service platform as a service type shadow. I see and third party applications assess

06:04

as your Discovery Area. Your reports in your alerts

06:09

we just had on Windows Defender 80 p integration.

06:14

To turn on that integration feature, go into the Defender security center

06:19

and Utah. Go on like herself, quite out security

06:23

that will automatically four defender a TV signals

06:27

que viene Claude have security a

06:29

deeper visibility.

06:30

Think about it if your user has a Windows 10 enterprise machine with

06:35

defender ESE P.

06:38

If you're just boarding viral logs,

06:41

you only get information on that machine when they're connected to your

06:46

network or your VPN the guests of your firewall.

06:48

If you allow people to work remote where you work from home, connect to another network.

06:54

You don't have this ability at that point in your car. That security module. So why you want to do is you actually want to integrate

07:00

defender ese thing. For that reason,

07:03

here's a screenshot of the dashboard.

07:06

You can actually see what applications of the most popular

07:11

and you're discovered after you console back home.

07:14

This allows a view of the highest traffic uses, transaction volume, users, machines, etcetera, etcetera.

07:19

So, in this particular example, we can see YouTube is being utilized quite frequently, depending on the policies we may want to go in and look at YouTube usage. Maybe there's one or two users that are spiking at.

07:33

Maybe they're violating the policy or maybe a sanctioned.

07:39

Why can that an app

07:41

caught up security? After you connect the APP, you can gain deeper visibility seeking and investigate activities, files and accounts

07:48

for the apse in your cloud environment.

07:51

One of the connectors that has is service now

07:55

so we can actually go in

07:57

connect cloud up security and the service now.

08:01

So when users utilise service now we can get those reports. We can get the whole entire visibility weaken, get where they're accessing it from what users are utilizing service. Now what users aren't what I P addresses

08:15

all source of information. We can go through by tagging

08:20

and cattle

08:20

to get various reports that may be useful for the services manager operations manager were even department Andrew for their employees.

08:31

AP connectors Use a P I of application providers like service Now to enable greater visibility and control about Microsoft, climbed up security over the actually connect to

08:41

some of the ones available. Now our office 3 65 Azure Box G suite service now and a few other. They are adding

08:50

more after Nectars on a regular basis.

08:54

You can use policies to help monitor trends, see security threats and generate customised reports with alerts.

09:01

With policies, you can create governance actions, set deal P

09:07

and file sharing controls.

09:09

There are multiple types of policies

09:11

that correlates to the different types of information. You want to gather about your environment,

09:15

and it's after remediation actions that you may want to take

09:18

process

09:20

that's needs to be followed to control risk policies.

09:24

Create the policy. Of course, you have to have a created either from a template for Macquarie custom.

09:30

Analyze it. You will find. Tune that

09:33

until you get the results you want,

09:35

and then

09:35

you add automated actions to respond to the risk automatically.

09:41

So if this happens

09:43

is turned,

09:43

you're pretty confident that when it says that happens, it actually happens. Then you can apply the automated action to it.

09:50

There are a few different types of cast policies

09:54

available. Policy times depend on the data sources and features you have enabled within your cloud app. Security environment

10:01

access policy requires conditional access at control,

10:05

so we have access policy activity,

10:07

anomaly detection

10:09

at Discovery,

10:11

Cloud Discovery, anomaly, final policy and session policy.

10:16

Each one of those policies has their own corresponding automated response.

10:22

To create a cast policy,

10:24

we go to control templates. We saw it in a policy template from the list and then choose create policy.

10:31

You can customize the policy so, like the filters, actions,

10:37

other settings and then choose create.

10:39

When a policy's tab, we're gonna choose the policy to see relevant mashes

10:43

such as activities. But I always alerts.

10:46

Cover all of your scenarios created policy for each risk

10:52

credit policy you're not applying the action

10:56

policy is your checking out your environment. You're seeing what's going on.

11:01

So if you create a policy that doesn't lead to an action for a user,

11:05

it just gives you visibility on those things that you want to track

11:11

to look at and analyze

11:13

Personalized cloud of security.

11:16

Some of the features work best when they're customized for your organisational needs

11:20

and provide a better experience for your users. Utilizing your own custom email templates,

11:28

you decide what notifications you receive and customize your risk or based on your organization's preference.

11:35

Washington You configure the organizational settings you wanna? You wanna have them organized? Remember

11:41

garbage in garbage out.

11:43

You want everything organizing special. If you have a massive amount of data,

11:48

the settings help give you better control over features in the console. With I p tanks, you create policies that fit your name

11:56

to accurately thoughts of data etcetera

12:00

you can use that have used to group your data in a logical categories.

12:03

I feed tags within our environment. We have multiple geo locations, so we actually have a tag based on the location.

12:11

You know, if you have an office in one city with certain i p scheme and another city with a start 90 scheme

12:16

you concerning that

12:18

so you can run and

12:20

filter your reports based on those tags

12:24

to create those ah p address ranges

12:26

from the settings

12:28

we select crowd club discovery settings.

12:31

From here we go to select off the address. Rangers were quickly the plus the ad arrange and then we enter the range details location. What kind of tired you want to call it?

12:41

And then when she was created

12:43

for these ranges, we do use cider notation,

12:48

cast policies and alerts can be associated with the fine risk

12:52

access control.

12:54

Access what from where in what

12:58

config control monitor changes

13:01

a lot of discovery as shadow I t. Application usage. Privileged accounts. You can even monitor

13:07

the activity of global admin is and other defined purpose accounts.

13:13

Sharing controlled GOP in compliance

13:15

can monitor permissions, final types content label sharing activities.

13:18

You can even get an alert whenever someone shares something externally with a user, not when your domain

13:26

threat detection machine Learning detection of misuse of data

13:31

Quiz

13:31

loss statement is true about CASS. Discovery reports.

13:37

Hey,

13:37

continuous reports require a manual upload of log fouls

13:41

be continues. Reports are based on automatically forded and ingested logs

13:48

see snatch up and continuous reports are based on automatically forded and ingested logs.

13:54

The snapshot reports are not generated from manually uploaded of all fouls. Why do you think I'll give you a few

14:03

moments

14:03

to ponder your choices?

14:07

The correct answer

14:09

to this multiple choice question

14:11

is either a, B, C or D.

14:16

See, I'm buying you a bit more time. Right now.

14:18

The correct answer is B

14:20

CASS Discovery Force Continuous reports. A basin automatically afforded an ingested logs.

14:28

So, for instance, within our environment with a pile of also firewall.

14:31

We have a UNIX

14:35

virtual machine

14:35

that collects

14:37

there's firewall afford of the events

14:39

and then uploads it securely into our clot AB security environment.

14:48

Continuous automatic Snapshot manual

14:52

to recap. The lesson

14:54

Microsoft clawed at security is a cloud access security broker that supports various deployment moves, including long collections. AP I connectors and reverse proxy.

15:05

More integrations. You add within, clawed at security them or of a complete picture you get of your organization.

15:13

You can use the Lord's End Claude have security to fine tune policies and initiate security activities.

15:20

Thank you for joining me in this lesson, which is the last of model for