Complete Cloud Security Bob Anderson Cybersecurity Account Manager boba@avanan.com

Any Cloud. Any Security. One Click. Who We Are One View across All SaaS/IaaS Selection of Any Security from 60+ vendors All in a One-Click App Store Any Cloud. Any Security. One Click.

Got Cloud? Email Business Apps File Sharing ERP/CRM Collaboration IaaS

When you own the datacenter All users connect via your security stack. Security Stack Your Data Your Servers Your Security Your Responsibility

When you move to the SaaS Cloud Your Data Their Servers Their Security Your Responsibility?

The Shared Responsibility Model Infrastructure as a Service (IaaS) Platform as a Service (PaaS) SaaS People Data Applications Runtime Middleware OS Virtual Network Hypervisor Servers Storage Physical Network Provider Responsibility Customer Responsibility

Your Responsibility Amazon is responsible for “security of the cloud”. ”Microsoft is not responsible for any incidents that result from your unauthorized action or lack of action when required, or from your employees, agents, contractors, or vendors, or otherwise resulting from your failure to follow appropriate security practices.” ”You will be solely responsible for maintaining appropriate security, protection and backup copies of the Content, which may include, your use of additional encryption technology to protect the Content from unauthorized access.” ”It is your responsibility to enforce the appropriate movement and access to this data at the level of your application. This includes preventing your end users from sharing critical information outside of your corporate network / public cloud infrastructure and ensuring you keep data that could identify a specific individual safe.” “Our Services let you share Your Stuff with others, so please think carefully about what you share. You're responsible for your conduct and Your Stuff. Dropbox syncs any files added to it. If someone adds files with a virus or malicious software, that file syncs to any computers linked to the account. ” Amazon is responsible for “security of the cloud”. The customer is responsible for “security in the cloud”.

Terms of Service “Microsoft is not responsible for any incidents that result from your unauthorized action or lack of action when required, or from your employees, agents, contractors, or vendors, or otherwise resulting from your failure to follow appropriate security practices.” “Microsoft is not responsible for compliance with any laws or regulations applicable to Customer or Customer’s industry that are not generally applicable to information technology service providers. Microsoft does not determine whether Customer Data includes information subject to any specific law or regulation.” Office 365 Online Services Terms

Your Responsibility User & Data Security Phishing Zero Day Malware SaaS People Data Applications Runtime Middleware OS Virtual Network Hypervisor Servers Storage Physical Network User & Data Security Phishing Zero Day Malware Data Leak Prevention Account Takeover File Encryption Compliance

Gartner Framework for SaaS Security Users Data Applications Runtime Middleware OS Virtual Network Hypervisor Servers Storage Physical Network Best Practices Users Multifactor Authentication Adaptive Access Control Entity Behavior Analytics Data Anti Phishing Antivirus Scanning Sandboxing DLP/Data Classification File Encryption App Monitoring Event Auditing Logging Alerting Enterprise Log Integration Compliance Enforcement

Spam Filtering AV Scanning Advanced Threat Protection Sandboxing ($2/user/month) Exchange Protection Encryption Data Loss Protection eDiscovery Advanced Data Loss Protection Advanced eDiscovery Customer Lockbox Threat Intelligence Cloud App Security Advanced Threat Protection Sandboxing (incl.)

“Best-Effort” Terms of Service "Viruses" is defined as known malware: when widely used commercial virus scanning engines can detect the virus. The SLA shall not apply to spam, phishing and other scams, adware, and forms of spyware not known to the anti-virus community. Office 365 Online Services Terms http://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=7833

Microsoft vs Microsoft ATP Percent of zero-day malware that bypassed email protection. Lower is better. 60% 40% 20% Microsoft Microsoft Advanced Threat Protection (ATP) 1st 31st

The Problem Multiplied How do you provide consistent protection across all cloud assets Siloed point solutions from SaaS or multiple vendors Need to ‘make the cloud compliant’.

