Skip to main content
McAfee MVISION Cloud

Cloud Security Report

From Dashboards > Cloud Security Advisor, select View Report to display the Cloud Security Report for the current quarter or three historical quarters.  

Usage Summary

The Usage Summary section provides a list of Key Statistics for the selected quarter, compared to a previous quarter, and the percentage of change. Use this report to track your progress in these areas of cloud use for your organization. 

csa_report_cloud_footprint_5.1.2.png

The Cloud Security Report Usage Summary tab provides the following information and actions:

  • Cloud Security Report. Select the quarter to display for this report. 
  • Date Picker. Use the Date Picker to select a preset or custom date range to display data from only this date range.
  • Actions. 
    • Create Report.
      • Business Report (PDF). Click to download a CSV file that provides the key statistics for Usage displayed on this page. 
      • CSV. Click to download a CSV file that provides the key statistics for Usage displayed on this page. 
      • Schedule. Schedule a report to run later, which then appears in the Report Manager
  • Cloud Footprint. Shows how much of a risk your cloud environment was exposed to.
    • Cloud Services. Number of cloud services discovered through Shadow IT.
    • High-risk Services Allowed. Number of cloud services with risk score of 7, 8, or 9 discovered through Shadow IT and not blocked.
    • Cloud Services Usage. Volume of data exchanged between corporate network and cloud services discovered through Shadow IT.
    • High-risk Cloud Services Usage. Volume of data exchanged between corporate network and cloud services with risk score of 7, 8, or 9 discovered through Shadow IT.
  • Resources. Shows how compliant your IaaS configuration was compared to best security practices.
    • Managed IaaS Resources with Amazon Web Services. Number of IaaS resources audited with Amazon Web Services. 
    • Managed IaaS Resources with Google Cloud Platform. Number of IaaS resources audited with Google Cloud Platform. 
    • Managed IaaS Resources with Microsoft Azure. Number of IaaS resources audited with Microsoft Azure. 
    • Managed IaaS Resources. Number of IaaS resources audited.
    • Non-compliant IaaS Resources with Amazon Web Services. Number of IaaS resources in audit incidents with Amazon Web Services.
    • Non-compliant IaaS Resources with Google Cloud Platform. Number of IaaS resources in audit incidents with Google Cloud Platform.
    • Non-compliant IaaS Resources with Microsoft Azure. Number of IaaS resources in audit incidents with Microsoft Azure.
    • Non-compliant IaaS Resources. Number of IaaS resources in audit incidents.
    • IaaS Usage. Volume of data exchanged between corporate network and IaaS discovered through Shadow IT.
    • IaaS Misconfigurations Avoided. The number of misconfigurations avoided. 
    • Clusters Discovered. Number of clusters discovered and audited in AWS, Azure, and GCP.
    • Non-compliant Clusters. Number of non-compliant clusters in AWS, Azure, and GCP.
    • Registries Discovered. Number of Registries and containers discovered and scanned in AWS, Azure, and GCP.
  • Incidents. Shows policy violations of each type detected in your cloud environment.
    • DLP Policy Incidents. Number of DLP policy violations. 
    • Collaboration Policy Incidents. Number of collaboration policy violations.
    • Personal Email Collaboration Policy Incidents. Number of collaboration policy violations of sharing with personal email accounts. For example, Gmail, Hotmail, Yahoo Mail, etc.
    • Access Policy Incidents. Number of cloud access policy violations. 
    • Connected Apps Incident Count. Number of incidents with the incident type Connected Apps Violation. 
    • SaaS Config Audit Incidents. Number of SaaS configuration audit incidents. 
    • IaaS Config Audit Incidents. Number of IaaS configuration audit incidents. 
    • Vulnerable Containers. Number of vulnerable containers in AWS, Azure, and GCP.
  • Threats. Shows threats detected from numerous activities in your cloud environment.
    • Monitored Cloud Activities. Number of McAfee monitored cloud activities.
    • Anomalies. Number of anomalies identified.
    • Threats. Number of threats detected.
  • Malware. Shows malware detected from numerous files in your cloud environment.
