Skip to main content
McAfee Enterprise MVISION Cloud

Cloud Security Report

The Cloud Security Report allows you to display usage and maturity score details on your cloud footprint for the current quarter or three historical quarters. You can also generate reports to share details with your coworkers. 

From Dashboards > Cloud Security Advisor, select View Report to display the Cloud Security Report.  

Usage Summary

The Usage Summary section provides a list of Key Statistics for the selected quarter, compared to a previous quarter, and the percentage of change. Use this report to track your progress in these areas of cloud use for your organization. 

csa_report_cloud_footprint_5.1.2.png

The Cloud Security Report Usage Summary tab provides the following information and actions:

  • Cloud Security Report. Select the quarter to display for this report. 
  • Date Picker. Use the Date Picker to select a preset or custom date range to display data from only this date range.
  • Actions. 
    • Create Report.
      • Business Report (PDF). Click to download a CSV file that provides the key statistics for Usage displayed on this page. 
      • CSV. Click to download a CSV file that provides the key statistics for Usage displayed on this page. 
      • Schedule. Schedule a report to run later, which then appears in the Report Manager
  • Cloud Footprint. Shows how much of a risk your cloud environment was exposed to.
    • Cloud Services. Number of cloud services discovered through Shadow IT.
    • High-risk Services Allowed. Number of cloud services with risk score of 7, 8, or 9 discovered through Shadow IT and not blocked.
    • Cloud Services Usage. Volume of data exchanged between corporate network and cloud services discovered through Shadow IT.
    • High-risk Cloud Services Usage. Volume of data exchanged between corporate network and cloud services with risk score of 7, 8, or 9 discovered through Shadow IT.
  • Resources. Shows how compliant your IaaS configuration was compared to best security practices.
    • Managed IaaS Resources. Number of IaaS resources audited.
    • Managed IaaS Resources with Microsoft Azure. Number of IaaS resources audited with Microsoft Azure. 
    • Managed IaaS Resources with Amazon Web Services. Number of IaaS resources audited with Amazon Web Services. 
    • Managed IaaS Resources with Google Cloud Platform. Number of IaaS resources audited with Google Cloud Platform. 
    • Non-compliant IaaS Resources. Number of IaaS resources in audit incidents.
    • Non-compliant IaaS Resources with Microsoft Azure. Number of IaaS resources in audit incidents with Microsoft Azure.
    • Non-compliant IaaS Resources with Amazon Web Services. Number of IaaS resources in audit incidents with Amazon Web Services.
    • Non-compliant IaaS Resources with Google Cloud Platform. Number of IaaS resources in audit incidents with Google Cloud Platform.
    • IaaS Usage. Volume of data exchanged between corporate network and IaaS discovered through Shadow IT.
    • IaaS Misconfigurations Prevented. The number of instances where a misconfigured IaaS template was detected and prevented from being deployed in production, as part of the Shift-Left inline feature. 
    • Clusters Discovered. Number of clusters discovered and audited in AWS, Azure, and GCP.
    • Non-compliant Clusters. Number of non-compliant clusters in AWS, Azure, and GCP.
    • Registries Discovered. Number of Registries and containers discovered and scanned in AWS, Azure, and GCP.
    • Microsoft Azure Accounts. Number of Microsoft Azure accounts. 
    • Amazon Web Services Accounts. Number of Amazon Web Services accounts. 
    • Google Cloud Platform Accounts. Number of Google Cloud Platform accounts. 
    • VM Vulnerabilities. Number of VMs with vulnerabilities discovered. 
  • Incidents. Shows policy violations of each type detected in your cloud environment.
    • DLP Policy Incidents. Number of DLP policy violations. 
    • Collaboration Policy Incidents. Number of collaboration policy violations.
    • Personal Email Collaboration Policy Incidents. Number of collaboration policy violations of sharing with personal email accounts. For example, Gmail, Hotmail, Yahoo Mail, etc.
    • Access Policy Incidents. Number of cloud access policy violations. 
    • SaaS Config Audit Incidents. Number of SaaS configuration audit incidents. 
    • IaaS Config Audit Incidents. Number of IaaS configuration audit incidents. 
    • Connected Apps Incident Count. Number of incidents with the incident type Connected Apps Violation. 
    • Vulnerable Containers. Number of vulnerable containers in AWS, Azure, and GCP.
    • Observe Mode Events for Google Cloud Platform. Number of events in observe mode for Google Cloud Platform. 
    • Observe Mode Events for Amazon Web Services. Number of events in observe mode for Amazon Web Services. 
    • Observe Mode Events for Microsoft Azure. Number of events in observe mode for Microsoft Azure. 
    • Controls Violated Across VMs for Google Cloud Platform. Average controls violated across VMs for Google Cloud Platform. 
