Complete Cloud Security Heather DeSiena Cybersecurity Account Manager heatherd@avanan.com

Any Cloud. Any Security. One Click.

Got Cloud? Email Business Apps File Sharing ERP/CRM Collaboration IaaS

When you move to the SaaS Cloud Users connect from everywhere So do the hackers. Your Data Not Your Servers Not Your Security Attack Surface

The Shared Responsibility Model Infrastructure as a Service (IaaS) Platform as a Service (PaaS) SaaS People Data Applications Runtime Middleware OS Virtual Network Hypervisor Servers Storage Physical Network Provider Responsibility Customer Responsibility

Your Responsibility User & Data Security Phishing Zero Day Malware SaaS People Data Applications Runtime Middleware OS Virtual Network Hypervisor Servers Storage Physical Network User & Data Security Phishing Zero Day Malware Data Leak Prevention Account Takeover File Encryption Compliance Best Practice Document?

$24.00 Virus Detection Service Level Agreement: user/year Advanced Threat Protection for Email Virus Detection Service Level Agreement: "Viruses" is defined as known malware: when widely used commercial virus scanning engines can detect the virus. The SLA shall not apply to spam, phishing and other scams, adware, and forms of spyware not known to the anti-virus community. What are the technology limitations? ”Good Enough” vs “Best of Breed” Particular--

Your Responsibility Amazon is responsible for “security of the cloud”. ”Microsoft is not responsible for any incidents that result from your unauthorized action or lack of action when required, or from your employees, agents, contractors, or vendors, or otherwise resulting from your failure to follow appropriate security practices.” ”You will be solely responsible for maintaining appropriate security, protection and backup copies of the Content, which may include, your use of additional encryption technology to protect the Content from unauthorized access.” ”It is your responsibility to enforce the appropriate movement and access to this data at the level of your application. This includes preventing your end users from sharing critical information outside of your corporate network / public cloud infrastructure and ensuring you keep data that could identify a specific individual safe.” “Our Services let you share Your Stuff with others, so please think carefully about what you share. You're responsible for your conduct and Your Stuff. Dropbox syncs any files added to it. If someone adds files with a virus or malicious software, that file syncs to any computers linked to the account. ” We consider customer data ‘toxic sludge’. We don’t want to see it. We don’t want to touch it. We are not responsible for what’s inside. Amazon is responsible for “security of the cloud”. The customer is responsible for “security in the cloud”.

The Problem No consistent protection across all cloud assets Siloed point solutions from multiple vendors “I have 3 people and 27 security solutions” -Saj Haider, Oakhill CISO Need to ‘make the cloud compliant’. No consistent protection across all cloud assets Default solutions range from none to limited Few enforcement options Missing centralized management or reporting Siloed point solutions from multiple vendors No single vendor can solve the problem Landscape is constantly changing “I have 3 people and 27 security solutions”, -Saj Haider, Oakhill CISO Phishing/Account Takeover is existential threat to cloud Little the SaaS provider can do Tools adapted from data-center not equipped to detect

The Avanan Advantage API Connects Via API: No Proxy Gateway. No Agent One View API Connects Via API: No Proxy Gateway. No Agent Multiple Security Layers: All leading vendors in one click. Unified Dashboard: Standardized policy. Custom Workflow Enforcement.

How We Do It API Connects Via API No proxy gateway. All devices. Connection from Avanan to cloud app via API File uploaded to ShareFile (on prem or cloud) Avanan scans files for threats or sensitive data Take action based upon policy violations Connects Via API No proxy gateway. All devices. No change in experience.

How We Do It API Connects Via API Connection from Avanan to cloud app via API File uploaded to ShareFile (on prem or cloud) Avanan scans files for threats or sensitive data Take action based upon policy violations Connects Via API Data-at-rest rest, uploaded or changed files New document quarantined before scanned

How We Do It API Connects Via API Connection from Avanan to cloud app via API File uploaded to ShareFile (on prem or cloud) Avanan scans files for threats or sensitive data Take action based upon policy violations Connects Via API Data-at-rest rest, uploaded or changed files Each file is scanned for malware or confidential information By multiple tools in parallel. Additional tools add no additional latency. Scan takes less time than typical service sync time.

How We Do It API Connects Via API Connection from Avanan to cloud app via API File uploaded to ShareFile (on prem or cloud) Avanan scans files for threats or sensitive data Take action based upon policy violations Connects Via API Data-at-rest rest and uploaded or changed files Each file is scanned for malware or confidential information Actions based upon policy Quarantine. Encrypt. Change Share Permissions.

Security Partners ‘Cloudified’ best of breed tools Zero-configuration engine Available in ‘one-click’ app store Interchangeable. Future proof.

Full Stack Security For Any Cloud Anti phishing Antivirus Malware Sandboxing AI Predictive Detection File Sanitization Data Security (DLP) Encryption Access Control Account Takeover Prot. Shadow SaaS Shadow IT SIEM Integration Compliance Enforcement Full Security Stack Zero-configuration One-click app store Future proof Best in Breed

Best in Breed Partners

Full Stack Malware Protection No single technology can catch everything. But can a hacker bypass multilayer protection? MALWARE PHISHING EXPLOITS SPAM Default Security Signatures A.I. Sandbox Anti-Phishing

Data Classification/DLP Cloudified data classification apps. Pre-configured, ‘one click’ engine. Cloud-contextual enforcement. API Optional: Third party tools for file encryption. Optional: Apply enterprise license of DLP engine. Optional: Connect cloud-based engine to datacenter manager.

