Skip to main content
McAfee MVISION Cloud

SaaS Modes of Support

SaaS Application Categories

SaaS applications supported by MVISION Cloud are divided into three categories: Collaboration Apps, Structured Apps, and Long-tail SaaS Apps.

Collaboration Apps

Office 365 (OneDrive, SharePoint, Teams, Exchange Online), G Suite for Business, Box, Slack.

Structured Apps

Salesforce, ServiceNow, SuccessFactors, Workday.

Long-tail Apps

Any app that doesn't fall into one of the two categories above falls into the long-tail SaaS apps category (including any new SaaS application requested by customers). 

Examples: Atlassian Jira and Confluence, GitHub, Smartsheet, etc.

Use Cases

Data Loss Prevention (DLP)

Identify sensitive content uploaded/updated in SaaS application and delete/quarantine, apply classification/DRM, and/or notify users. 

Secure Collaboration

  • Monitors sensitive content shared with unauthorized external users and remove sharing.
  • Monitors unauthorized external users being invited to SaaS application resources and remove access.

Connected Apps

Enforce controls on apps installed in SaaS applications from the online marketplace.

Configuration Audit

Scan configuration settings in SaaS applications and recommend best practices.

Access Control

Block Unmanaged Devices

Block unmanaged devices during sign-in. This use case doesn't require MVISION Cloud to be inline between user and application. SAML Proxy can be configured to monitor device type during SAML SSO login flow and block the device if it is unmanaged. Customers can set up SAML Proxy on their own by following the documentation. For details, see SAML Proxy Deployment Guide.

Block Specific Activity on Unmanaged Devices

Allow the users to sign-in but block specific activity such as downloads on to unmanaged devices. This requires MVISION Cloud to be inline between the user's device and application. 

Block Sensitive Data Transfers to Unmanaged Devices

Block any sensitive content being downloaded on to unmanaged devices. This requires MVISION Cloud to be inline between the user's device and application.

DRM/Classification on Downloads

Protect/classify any sensitive documents being downloaded on to unmanaged devices with DRM/Classification products. This requires MVISION Cloud to be inline between the user's device and application.

Encryption

Structured and unstructured data encryption with the ability to leverage keys managed by customers. 

Use Cases and Modes of Support

 

Use Case
Collaboration Apps
Structured Apps
Long-tail Apps (with APIs)
Long-tail Apps (without APIs)
DLP API API API FW Proxy (UCE)
Secure Collaboration API API API Not Supported
Activity Monitoring and UEBA API API API FW Proxy (UCE)
Connected Apps API API API Not Supported

Configuration Audit

API API API Not Supported
Access Control: Block unmanaged devices SAML Proxy SAML Proxy SAML Proxy SAML Proxy
Access Control: Block specific activity (downloads) on unmanaged devices

Reverse Proxy OR (SAML Proxy + RBI)

Reverse Proxy OR (SAML Proxy + RBI)

SAML Proxy + RBI

SAML Proxy + RBI

Access Control: Block sensitive data downloads to unmanaged devices Reverse Proxy Reverse Proxy Not Supported Not Supported
DRM/Classification on downloads Reverse Proxy Reverse Proxy Not Supported Not Supported
Encryption N/A Reverse Proxy N/A N/A

     Roadmap

FAQ

What is the difference between SAML Proxy and Reverse Proxy?

SAML Proxy doesn't require MVISION Cloud to proxy the communication between user and application. SAML Proxy only comes into action during SAML SSO sign-in (by configuring IDP to redirect to a custom domain hosted by MVISION Cloud momentarily) to check the device type being used and completely block access if it is an unmanaged device. Reverse proxy involves MVISION Cloud being inline between user and application and intercepting all the traffic. 

What should be my approach if customer requests for a new SaaS application? 

Log a support request with the required information. For more details, see CASB Connect. If the application has APIs, McAfee prioritizes the roadmap and build API integration. If the application doesn't have APIs, then it is recommended to use FW Proxy (UCE) for DLP and Activity Monitoring (roadmap) use cases. Even if the application has APIs, given that prioritizing API integration and delivering an API-based solution is going to take time, it is recommended for customers to start taking advantage of FW Proxy (UCE) right away and create a feature enhancement request for an API-based solution in parallel. 

  • Was this article helpful?