    • Controls Violated Across VMs for Amazon Web Services. Average controls violated across VMs for Amazon Web Services. 
    • Controls Violated Across VMs for Microsoft Azure. Average controls violated across VMs for Microsoft Azure. 
    • FIM Incidents. Number of FIM incidents reported for containers. 
  • Threats. Shows threats detected from numerous activities in your cloud environment.
    • Monitored Cloud Activities. Number of McAfee Enterprise monitored cloud activities.
    • Anomalies. Number of anomalies identified.
    • Threats. Number of threats detected.
  • Malware. Shows malware detected from numerous files in your cloud environment.
    • Malware in SaaS. Number of malware found in SaaS (for example, Exchange Online, OneDrive, SharePoint, Box, Google Drive).
    • Malware in IaaS. Number of malware found in IaaS storage (for example, AWS S3, Azure Blob).
  • Data at Risk. Shows how much of your data was at risk and how we secured your data.
    • Files Scanned for DLP. Number of files at rest scanned against DLP policies across SaaS, e.g., Exchange Online, OneDrive, SharePoint, Box, Google Drive, Salesforce. And IaaS, e.g., AWS S3, Azure Blob, Google Drive. 
    • Sensitive Files in DLP Policy Incidents. Number of unique files involved in DLP policy violations
    • Sensitive Files Prevented from Potential Exfiltration. Number of unique files involved in DLP policy violations and prevented from exfiltration through response actions, such as block, delete, and quarantine.
    • Files in Collaboration Policy Incidents. Number of unique files involved in Collaboration policy violations.
    • Files Prevented from Sharing. Number of unique files involved in Collaboration policy violations and prevented from exfiltration through response actions such as block.
    • File Downloads Prevented to Unmanaged Devices. Number of file download attempts blocked to unmanaged devices.
    • Data Scanned. Volume of data scanned as part of DLP scans. 
  • Sensitive Data. Shows how your sensitive data was distributed across cloud services. 
    • Sensitive Files in Gmail. Number of unique files in DLP incidents with Gmail.
    • Sensitive Files in Salesforce. Number of unique files in DLP incidents with Salesforce. 
    • Sensitive Files in Dropbox for Business. Number of unique files in DLP incidents with Dropbox for Business. 
    • Sensitive Files in Microsoft Exchange Online. Number of unique files in DLP incidents with Microsoft Exchange Online. 
    • Sensitive Files in Box. Number of unique files in DLP incidents with Box.
    • Sensitive Files in Amazon Web Services. Number of unique files in DLP incidents with Amazon Web Services.
    • Sensitive Files in Google Cloud Platform. Number of unique files in DLP incidents with Google Cloud Platform.
    • Sensitive Files in Amazon S3. Number of unique files in DLP incidents with Amazon S3.
    • Sensitive Files in SharePoint. Number of unique files in DLP incidents with SharePoint. 
    • Sensitive Files in Google Drive. Number of unique files in DLP incidents with Google Drive.
    • Sensitive Files in Microsoft Azure. Number of unique files in DLP incidents with Microsoft Azure.
  • Users. Shows how much of a risk your users posed to your cloud environment.
    • Users. Number of unique users monitored
    • Users in Collaboration Policy Incidents. Number of unique users involved in collaboration policy violations.
    • Users in Access Policy Incidents. Number of unique users involved in access policy violations.
    • Users in DLP Policy Incidents. Number of unique users involved in DLP policy violations.
    • Users in Threats. Number of unique users involved in threats generated.
    • Dormant Users. The number of users that have been inactive since the last quarter.
  • Mobile Devices. Shows incidents of each type detected on mobile devices.
    • Collaboration Policy Incidents on Mobile Devices. Number of collaboration policy violations on mobile devices.
    • Access Policy Incidents on Mobile Devices. Number of access policy violations on mobile devices.
    • DLP Policy Incidents on Mobile Devices. Number of DLP policy violations on mobile devices.
    • Threats from Mobile Devices. Number of threats detected from mobile devices.
  • Connected Apps. Shows Connected Apps activity. 
    • Connected Apps Discovered. Number of third-party Microsoft 365 and Google Drive apps that are granted access to your corporate data. 
    • Connected Apps Blocked. Number of third-party Microsoft 365 and Google Drive apps that are blocked by your Connected Apps policy. 
    • Connected Apps Restricted. Number of third-party Microsoft 365 and Google Drive apps that are restricted for one or more users or User Groups. 
    • Connected Apps Policy Created. Number of policies defined for third-party Microsoft 365 and Google Drive apps.
  • MITRE. Shows potential and executed threats and associated incidents detected using the MITRE ATT&CK Framework.
    • Threat Count. Number of threats detected using the MITRE ATT&CK framework.
    • Potential Threats. Number of potential threats detected.
    • Executed Threats. Number of threats already executed.

