Cloud Access Security Broker (CASB)

The shift to cloud and adoption of Software as a Service (SaaS) services, has enabled enterprises to offload the burden of managing and delivering them by themselves. It has also, however, exposed a new and particularly risky attack surface. Cloud Access Security Broker (CASB) solutions play a pivotal role in helping enterprises cope with these risks and fortifying their security posture. They do this by providing visibility, assessment, access control and protection capabilities which enable enterprises to better understand and manage their organization’s SaaS usage.

The first challenge of cloud-based SaaS usage is understanding its full extent. While some applications have been procured and provided by the IT team itself, also referred to as sanctioned applications, many SaaS applications are being adopted and used by employees without the IT department’s approval and knowledge. These are unsanctioned applications, and their usage constitutes what is known as Shadow IT. Various studies have shown that the number of unsanctioned applications used in a typical enterprise far exceeds that of sanctioned applications.

The second challenge is understanding the risk each unsanctioned application poses and making decisions regarding its permitted usage. The enforcement of these usage permissions is achieved via the CASB policy rules.

Lastly, is the need to put in place threat prevention and data leak protection mechanisms to ensure the protection and integrity of enterprise users, resources, and data.

Cato CASB, part of the Cato SASE Cloud

Cato’s CASB solution is an integral service of the Cato SASE Cloud. This means enterprises using Cato can enable CASB with a mere flip of a switch. Since the enterprise network traffic is already processed by Cato’s SASE Cloud, adding the CASB functionality doesn’t require any client installations or network changes. Cato’s single-pass architecture ensures the CASB functionality adds minimal latency to the overall processing time. It also enriches the CASB with additional user, device, and application information to enable more insightful visibility and more granular access control rules.

Cato’s CASB enables enterprises a comprehensive view of their SaaS usage via a Shadow IT dashboard, which provides high-level statistics as well as application specific data. Application risk assessment is evaluated using Cato’s unique Application Credibility Engine (ACE) which collects information regarding the application’s purpose, publisher, security, and compliance. It then calculates a risk score which can be used to determine the most suitable access policy. Cato’s CASB supports highly granular access policies, enforced inline in real-time. This level of granularity will warrant an out-of-path API approach in many competing solutions.

Gain more insight into Cato’s CASB solution.

Stand-alone CASB solutions vs. Cato’s SASE Cloud

Stand Alone CASB

Stand Alone CASB

Cato CASB

Cato CASB

Onboarding

Stand Alone CASB

Long and complicated

A CASB project requires network mapping and planning to ensure all use-cases are covered. The deployment process requires deployment of PAC files and agents. On average, a learning period of up to 2 months is needed before the solution becomes effective.

Cato CASB

Fast and simple

No planning, network changes, deployments or configurations are needed to enable Cato’s CASB. Once enabled it becomes immediately functional with no additional learning period needed.

Inspection context breadth

Stand Alone CASB

Partial

A stand-alone CASB solution will typically be limited to its own internal insight.

Cato CASB

Complete

Being part of a full SASE service, Cato’s CASB has a rich insight from other network and network security features when defining and enforcing SaaS usage.

Application coverage

Stand Alone CASB

Limited

Typically supports SaaS only with limited IaaS capability.

Cato CASB

Wide

Full coverage of SaaS, IaaS and WAN use cases.

Inline enforcement granularity

Stand Alone CASB

Low

Typically low in in-line mode. Higher granularity enforcement usually requires using APIs in out-of-band mode, which means no real-time prevention is possible.

Cato CASB

High

Cato’s CASB enables highly granular rules in inline mode.

Stand Alone CASB

Cato CASB

Onboarding

Long and complicated

A CASB project requires network mapping and planning to ensure all use-cases are covered. The deployment process requires deployment of PAC files and agents. On average, a learning period of up to 2 months is needed before the solution becomes effective.

Fast and simple

No planning, network changes, deployments or configurations are needed to enable Cato’s CASB. Once enabled it becomes immediately functional with no additional learning period needed.

Inspection context breadth

Partial

A stand-alone CASB solution will typically be limited to its own internal insight.

Complete

Being part of a full SASE service, Cato’s CASB has a rich insight from other network and network security features when defining and enforcing SaaS usage.

Application coverage

Limited

Typically supports SaaS only with limited IaaS capability.

Wide

Full coverage of SaaS, IaaS and WAN use cases.

Inline enforcement granularity

Low

Typically low in in-line mode. Higher granularity enforcement usually requires using APIs in out-of-band mode, which means no real-time prevention is possible.

High

Cato’s CASB enables highly granular rules in inline mode.

Cato Networks는
Gartner에게 13회
인정받았습니다

단일 공급업체 SASE 시장 가이드

Gartner 관리형 SD-WAN 서비스 시장 가이드

Gartner 중간 규모 기업 하이프 사이클

Gartner 가상사설망 시장 가이드

Gartner 위협 대응 기술 하이프 사이클

Gartner 제로 트러스트 네트워크 액세스 시장 가이드

Gartner 에지 컴퓨팅 하이프 사이클

비즈니스 연속성 관리 및 IT 회복 탄력성 하이프 사이클

Gartner 네트워크 보안 하이프 사이클

Gartner 엔터프라이즈 네트워킹 하이프 사이클

Gartner 업무 공간 인프라 및 운영 하이프 사이클

Gartner 클라우드 보안 하이프 사이클

Gartner 클라우드 컴퓨팅 하이프 사이클

Gartner는 연구 간행물에서 언급하는 판매업체, 제품, 서비스를 보증하지 않으며, 기술 사용자에게 등급이 높거나 특별히 지정된 공급업체만을 선택할 것을 권유하지 않습니다. Gartner 연구 간행물은 Gartner 연구 조직의 의견으로 구성되며 사실에 대한 진술로 해석하면 안 됩니다. Gartner는 이 연구와 관련하여 상품성 또는 특정 목적에 대한 적합성을 보증하는 것을 포함하여 명시적이든 묵시적이든 어떤 보증도 하지 않습니다.