Security is a team sport. Companies are adopting new technologies at a feverish pace and often deploy multiple security solutions to protect their corporate assets. While each solution is crucial, multiple solutions have to interoperate within the enterprise framework to protect companies from a large number of vulnerabilities that include hackers, bots, malicious insiders, and employee errors.
Identity is a key aspect of enterprise security, with users having several identities and accounts on different platforms and devices including cloud, mobile, social, and personal networks. As companies employ multiple Identity and Access Management solutions to secure identity and access to corporate apps, they are looking for ways to exercise deeper control at an identity level – an approach that also factors in other activities performed by users to assess their security risk.
Skyhigh is now able to integrate with Access Governance and Identity Analytics solutions such as Oracle Identity and SailPoint to enable enterprises to run risk analytics and also enforce risk based controls on users. Skyhigh analyzes activity across multiple heuristics to detect multiple threats including insider threats, privileged user threats, and compromised accounts. This threat information is rolled up into a User Risk score and exposed to partner solutions. Customers using Skyhigh along with Identity Analytics solutions can monitor and apply controls based on user risk levels.
Skyhigh (McAfee MVISION Cloud) Provides Advanced Threat Protection Capabilities
Skyhigh captures a complete record of all user activity in cloud services such as Office 365, Box, and Salesforce, and leverages machine learning to analyze activity across multiple heuristics and accurately detect threats. As a comprehensive cloud security platform, Skyhigh can detect cross-cloud threats that involve usage across cloud services. As threats are resolved, Skyhigh automatically incorporates this data into its behavioral models to improve detection accuracy.
Skyhigh threat protection can detect multiple threats including insider threats, privileged user threats, and compromised accounts. Skyhigh automatically constructs a behavior model with dynamic and continuously updated thresholds for each user and team to identify activity indicative of insider threat, whether the threat is accidental or malicious. Privileged User Analytics identifies risk from dormant administrator accounts, excessive permissions, and unnecessary escalation of privileges and user provisioning. Skyhigh detects compromised account activity based on brute force login attempts, logins from new and untrusted locations for a specific user, and consecutive login attempts from two locations in a time period that implies impossible travel, even if the two logins occur across two cloud services. Darknet Intelligence reveals user accounts for sale online that are at risk of compromise.
Enterprises can Apply Risk-Based Controls on User Access
Skyhigh consolidates threat information and can expose user risk data via APIs to Access Governance Solutions for monitoring and controls. Given the high levels of usage of sanctioned services by enterprise users, the risk score sent by Skyhigh is a fairly accurate representation of the overall risk presented by that user. Companies do have the option to enrich this risk data with information from other security solutions.
Enterprises can apply a number of access-level controls using this information:
Place Users on Watchlists: High Risk Users can be placed on watchlists and subject to additional scrutiny, which includes analyzing their access and audit logs for suspicious behavior.
Block Risky Users: If a particular user is designated as ‘High Risk’, then this user can be blocked access from selected applications that may be sensitive to the organization.
Enforce Step-up Authentication: High risk users will need to go through additional authentication when they are accessing selected apps which are sensitive.
Privileged Access Management: Identity solutions can discover users with privileged entitlements and revoke access to those users designated as ‘High Risk’.