CASB (Cloud Access Security Broker)

CASBs extend enterprise security controls to cloud services, addressing shadow IT, data protection, and compliance requirements.

CASB deployment modes

• API-based: Connects directly to cloud provider APIs for visibility and control.
• Proxy (forward): Routes traffic through CASB for real-time inspection.
• Proxy (reverse): Intercepts traffic at the cloud application level.
• Log collection: Analyzes cloud service logs without inline inspection.

Core capabilities

• Visibility: Discover and inventory cloud services in use (shadow IT).
• Data security: DLP, encryption, tokenization for sensitive data.
• Threat protection: Malware scanning, anomaly detection, UEBA.
• Compliance: Audit logging, policy enforcement, regulatory reporting.
• Access control: Adaptive access based on user, device, location.

CASB vs ICES

• CASB: Broad cloud security across multiple SaaS applications.
• ICES (Integrated Cloud Email Security): Focused on email and collaboration.
• Modern platforms often combine both capabilities.
• Check Point Harmony includes CASB features for Drive, Docs, and Chat alongside email protection.

Key use cases

• Shadow IT discovery: Find unsanctioned cloud apps employees use.
• Data loss prevention: Block sensitive data uploads to personal accounts.
• Malware protection: Scan files uploaded to cloud storage.
• Compliance monitoring: Ensure cloud usage meets regulatory requirements.
• Access governance: Enforce least-privilege access to cloud resources.

Integration points

• Identity providers (Okta, Azure AD) for authentication context.
• SIEM platforms for security event correlation.
• DLP solutions for unified data protection policies.
• Endpoint agents for device trust signals.