    • Malware in SaaS. Number of malware found in SaaS (for example, Exchange Online, OneDrive, SharePoint, Box, Google Drive).
    • Malware in IaaS. Number of malware found in IaaS storage (for example, AWS S3, Azure Blob).
  • Data at Risk. Shows how much of your data was at risk and how we secured your data.
    • Files Scanned for DLP. Number of files at rest scanned against DLP policies across SaaS, e.g., Exchange Online, OneDrive, SharePoint, Box, Google Drive, Salesforce. And IaaS, e.g., AWS S3, Azure Blob, Google Drive. 
    • Sensitive Files in DLP Policy Incidents. Number of unique files involved in DLP policy violations
    • Sensitive Files with Potential Exfiltration Prevented. Number of unique files involved in DLP policy violations and prevented from exfiltration through response actions, e.g., block, delete, quarantine.
    • Files in Collaboration Policy Incidents. Number of unique files involved in collaboration policy violations.
    • Files with Sharing Prevented. Number of unique files involved in collaboration policy violations and prevented from exfiltration through response actions, e.g., block.
    • File Downloads to Unmanaged Device Prevented. Number of blocked file download attempts to unmanaged devices.
  • Sensitive Data. Shows how your sensitive data was distributed across cloud services. 
    • Sensitive Files in Amazon S3. Number of unique files in DLP incidents with Amazon S3.
    • Sensitive Files in SharePoint. Number of unique files in DLP incidents with SharePoint. 
    • Sensitive Files in Google Drive. Number of unique files in DLP incidents with Google Drive.
    • Sensitive Files in Microsoft Azure. Number of unique files in DLP incidents with Microsoft Azure.
    • Sensitive Files in Amazon Web Services. Number of unique files in DLP incidents with Amazon Web Services.
    • Sensitive Files in Box. Number of unique files in DLP incidents with Box.
    • Sensitive Files in Google Cloud Platform. Number of unique files in DLP incidents with Google Cloud Platform.
    • Sensitive Files in Gmail. Number of unique files in DLP incidents with Gmail.
    • Sensitive Files in Dropbox for Business. Number of unique files in DLP incidents with Dropbox for Business. 
    • Sensitive Files in Salesforce. Number of unique files in DLP incidents with Salesforce. 
  • Users. Shows how much of a risk your users posed to your cloud environment.
    • Users. Number of unique users monitored
    • Users in Collaboration Policy Incidents. Number of unique users involved in collaboration policy violations.
    • Users in Access Policy Incidents. Number of unique users involved in access policy violations.
    • Users in DLP Policy Incidents. Number of unique users involved in DLP policy violations.
    • Users in Threats. Number of unique users involved in threats generated.
    • Dormant Users. The number of users that have been inactive since the last quarter.
  • Mobile Devices. Shows incidents of each type detected on mobile devices.
    • Collaboration Policy Incidents on Mobile Devices. Number of collaboration policy violations on mobile devices.
    • Access Policy Incidents on Mobile Devices. Number of access policy violations on mobile devices.
    • DLP Policy Incidents on Mobile Devices. Number of DLP policy violations on mobile devices.
    • Threats from Mobile Devices. Number of threats detected from mobile devices.
  • Connected Apps. Shows Connected Apps activity. 
    • Connected Apps Discovered. Number of third-party Microsoft 365 and Google Drive apps that are granted access to your corporate data. 
    • Connected Apps Blocked. Number of third-party Microsoft 365 and Google Drive apps that are blocked by your Connected Apps policy. 
    • Connected Apps Restricted. Number of third-party Microsoft 365 and Google Drive apps that are restricted for one or more users or User Groups. 
    • Connected Apps Policy Created. Number of policies defined for third-party Microsoft 365 and Google Drive apps.
  • MITRE. Shows potential and executed threats and associated incidents detected using the MITRE ATT&CK Framework.
    • Threat Count. Number of threats detected using the MITRE ATT&CK framework.
    • Potential Threats. Number of potential threats detected.
    • Executed Threats. Number of threats already executed.