Cloud Security Report PDF

Click Actions > Create Report > Business Report (PDF) to download a PDF file that provides the key statistics for Usage displayed on this page. 

You can also go to Reports to edit this report and schedule it to run at a designated frequency. For details, see Report Manager

csa_report_pdf_5.1.2.png

Cloud Security Report CSV

Click Actions > Create Report > CSV to download a CSV file that provides the key statistics for Usage displayed on this page. 

csa_report_csv_5.1.2.png

Maturity Score

The Maturity Score section provides details about the data that is shown in the Cloud Security Advisor Dashboard. It also shows Key Statistics for the quarter, compared to a previous quarter, and the percentage of change.

Scores Tab

The Scores tab provides details about the data that is shown in the Cloud Security Advisor Dashboard. It includes information on how to compare to peers, and access to Score History details. It also shows Key Statistics for the quarter, compared to a previous quarter, and the percentage of change.

csa_report_scores_5.5.0.png

The Cloud Security Report Maturity Score > Scores tab provides the following information and actions:

  • Cloud Security Report. Select the quarter to display for this report. 
  • Actions. 
    • Create Report.
      • Business Report (PDF). Click to send your registered email a PDF file that provides the metrics Scores displayed on this page. You can also go to Reports to edit this report and schedule it to run at a designated frequency. For details, see About Report Manager
      • CSV. Click to download a CSV file that provides the metrics for Scores displayed on this page. 
      • Schedule. Schedule a report to run later, which then appears in the Report Manager
  • Your Scores for the Quarter:
    • Visibility. Visibility metrics measure how well you have gained visibility into your cloud environment and how secure it is.
    • Control. Control metrics measure how well you have placed controls on and mitigated the security risks of data and activity in your cloud environment.
  • Compare to Peers. How you compare to peers. 
    • Chart. The chart visualizes how you compare to peers you select in other vertical markets in the areas of Visibility and Control.
    • Edit. An admin can click Edit and select up to 10 vertical markets to compare. 
  • Score History. Click the Score History tab to see the details of the changes in your Visibility and Control scores over the quarter (three months). 
  • Key Statistics. Displays the Key Statistics that comprise your scores. 
    • Visibility
    • Visibility Percentile
    • Control
    • Control Percentile

Visibility Metrics Tab

The Visibility Metrics tab displays visibility details about your cloud environment security. It displays cloud service category area-specific metrics and points for the quarter, compared to a previous quarter, and the percentage of change.

csa_report_visibility_5.2.2.png

The Cloud Security Report Maturity Score > Visibility Metrics tab provides the following information and actions:

