We all remember the archaic times of IT and IT Security where the majority of an organization’s intellectual property and other sensitive data were stored behind a hardened on-premises datacenter. While it seems for some of us that the datacenter era was long ago, it is actually in the process of an evolution.
Companies are moving forward to reduce their datacenter footprints and adopt the public cloud in the form of SaaS, PaaS, and IaaS. It’s likely that if you’re reading this article while at work, your organization is on a spectrum along the “cloud journey” as they divest their on-premises IT environments.
Citrix ShareFile® is one of the up and coming cloud services for which we have seen rapidly growing customer demand as they continue on their cloud journey. ShareFile introduces more of what users want: ease of use and great collaboration tools, and is designed to make employees more productive while providing the organization all the benefits of moving to the cloud, including easy to understand cost modeling to assure that dollars spent per user per month are under control. However, most companies we speak with continue to have security concerns about moving data to the cloud – whether that be SaaS, PaaS, or IaaS.
Our customers’ main concerns revolve around a lack of visibility of data movement to places they cannot control. The analogy is simple to understand, which many of us were taught when social media tools like Facebook, Twitter, Instagram and Snapchat took hold: what gets put on the internet stays on the internet – for social media that meant be careful what you post – for cloud solutions it’s centered around putting sensitive data into repositories where you neither have visibility into nor control of who’s accessing that data and how the data is being used. Organizations want to know what types data is being uploaded or stored in Citrix ShareFile, who’s accessing the data, what security risks or threats is the organization exposed to in ShareFile, and which internal and external security policies should be enforced.
To that end, McAfee is excited to announce our partnership with Citrix ShareFile to provide customers with the core CASB capabilities for ShareFile. McAfee Skyhigh Security Cloud provides an API integration with ShareFile, as part of McAfee’s CASB Connect API framework, to provide several core CASB capabilities to customers and address some of the most critical security use cases in ShareFile. Specifically, McAfee provides ShareFile customers with ability to:
1. Prevent unauthorized sensitive data from being stored in ShareFile
McAfee’s content analytics engine discovers sensitive data created, stored in, or uploaded to cloud services such as ShareFile based on keywords and phrases, regular expressions, file metadata, structured/unstructured data fingerprints, keyword dictionaries, etc. Security administrators are provided with multiple automated remediation options including notifying the end user or notifying an administrator for immediate remediation and data loss prevention (DLP).
2. Capture a complete audit trail of all user activity for post-incident forensic investigations
McAfee Skyhigh Security Cloud integrates with ShareFile to provide complete and granular visibility into how ShareFile is being used by users and administrators. With McAfee organizations can identify:
- Who is accessing Sharefile, their role, device type, geographic location, and IP address
- How much data is being shared, accessed, created or updated, uploaded, downloaded, or deleted
- Successful/failed login attempts
- User account creation/deletion as well as updates to accounts by administrators
McAfee supports and dramatically accelerates post-incident investigation while decreasing incident response time.
3. Detect compromised accounts, insider threats, and privileged access misuse
McAfee combines machine learning and user and entity behavior analytics (UEBA) to build a self-learning behavior model that can detect anomalous activity patterns in ShareFile—or across ShareFile and other cloud services—indicative of a insider threat or compromised account, including excessive failed login attempts, brute-force attacks, login attempts from untrusted or disparate locations, etc.
McAfee protects organizations against malicious or negligent insider threats such as unwarranted escalation of permissions by a privileged user. McAfee incorporates security analyst input into machine learning models to improve accuracy. As analysts mark false positives and adjust detection sensitivity, McAfee tunes detection models. McAfee further minimizes false positives by correlating user activity within a cloud service with activities across all other cloud services to correctly identify actual threats.