Skyhigh Security Terminology List
List of terms
Advanced Persistent Threat (APT)
APT is a type of cyber attack in which unauthorized users gain access to a system or network and remain there for a long duration without being detected. The goal of APT is to steal or transmit data rather than disrupt networks, cause a denial of service, or infect systems with malware. APTs use malware to bypass multiple levels of security. The malware that is connected to the network communicates on a regular basis with command-and-control (C&C) servers, to which it can transfer stolen data or receive commands. Trusted connections are frequently used to gain initial access through phishing or other malicious methods.
Skyhigh CASB can detect and remediate a wide range of cloud-based threats including APTs. It uses the Advanced Persistent Threats category to detect threats (ransomware, malware exfiltration) based on suspicious payloads in documents. Skyhigh CASB evaluates APTs based on anomalies such as backup tampering, file encryption, and service access count. For details, see Advanced Persistent Threats.
Advanced Threat Defense (ATD)
ATD is a type of security solution that provides protection against sophisticated malware or cyber-attacks which target sensitive data. It is used to prevent, detect and respond to new and sophisticated threats that are meant to bypass standard security solutions such as antivirus, firewalls, and Intrusion prevention system (IPS) / Intrusion detection system (IDS). It focuses more on threat prevention rather than threat detection and response. It also reduces the risk and severity of advanced attacks on an organization’s endpoints.
Skyhigh Security Advanced Threat Defense allows you to scan a web object for virus or malware infections after it has been scanned by Web Gateway. ATD analyses the behaviour of a web object in a sandbox environment, records the results of the scan in a report, and sends it to Web Gateway. Organizations can leverage ATD by enforcing appropriate rules on Web Gateway. For details, see Advanced Threat Defense.
Amazon Web Services (AWS)
AWS is a secure cloud services platform that provides compute power, database storage, content delivery, and several other functionalities. It is a set of cloud services (EC2, S3, RDS, DMS, VPC, CodeStar, CloudWatch, ElasticSearch, IAM, SNS, etc) that enable organizations to connect to private applications and workloads in the cloud.
Skyhigh CASB for AWS uses public AWS API's to monitor, secure, and audit AWS environments for threat protection, anomaly detection, configuration audit, and forensic audit logs. It includes SOC-specific threat protection and incident response workflows to remediate potential insider threats, privileged user threats, and compromised accounts. For details, see CSPM for AWS.
Skyhigh Secure Web Gateway (On-Prem) allows you to deploy Secure Web Gateway in Amazon Web Services (AWS), giving you greater flexibility in managing your infrastructure globally. For details, see Deploy to Amazon Web Services (AWS). Skyhigh Security enables you to protect your data by configuring data storage settings for Amazon Web Services (AWS). For details, see Data Storage for Amazon Web Services.
Amazon Elastic Container Registry (ECR)
Amazon ECR is a secure, scalable, and reliable container image registry service managed by AWS. It is a fully managed container registry that provides high-performance hosting, allowing you to reliably deploy application images and artifacts anywhere. Amazon ECR enables organizations to manage software vulnerabilities, streamline deployment workloads, and manage image lifecycle policies. Skyhigh Security Cloud Security Posture Management (CSPM) provides comprehensive discovery and risk-based prioritization, and Shift Left detects and corrects mis-configurations in your Amazon ECR instances. Skyhigh Security allows you to integrate Skyhigh CASB with Amazon ECR. For details, see Configure CSPM for Amazon ECR.
Amazon Elastic Container Service (ECS)
Amazon ECS, also known as Amazon EC-2 Container Service, is a fully managed cloud computing service provided by Amazon Web Services (AWS) that simplifies the deployment, management, and scalability of containerized applications. It uses Amazon Fargate's server-less technology to provide autonomous container operations, reducing the time spent on configuration, patching, and security. Amazon ECS enables rapid application deployment in a hybrid environment, supports batch processing, and scales your web applications without requiring you to manage the control plane, add-ons, or nodes. Amazon ECS provides organizations with benefits such as security, management, performance, scalability, compatibility, extensibility, and collaboration with other AWS services.
Skyhigh Security Cloud Security Posture Management (CSPM) provides comprehensive discovery and risk-based prioritization, and Shift Left detects and corrects mis-configurations in your Amazon ECS instances. Skyhigh Security allows you to integrate Skyhigh CASB with Amazon ECS. For details, see Configure CSPM for Amazon ECS.
Amazon Elastic Kubernetes Service (EKS)
Amazon EKS is a fully managed container service that runs and scales Kubernetes applications in the cloud or on-premises. It integrates with Kubernetes to deploy, manage, and scale containerized applications using Kubernetes on Amazon Web Services. Amazon EKS manages the availability and scalability of the Kubernetes control plane nodes responsible for scheduling containers, managing application availability, storing cluster data, and other critical tasks in the cloud. It allows you to leverage the performance, scale, reliability, and availability of AWS infrastructure, as well as integrations with AWS networking and security services.
Skyhigh Security Cloud Security Posture Management (CSPM) provides comprehensive discovery and risk-based prioritization, and Shift Left detects and corrects mis-configurations in your Amazon EKS instances. Skyhigh Security allows you to integrate Skyhigh CASB with Amazon EKS. For details, see Configure Container Security for EKS.
API (Application Programming Interface) is a set of definitions and protocols that allows two applications to communicate with each other. It acts as an intermediary layer between an application and a web server, processing data transfer between systems. For example, when you use the weather app on your phone to check for weather updates, the weather app “talks” to the weather bureau’s software system, which contains daily weather data via APIs and displays daily weather updates on your phone. The application that sends the request is known as the client, and the application that sends the response is known as the server. In the above-mentioned example, the weather app is the client and the weather bureau's weather database is the server.