Cloud Security Report PDF

Click Actions > Create Report > Business Report (PDF) to download a PDF file that provides the key statistics for Usage displayed on this page. 

You can also go to Reports to edit this report and schedule it to run at a designated frequency. For details, see Report Manager

csa_report_pdf_5.1.2.png

Cloud Security Report CSV

Click Actions > Create Report > CSV to download a CSV file that provides the key statistics for Usage displayed on this page. 

csa_report_csv_5.1.2.png

Maturity Score

The Maturity Score section provides details about the data that is shown in the Cloud Security Advisor Dashboard. It also shows Key Statistics for the quarter, compared to a previous quarter, and the percentage of change.

Scores Tab

The Scores tab provides details about the data that is shown in the Cloud Security Advisor Dashboard. It also shows Key Statistics for the quarter, compared to a previous quarter, and the percentage of change.

csa_report_scores_5.1.2.png

The Cloud Security Report Maturity Score > Scores tab provides the following information and actions:

  • Cloud Security Report. Select the quarter to display for this report. 
  • Actions. 
    • Create Report.
      • Business Report (PDF). Click to send your registered email a PDF file that provides the metrics Scores displayed on this page. You can also go to Reports to edit this report and schedule it to run at a designated frequency. For details, see About Report Manager
      • CSV. Click to download a CSV file that provides the metrics for Scores displayed on this page. 
  • Your Scores for the Quarter:
    • Visibility. Visibility metrics measure how well you have gained visibility into your cloud environment and how secure it is.
    • Control. Control metrics measure how well you have placed controls on and mitigated the security risks of data and activity in your cloud environment.
  • How you compare to peers. 
    • Chart. The chart visualizes how you compare to peers you select in other vertical markets in the areas of Visibility and Control.
    • Edit. An admin can click Edit and select up to 10 vertical markets to compare. 
  • Key Statistics. Displays the Key Statistics that comprise your scores. 
    • Visibility
    • Visibility Percentile
    • Control
    • Control Percentile

Visibility Metrics Tab

The Visibility Metrics tab displays visibility details about your cloud environment security. It displays cloud service category area-specific metrics and points for the quarter, compared to a previous quarter, and the percentage of change.

csa_report_visibility_5.2.2.png

The Cloud Security Report Maturity Score > Visibility Metrics tab provides the following information and actions:

  • Cloud Security Report. Select the quarter to display for this report. 
  • Actions. 
    • Create Report.
      • Business Report (PDF). Click to send your registered email a PDF file that provides the metrics for Visibility displayed on this page. You can also go to Reports to edit this report and schedule it to run at a designated frequency. For details, see About Report Manager
      • CSV. Click to download a CSV file that provides the metrics for Visibility displayed on this page. 
      • Schedule. Schedule a report to run later, which then appears in the Report Manager
  • Shadow IT
    • Shadow IT Enabled. Shadow IT gives you visibility into what cloud services employees are using on the corporate network.
    • Report Scheduled. At least one Analytics report or Incidents report is scheduled on a daily, weekly, or monthly cadence.
    • Active Directory Integrated for Shadow IT. Integrating Active Directory provides visibility into user-level activities.
    • Tokenization Enabled for Cloud Connector. Tokenization provides additional user identity protection in Cloud Connector.
  • SaaS
    • Personal Email Collaboration Monitored. At least one policy that monitors collaboration with a personal email address is enabled per managed collaboration app.
    • Publicly Shared Link Collaboration Monitored. At least one policy that monitors collaboration with publicly shared links is enabled per managed collaboration app.
    • Active Directory Integrated for sanctioned IT. Integrating Active Directory provides visibility into user-level activities.
    • Configuration Audit for SaaS Enabled. At least one configuration audit policy is enabled per managed SaaS service.
    • Collaboration with External Users Monitored. At least one policy that monitors collaboration with external users is enabled per managed collaboration app.
    • Collaboration Data Monitored. At least one policy that monitors sensitive data in collaboration is enabled per managed collaboration app.
    • DLP Scan for Collaboration Apps Enabled. At least one On-Demand DLP Scan is enabled per managed collaboration app.
    • On-Demand Scan for Email Enabled. On-Demand Scan for Office 365 Exchange Online is ready to run.
    • Structured Data Fingerprint Policy Enabled. At least one policy with structured data fingerprint is defined in Rules.
    • Unstructured Data Fingerprint Policy Enabled. At least one policy with unstructured data fingerprint is defined in Rules.
    • Sanction Sensitive Data Monitored. At least one policy that monitors sensitive data or one On-Demand DLP Scan is enabled for Sanction services.
    • Third-Party Access to Managed SaaS Monitored. At least one Connected Apps policy is enabled.
    • Malware Scan for SaaS Enabled. At least one On-Demand Malware Scan is enabled per managed SaaS service.
    • SaaS Managed. Add and manage all SaaS services and instances in use in your organization to MVISION Cloud.
  • IaaS
    • Malware Scan for IaaS Enabled. At least one On-Demand Malware Scan is enabled per managed IaaS service.
    • Vulnerability Scan Enabled for Containers. At least one Vulnerability scan is enabled per managed container service.
    • Configuration Audit for IaaS Enabled. At least one configuration audit policy is enabled per managed IaaS service.
    • Configuration Audit Enabled for Containers. At least one Configuration Audit policy is enabled per managed container service.
    • IaaS Sensitive Data Monitored. At least one policy that monitors sensitive data or one On-Demand DLP Scan is enabled for Iaas services.
    • DLP Scan for IaaS Enabled. At least one On-Demand DLP Scan is enabled per managed IaaS storage service.
    • IaaS Storage Resources Scanned for DLP. IaaS storage resources scanned for DLP at least once in all managed IaaS storage resources.
    • IaaS Managed. Add and manage all IaaS services and instances in use in your organization to MVISION Cloud.
Known Issue in 5.1.2

In MVISION Cloud 5.1.2, some Cloud Security Advisor metrics have been split into product-specific groups for Shadow IT, SaaS, and IaaS. For this reason, you may see a drop in your Visibility and Control scores.