The Avanan Cloud Security Platform One View API Virtual Inline Connects Via API: No Proxy Gateway. No Agent Multiple Security Layers: All leading vendors in one click. Unified Dashboard: Standardized policy. Custom Workflow Enforcement.

Security Partners ‘Cloudified’ best of breed tools Zero-configuration engine Available in ‘one-click’ app store Interchangeable. Future proof.

Full Stack Security For Any Cloud Anti phishing Antivirus Malware Sandboxing AI Predictive Detection File Sanitization Data Security (DLP) Encryption Access Control Account Takeover Prot. Shadow SaaS Shadow IT SIEM Integration Compliance Enforcement Full Security Stack Zero-configuration One-click app store Future proof

Single Layer Security is not Security

Full Stack Malware Protection No single technology can catch everything. But can a hacker bypass multilayer protection? MALWARE PHISHING EXPLOITS SPAM Default Security Signatures A.I. Sandbox Anti-Phishing

Multi-Technology Scanning Sandboxing caught more than any other technology, but still only 79%. Sandboxing Alone Each layer catches fewer, but stops what the others miss. PREDICTIVE A.I ANTIVIRUS MALWARE SANDBOXING/THREAT EMULATION ANTI-PHISHING ANALYSIS BEHAVIOR ANALYSIS/ANOMALY DETECTION Plus Predictive AI Plus Antivirus Plus Anti-phishing Plus Anomaly Detection Only caught 19% but stopped 5 the others missed.

Advanced Threat Protection Email Security Office 365 Default Advanced Threat Protection AVANAN Phishing Protections Spam ✓ Domain Spoofing Brand Impersonation User Impersonation Business Email Compromise Malware Protections Antivirus Signatures Sandboxing Active Content Analysis File Sanitization URL Protections Domain Reputation Filter Malicious File Analysis Page Emulation Analysis Brand Spoof Analysis Active Form Analysis

Virtual Inline for Email Inbound, Outbound and Internal Messages Before it reaches the mailbox Includes default security Full control of the mailbox. Historical. Clawback. Beyond just email Patented ‘virtual inline’. Default Security Full SaaS integration. Total Mailbox Control

Suite-based phishing is top attack vector 49% of breaches in 2017 used no malware SaaS email is a global target Target is well understood email technology Suite vendor’s trust in its own services User’s habitual trust in the suite

SmartPhish Anti-phishing Inbound, Outbound and Internal Messages Full History: Company-wide Contextual Analysis AI Trained for what O365/Gmail Filters miss 300+ Indicators per email Interactive Workflow Response Beyond just email Patented ‘virtual inline’. Default Security Full SaaS integration. Total Mailbox Control Includes Both SaaS and Security Vendor Analysis

Data Classification/DLP Cloudified data classification apps. Pre-configured, ‘one click’ engine. Cloud-contextual enforcement. API Optional: Third party tools for file encryption. Optional: Apply enterprise license of DLP engine. Optional: Connect cloud-based engine to datacenter manager.

Account Takeover Protection Find Compromised Accounts Previous Breaches Across All SaaS Insider Threat Malicious Apps Shadow SaaS Malicious Config Your SaaS Phished Access Stolen Credential Insider Threat

Insecure Configurations Risky Data Access Rules Email Forwarding Rules Insecure and Malicious Configuration or Permissions Malicious Apps, Shadow SaaS, Shadow IT

Policy Orchestration API Centralized Policy/Automated Workflows One View Centralized Policy/Automated Workflows Normalized Event Information/Cross-cloud User Monitoring Unified Reporting/SIEM Integration Shared Datacenter Policy

Avanan 10-Minute Health Check Takes 10 Minutes to Setup. Just click “OK” in our app store. Scan using the industry’s best technology Zero Day Malware Phishing Emails, Attachments, Malicious URLs Historical Breaches, Account Takeover No Obligation. Really. www.avanan.com/dataconnectors *Of course, the full scan takes longer than ten minutes. But you will start to get results immediately.

Any Cloud. Any Security. One Click. Q&A Your 10-minute Health Check www.avanan.com/dataconnectors