  • Cloud Security Report. Select the quarter to display for this report. 
  • Actions. 
    • Create Report.
      • Business Report (PDF). Click to send your registered email a PDF file that provides the metrics for Visibility displayed on this page. You can also go to Reports to edit this report and schedule it to run at a designated frequency. For details, see About Report Manager
      • CSV. Click to download a CSV file that provides the metrics for Visibility displayed on this page. 
      • Schedule. Schedule a report to run later, which then appears in the Report Manager
  • Shadow IT
    • Shadow IT Enabled. Shadow IT gives you visibility into what cloud services employees are using on the corporate network.
    • Report Scheduled. At least one Analytics report or Incidents report is scheduled on a daily, weekly, or monthly cadence.
    • Active Directory Integrated for Shadow IT. Integrating Active Directory provides visibility into user-level activities.
    • Tokenization Enabled for Cloud Connector. Tokenization provides additional user identity protection in Cloud Connector.
  • SaaS
    • Personal Email Collaboration Monitored. At least one policy that monitors collaboration with a personal email address is enabled per managed collaboration app.
    • Publicly Shared Link Collaboration Monitored. At least one policy that monitors collaboration with publicly shared links is enabled per managed collaboration app.
    • Configuration Audit for SaaS Enabled. At least one configuration audit policy is enabled per managed SaaS service. 
    • Active Directory Integrated for Sanctioned IT. Integrating Active Directory provides visibility into user-level activities.
    • Collaboration with External Users Monitored. At least one policy that monitors collaboration with external users is enabled per managed collaboration app.
    • Collaboration Data Monitored. At least one policy that monitors sensitive data in collaboration is enabled per managed collaboration app.
    • DLP Scan for Collaboration Apps Enabled. At least one On-Demand DLP Scan is enabled per managed collaboration app.
    • On-Demand Scan for Email Enabled. On-Demand Scan for Office 365 Exchange Online is ready to run.
    • Structured Data Fingerprint Policy Enabled. At least one policy with structured data fingerprint is defined in Rules.
    • Unstructured Data Fingerprint Policy Enabled. At least one policy with unstructured data fingerprint is defined in Rules.
    • Sanctioned Sensitive Data Monitored. At least one policy that monitors sensitive data or one On-Demand DLP Scan is enabled for Sanction services.
    • Third-Party Access to Managed SaaS Monitored. At least one Connected Apps policy is enabled.
    • Malware Scan for SaaS Enabled. At least one On-Demand Malware Scan is enabled per managed SaaS service.
    • SaaS Managed. Add and manage all SaaS services and instances in use in your organization to MVISION Cloud.
  • IaaS
    • Configuration Audit for IaaS Enabled. At least one configuration audit policy is enabled per managed IaaS service.
    • Malware Scan for IaaS Enabled. At least one On-Demand Malware Scan is enabled per managed IaaS service.
    • Vulnerability Scan Enabled for Containers. At least one Vulnerability scan is enabled per managed container service.
    • Configuration Audit Enabled for Containers. At least one Configuration Audit policy is enabled per managed container service.
    • IaaS Sensitive Data Monitored. At least one policy that monitors sensitive data or one On-Demand DLP Scan is enabled for Iaas services.
    • DLP Scan for IaaS Enabled. At least one On-Demand DLP Scan is enabled per managed IaaS storage service.
    • IaaS Storage Resources Scanned for DLP. IaaS storage resources scanned for DLP at least once in all managed IaaS storage resources.
    • IaaS Sensitive Data Monitored. At least one policy that monitors sensitive data or one On-Demand DLP Scan is enabled for IaaS services. 
    • IaaS Managed. Add and manage all IaaS services and instances in use in your organization to MVISION Cloud.
Known Issue in 5.1.2

In MVISION Cloud 5.1.2, some Cloud Security Advisor metrics have been split into product-specific groups for Shadow IT, SaaS, and IaaS. For this reason, you may see a drop in your Visibility and Control scores.

