Awesome! You probably explained it much better than any book out there. I had a hard time understanding this concept and you helped a lot! Thank you! Subscribed!
Hi Steve, really interesting video. Just thinking about CASB and ZTNA, there seems abit of an overlap. I understood some of the CASB feature you mentioned, such as assessing the device posture, and ensuring a secure work environment were inherited features of a ZTNA solution. Is it common to have both ZTNA and CASB? Thanks
Yes, It's very common to have both. There is some overlap, which is happening more and more across all security services, but CASB and ZTNA are two very different solutions. Best, Steve
Thanks for your comment. If you look at the magic quadrant for CASB, most of the leaders will satisfy the use cases. I think the key to acquiring a CASB is selecting the right CASB partners for your situation and potentially a partner to manage the CASB for you. I'd be happy to assist further if you are looking for a CASB. Best, Steve
How are unsanctioned apps identified by a CASB? Does Amazon and eBay count as an app or any site with a login page? We have a suspicion that departments are buying small apps without informing IT. Would the list of "apps" in use be in the tens of thousands, e.g. shopping sites etc. as it would then be impossible to work through even with a risk scoring system?
Hello! Thank you for the question. The unsanctioned domains are discovered through basic traffic flows, not unlike your firewall, but the CASB can watch all traffic, even when the user is outside the firewall. Popular websites are generally categorized ahead of time.
Thank you Steve for your work. Nice talk on CASB. Qs: We have a requirement to secure and track source code in the company. Basically, how do companies secure their source code from active developers? E.g. Can an active developer in a company copy source code and reuse it when they leave? How can we track this? Is CASB the solution?
Thanks for your question, Naveen. Tracking source code that might be used elsewhere is not something I am familiar with. You should be able to monitor who is copying and posting information to another cloud resource with CASB. You can limit copying to a USB with an EPP. Lastly, you could isolate what the developers have access to with a zero trust solution. Hope that helps. Best, Steve
We do not have any Cloud Applications as all our business data is stored on on-prem datacentre. However, I would like our remote users to access the on-prem data from anywhere on the internet. In this scenario, do I still need the services of CASB?
Phewwww Thank you Steve
I’m an entry level security engineer having hard time understanding of what CASB is🙄🙄 and finally found this on RUclips💛☺️
Glad to have helped. Thanks for the comment and compliment! Best, Steve
Best video that I found on this topic... Well done! Thanks!
Glad it was helpful!
Its a really valuble information. thanks for sharing. I'm doughtful that availability of a single product that can address all these scenarios.
Thank you!
Very insightful &
Clear & concise!
thank you!
Great content, pace and level of detail. Writing a CCSP soon and this is a life saver while doing my final reviews. Thank you ;)
Glad it was helpful!
As always, great content. Thank you, Steve.
Thank you, Gina!
Awesome! You probably explained it much better than any book out there. I had a hard time understanding this concept and you helped a lot! Thank you! Subscribed!
Glad it was helpful! Best, Steve
Hi Steve, really interesting video. Just thinking about CASB and ZTNA, there seems abit of an overlap.
I understood some of the CASB feature you mentioned, such as assessing the device posture, and ensuring a secure work environment were inherited features of a ZTNA solution. Is it common to have both ZTNA and CASB?
Thanks
Yes, It's very common to have both. There is some overlap, which is happening more and more across all security services, but CASB and ZTNA are two very different solutions. Best, Steve
Could you please share the details of Major players in CASB (which you think includes all or at least most of these use cases)
Thanks for your comment. If you look at the magic quadrant for CASB, most of the leaders will satisfy the use cases. I think the key to acquiring a CASB is selecting the right CASB partners for your situation and potentially a partner to manage the CASB for you. I'd be happy to assist further if you are looking for a CASB. Best, Steve
How are unsanctioned apps identified by a CASB? Does Amazon and eBay count as an app or any site with a login page? We have a suspicion that departments are buying small apps without informing IT. Would the list of "apps" in use be in the tens of thousands, e.g. shopping sites etc. as it would then be impossible to work through even with a risk scoring system?
Hello! Thank you for the question. The unsanctioned domains are discovered through basic traffic flows, not unlike your firewall, but the CASB can watch all traffic, even when the user is outside the firewall. Popular websites are generally categorized ahead of time.
Thank you Steve for your work. Nice talk on CASB. Qs: We have a requirement to secure and track source code in the company. Basically, how do companies secure their source code from active developers? E.g. Can an active developer in a company copy source code and reuse it when they leave? How can we track this? Is CASB the solution?
Thanks for your question, Naveen. Tracking source code that might be used elsewhere is not something I am familiar with. You should be able to monitor who is copying and posting information to another cloud resource with CASB. You can limit copying to a USB with an EPP. Lastly, you could isolate what the developers have access to with a zero trust solution. Hope that helps. Best, Steve
Thanks Steve, that surely helps...
We do not have any Cloud Applications as all our business data is stored on on-prem datacentre. However, I would like our remote users to access the on-prem data from anywhere on the internet. In this scenario, do I still need the services of CASB?
Hello, Not knowing but what you've put in your message, I'd say a CASB is not required. I'd focus on zero trust network access.
Best, Steve
Does the CASB offerings from Cisco, PAN & Versa support all of these functions? Thanks
I would say "yes" to Cisco and PAN. Versa, probably, but that would take some additional investigation. Best, Steve
@@steve_murphy1 thanks!
Valuable information Steve
Thanks very much!
Does Zscaler provide all of the use cases
I'd say "yes," Zscaler supports the main use cases. You'd need to evaluate in detail with them. Best, Steve
very clear!
Glad it was helpful!
top
Thank you!