The following metrics were split up:

  • Active Directory Integrated (Visibility Metric: 5 points) split into:
    • Active Directory Integrated for Sanctioned IT: 3 points
    • Active Directory Integrated for Shadow IT: 2 points
  • Sensitive Data Monitored (Visibility Metric: 15 points) split into:
    • Sanction Sensitive Data Monitored: 9 points
    • IaaS Sensitive Data Monitored: 6 points
  • Malware incidents resolved (Control Metric: 2 points) split into:
    • Malware Sanction Incidents Resolved: 1 point
    • Malware IaaS Incidents Resolved: 1 point

Control Metrics Tab

The Control Metrics tab displays control details about your cloud environment security. It displays cloud service category area-specific metrics and points for the quarter, compared to a previous quarter, and the percentage of change.

csa_report_control_5.2.2.png

The Cloud Security Report Maturity Score > Control Metrics tab provides the following information and actions:

  • Cloud Security Report. Select the quarter to display for this report. 
  • Actions. 
    • Create Report.
      • Business Report (PDF). Click to send your registered email a PDF file that provides the metrics for Visibility displayed on this page. You can also go to Reports to edit this report and schedule it to run at a designated frequency. For details, see About Report Manager
      • CSV. Click to download a CSV file that provides the metrics for Visibility displayed on this page. 
  • Shadow IT
    • Service Groups Configured with Closed Loop Remediation. Service Groups with Closed Loop Remediation enabled in all Service Groups.
    • High-Risk Services Blocked. High-risk services (risk level of 7, 8, or 9) blocked in all high-risk services discovered through Shadow IT.
    • Services Organized in Service Groups. Cloud services mapped to Service Groups in all cloud services discovered through Shadow IT.
    • Closed Loop Remediation Enabled. Closed Loop Remediation via integration with McAfee Web Gateway governs use of cloud services based on security risk level of cloud services discovered through Shadow IT.
  • SaaS
    • Response Action Configured for Collaboration Policy. At least one collaboration policy with any response action configured (such as quarantine, remove shared link, encrypt, etc.).
    • Response Action Configured for DLP Policy. At least one DLP policy with any response action configured (such as quarantine, delete, encrypt, etc.).
    • Sanctioned SaaS with Access Control. All Sanctioned SaaS have an Access Control Policy enabled. 
    • Collaboration Policies with Response Actions Configured. Collaboration policies with at least one response action configured (such as quarantine, remove shared link, encrypt, etc.) in all collaboration policies.
    • DLP Policies with Response Actions Configured. DLP policies with at least one response action configured (such as quarantine, delete, encrypt, etc.) in all DLP policies.
    • DLP Incidents Resolved by End User. DLP incidents resolved by end user in all DLP incidents resolved. 
    • High-Severity SaaS Audit Incidents Remediated. High-severity SaaS audit incidents remediated in all high-severity SaaS audit incidents generated.
    • High-Severity DLP Incidents Resolved. High-severity DLP incidents resolved in all DLP incidents generated. 
    • DLP Policies Synchronized from Endpoint to Cloud. At least one McAfee DLP policy is synchronized to MVISION Cloud.
    • Inline Email DLP Enabled. Inline Email DLP gives you control over the content of emails before they leave your environment. 
    • Malware Sanction Incidents Resolved. Malware Sanctioned incidents are resolved. 
  • IaaS
    • Compliant IaaS Resources. Compliant IaaS resources in all managed IaaS resources.
    • Compliant Container Resources. Compliant container resources in all managed container resources.
    • High-Severity IaaS Audit Incidents Remediated. High-severity IaaS audit incidents remediated in all high-severity IaaS audit incidents generated.
    • High-Severity Container Config Audit Incidents Resolved. Ratio of high-severity incidents resolved against all container Configuration Audit scan incidents.
    • High-Severity Container Vulnerability Scan Incidents Resolved. Ratio of high-severity incidents resolved against all container Vulnerability scan incidents.
    • Malware IaaS Incidents Resolved. Malware IaaS incidents are resolved.
  • Was this article helpful?