The following metrics were split up:

  • Active Directory Integrated (Visibility Metric: 5 points) split into:
    • Active Directory Integrated for Sanctioned IT: 3 points
    • Active Directory Integrated for Shadow IT: 2 points
  • Sensitive Data Monitored (Visibility Metric: 15 points) split into:
    • Sanction Sensitive Data Monitored: 9 points
    • IaaS Sensitive Data Monitored: 6 points
  • Malware incidents resolved (Control Metric: 2 points) split into:
    • Malware Sanction Incidents Resolved: 1 point
    • Malware IaaS Incidents Resolved: 1 point

Control Metrics Tab

The Control Metrics tab displays control details about your cloud environment security. It displays cloud service category area-specific metrics and points for the quarter, compared to a previous quarter, and the percentage of change.

csa_report_control_5.2.2.png

The Cloud Security Report Maturity Score > Control Metrics tab provides the following information and actions:

  • Cloud Security Report. Select the quarter to display for this report. 
  • Actions. 
    • Create Report.
      • Business Report (PDF). Click to send your registered email a PDF file that provides the metrics for Visibility displayed on this page. You can also go to Reports to edit this report and schedule it to run at a designated frequency. For details, see About Report Manager
      • CSV. Click to download a CSV file that provides the metrics for Visibility displayed on this page. 
      • Schedule. Schedule a report to run later, which then appears in the Report Manager
  • Shadow IT
    • Service Groups Configured with Closed Loop Remediation. Service Groups with Closed Loop Remediation enabled in all Service Groups.
    • High-Risk Services Blocked. High-risk services (risk level of 7, 8, or 9) blocked in all high-risk services discovered through Shadow IT.
    • Services Organized in Service Groups. Cloud services mapped to Service Groups in all cloud services discovered through Shadow IT.
    • Closed Loop Remediation Enabled. Closed Loop Remediation via integration with McAfee Enterprise Web Gateway governs use of cloud services based on security risk level of cloud services discovered through Shadow IT.
  • SaaS
    • SaaS MITRE Threats Resolved. Ratio of threats that are resolved compared to the total number of threats detected using the MITRE ATT&CK framework. 
    • Sanctioned SaaS with Access Control. All Sanctioned SaaS have an Access Control Policy enabled. 
    • DLP Policies with Response Actions Configured. DLP policies with at least one response action configured (such as quarantine, delete, encrypt, etc.) in all DLP policies.
    • Critical Severity DLP Incidents Resolved. Critical severity DLP incidents resolved in all DLP incidents generated. 
    • DLP Incidents Resolved by End User. DLP incidents resolved by end user in all DLP incidents resolved.
    • Response Action Configured for Collaboration Policy. At least one collaboration policy with any response action configured (such as quarantine, remove shared link, encrypt, etc.).
    • Response Action Configured for DLP Policy. At least one DLP policy with any response action configured (such as quarantine, delete, encrypt, etc.).
    • Critical Severity SaaS Audit Incidents Remediated. Critical severity SaaS audit incidents remediated in all critical severity SaaS audit incidents generated. 
    • Collaboration Policies with Response Actions Configured. Collaboration policies with at least one response action configured (such as quarantine, remove shared link, encrypt, etc.) in all collaboration policies.
    • Inline Email DLP Enabled. Inline Email DLP gives you control over the content of emails before they leave your environment.
    • DLP Policies Synchronized from Endpoint to Cloud. At least one McAfee Enterprise DLP policy is synchronized to MVISION Cloud.
    • Malware Sanction Incidents Resolved. Malware Sanctioned incidents are resolved. 
  • IaaS
    • Critical Severity Container Config Audit Incidents Resolved. Ratio of critical severity incidents resolved against all container Configuration Audit scan incidents.
    • Critical Severity Container Vulnerability Scan Incidents Resolved. Ratio of critical severity incidents resolved against all container Vulnerability scan incidents.
    • Compliant Container Resources. Compliant container resources in all managed container resources.
    • IaaS MITRE Threats Resolved. Ratio of threats that are resolved compared to the total number of threats detected using the MITRE ATT&CK framework. 
    • Compliant IaaS Resources. Compliant IaaS resources in all managed IaaS resources.
    • Critical Severity IaaS Audit Incidents Remediated. Critical severity IaaS audit incidents remediated in all critical severity IaaS audit incidents generated.
    • Malware IaaS Incidents Resolved. Malware IaaS incidents are resolved.
  • Was this article helpful?