Although Cisco has offered some of this functionality long before acquiring OpenDNS and transforming it into Cisco Umbrella, what it’s added to its SIG is equally worth noting. For example, to prevent threats, Cisco added the ability to inspect files. Using a combination of antivirus (AV) engines and Cisco Advanced Malware Protection (AMP), Umbrella now inspects files that are attempted to be downloaded from risky domains.
More recently, Cisco unveiled Cloudlock, a cloud access security broker (CASB) and cloud cybersecurity platform, which adds discovery and control for cloud users, data and apps across software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS) environments, and orchestrates existing security environments.
To better illustrate the value of Cloudlock, Cisco created an infographic titled, “The Risk of a Single Privileged User Account,” which reveals that the compromise and misuse of a single privileged user account is where these breaches all start. Hackers understand that cloud systems have become mission critical, and they’ve homed their efforts on users with unrestricted access to cloud services, such as chief information security officers (CISOs) and security managers.
Cisco research further confirmed that attackers typically try up to 40 different combinations per user, immediately stopping after they get the correct email address to move on to the next user. This email harvesting effort is likely part of a larger and coordinated spear phishing attempt, where the attackers sift through professional databases or online networks such as LinkedIn, zeroing in on specific users with privileged access rights to cloud systems.
Cisco Cloudlock helps thwart the aforementioned attacks via a platform that orchestrates security across an organization’s cybersecurity architecture, including identity as a service (IDaaS), security incident and event management (SIEM), next-generation firewalls (NGFWs), software web gateways (SGWs), threat emulation and more.
As a platform, Cisco Cloudlock takes a programmatic approach to cloud security, leveraging APIs from cloud services and applying API-based microservices. Using this approach, Cloudlock dynamically applies individual security services such as cloud data loss prevention (DLP) to customer apps on any cloud or premise-based platform.
To learn more about the Cisco Cloudlock cybersecurity platform, including its five key components, visit cloudlock.com/platform.