SmartPhish Anti-phishing Inbound, Outbound and Internal Messages Full History: Company-wide Contextual Analysis AI Trained for what O365/Gmail Filters miss 300+ Indicators per email Interactive Workflow Response Beyond just email Patented ‘virtual inline’. Default Security Full SaaS integration. Total Mailbox Control SmartPhish: Avanan’s own Anti-phishing Technology More Data. More Analysis. Machine Learning: 200+ indicators per email Big Data Analysis: Historical and real time context analysis Interactive Remediation and real-time learning True Cloud Integration “Virtual Inline”: After native security, before inbox (Patented) All Communication: Inbound, Outbound, Internal, Historical More than email: File-Sharing, Slack, Collaboration, etc. Workflow: Granular, interactive remediation and blocking Includes Both SaaS and Security Vendor Analysis

Account Takeover Protection Find Compromised Accounts Previous Breaches Across All SaaS Insider Threat Malicious Apps Shadow SaaS Malicious Config Your SaaS Account Take Over Detects compromised accounts whether through phish or lost password Identifies previous breaches before deployment Monitors all activity across all SaaS. Not just suspicious logins Insider threat – malicious downloads, shares, configuration, Insecure Configuration Identifies both insecure and malicious configuration Risky data access permissions Changes on login configurations (E.g. Disable MFA) Malicious Apps, Apps with excessive permissions, Shadow SaaS Unique To Avanan Real time, ongoing and historical breach detection on first connect Analysis across all SaaS, across all history, for full context Across multiple security layers for defense-in-depth Phished Access Stolen Credential Insider Threat

Insecure Configurations Risky Data Access Rules Email Forwarding Rules Insecure and Malicious Configuration or Permissions Malicious Apps, Shadow SaaS, Shadow IT Account Take Over Detects compromised accounts whether through phish or lost password Identifies previous breaches before deployment Monitors all activity across all SaaS. Not just suspicious logins Insider threat – malicious downloads, shares, configuration, Insecure Configuration Identifies both insecure and malicious configuration Risky data access permissions Changes on login configurations (E.g. Disable MFA) Malicious Apps, Apps with excessive permissions, Shadow SaaS Unique To Avanan Real time, ongoing and historical breach detection on first connect Analysis across all SaaS, across all history, for full context Across multiple security layers for defense-in-depth

Policy Orchestration Automated Workflows Centralized Policy Unified Reporting SIEM Integration Shared Datacenter Policy Normalized Event Information Cross-cloud User Monitoring

Case Study: Global Services Company Problem Multi-SaaS Deployment Consistent DLP Policy across data center and cloud Malware/Phishing Avanan Deployment Installed to solve malware problem. Added DLP, SmartPhish. Used current Palo Alto license. One-click integration with data center DLP Manager. Competitive Each SaaS solution incompatible. Palo Alto’s own solution not sufficient. ServiceSource Enabled SaaS: google_mail,google_drive,box,office365_onedrive,office365_emailsEnabled Anti Phishing: Enabled DLP: dlp_symantecEnabled AV: wildfireCredit Card Numbers: 8291Social Security Numbers: 256SandBlast Finding: 24

Any Cloud. Any Security. One Click. Thank You! Q&A

Avanan 1-Minute Health Check Free Scan of your Cloud Takes 1 Minute to Setup. Just click “OK” in the app store. Scan using the industry’s best technology Zero Day Malware Phishing Emails, Attachments, Malicious URLs Personally Identifiable Information, Credit Cards, etc. No Obligation. Really. *Full scan takes longer than one minute. But you will start to get results immediately.

14 Day Trial Day 1 Day 3 Day 7 Day 14 Trial Kickoff Review Results 10 Minute Setup Define Use Cases Initial Scan Monitor Mode Review Results Scan Analysis 5 User Prevent Mode Q&A Prevent Mode Review Prevent Mode Analysis Review Workflow Validate End User Experience Best Practice Review Trial Wrap-up Live Trial Review Executive Summary Report 10 Minutes 30 Minutes

Virtual Inline Deployment Patented “Virtual Inline Deployment” Better than inline proxy because: No rerouting of traffic. Invisible to users. All users, not just your employees. All devices, not just web browsers. Better than MTA Mail Proxy because All email, not just inbound. Internal email! Can scan and quarantine email already in inbox Not just email: Slack, Teams, etc. Patented ‘virtual inline’ enforcement. SmartPhish: Avanan’s own Anti-phishing Technology More Data. More Analysis. Machine Learning: 200+ indicators per email Big Data Analysis: Historical and real time context analysis Interactive Remediation and real-time learning True Cloud Integration “Virtual Inline”: After native security, before inbox (Patented) All Communication: Inbound, Outbound, Internal, Historical More than email: File-Sharing, Slack, Collaboration, etc. Workflow: Granular, interactive remediation and blocking

The Targets Account Takeover SaaS Apps Verizon Data Breach Investigations Report

Suite-based phishing is top attack vector 49% of breaches in 2017 used no malware SaaS email is a global target Target is well understood email technology User’s habitual trust in the suite