APIs are standard contracts that define how the two applications communicate with each other using requests and responses. They provide organizations with numerous advantages, including improved collaboration, easier innovation, data monetization, and increased security. The different types of APIs are Private APIs, Public APIs, Partner APIs, and Composite APIs. The most common API architectures are SOAP (Simple Object Access Protocol), RPC (Remote Procedure Calls), Websocket, and REST (Representational State Transfer). REST APIs are widely used in the industry today, particularly for web interactions. Skyhigh Security provides organizations with a wide range of Skyhigh SSE APIs. For details, see Skyhigh SSE APIs.
AWS CloudTrail monitors and records account activity throughout your AWS infrastructure, allowing you to control storage, analysis, and remediation actions. It is an AWS service that helps you enable operational and risk auditing, governance, and compliance of your AWS account. CloudTrail logs events for actions performed by a user, role, or AWS service. These events include actions performed in the AWS Management Console, AWS Command Line Interface, AWS SDKs and APIs.
AWS CloudTrail can be used by organizations to audit activity, detect security incidents, and troubleshoot operational issues. It can be integrated into applications via the API, automate trail creation for your organization, check the status of trails you create, and control how users view CloudTrail events. For details, see here.
AWS Lambda is a server-less, event-driven compute service that permits you to run code for almost any type of application or backend service without provisioning or managing servers. It uses highly available, elastic infrastructure to run your code and carries out compute resources-administration tasks, such as automatic scaling, capacity provisioning, operating system and server maintenance. Lambda users can create functions, self-contained applications written in one of the supported languages and runtimes, and upload them to AWS Lambda, which executes those functions in an efficient and flexible manner.
AWS Lambda can be triggered from over 200 AWS services and software as a service (SaaS) applications on a pay per use basis. Lambda functions can perform a range of computing tasks from serving web pages and processing data streams to calling APIs and integrating with other AWS services. Skyhigh CASB custom policies that use AWS Lambda enable you to tailor security configuration rules to audit AWS services based on your organization's requirements. Skyhigh CASB Lambda policies are executed on a regular basis to monitor all relevant AWS services for configuration rules defined in Lambda scripts. For details, see About Lambda Custom Policies.
Azure Information Protection (AIP)
AIP is a cloud-based solution provided by Microsoft that allows organizations to classify and secure sensitive documents based on labels. These labels can be applied automatically or manually to limit both document and user actions. The two main components of this solution are data classification and rights management services. For example, AIP allows you to control which internal and external users can view, print, copy, and send documents. AIP provides organizations with benefits such as classify data based on sensitivity, secure data, increase visibility and control, collaborate securely with others, feasible, deployment and management flexibility.
Organizations can use AIP to classify and optionally protect sensitive documents using default and custom labels. Skyhigh CASB allows you to use AIP labels in DLP policies for supported CSPs such as OneDrive, SharePoint, Microsoft Teams, G Suite, Box, Salesforce, Workday, ServiceNow, and SuccessFactors. For details, see Skyhigh CASB for Azure Information Protection.
Azure Kubernetes Service (AKS)
AKS is a managed container orchestration service built on the open source Kubernetes system and available on Microsoft Azure. AKS can be used by organizations to handle critical functions such as deploying, scaling, and managing docker containers and container-based applications. An AKS cluster can be created using the Azure command-line interface (CLI), an Azure portal, or Azure PowerShell. Azure Resource Manager templates can also be used to create template-driven deployment options. The primary advantages of AKS are flexibility, automation, and reduced management overhead for administrators and developers. It is suitable for organizations that want to build scalable applications with Docker and Kubernetes using the Azure architecture.
Skyhigh Security Cloud Security Posture Management (CSPM) for Microsoft Azure provides activity monitoring and security configuration audit features to your Azure infrastructure. Skyhigh CASB logs all user activity in Microsoft Azure using multiple heuristics, detects threats, takes risk-mitigation action automatically, and assists with forensic investigations. For details, see CSPM for Microsoft Azure.
A backup is a copy of critical data that is stored in an alternate location so that it can be recovered if the original data is deleted or corrupted. Data should be backed up on a regular basis based on how frequently the data changes, how valuable it is, and how long the backup takes. Data loss can be caused by a variety of factors, including malicious attacks, hardware or software failures, file corruption, theft, natural disasters, and so on. Backup copies allow organizations to recover data from an earlier point in time to prevent data loss.
Skyhigh Secure Web Gateway (On-Prem) allows the Content Security Reporter (CSR) to automatically save the report server settings when creating a backup configuration, which can then be used to restore CSR to a previous configuration. For details, see System Backup.
Bandwidth is the maximum rate at which data can be transferred over an internet connection. It refers to the volume of information that can be transferred over a connection for a specific duration. Bandwidth varies depending on the transmission medium, such as an internet connection, and impacts the speed and volume at which data is transferred. The higher the bandwidth, the faster a system downloads information from the Internet. It is measured in bits per second (bps).
Bandwidth throttling refers to the allocation of available bandwidth to enhance the performance of high priority apps, such as Microsoft 365, and reduce the bandwidth allocation for low priority apps, such as YouTube. It minimizes the impact caused when the connection is under heavy load. Bandwidth throttling can be used to avoid situations in which the network performance required to complete a specific task is impacted by other users uploading objects to the web or requesting large downloads from the web. Skyhigh Secure Web Gateway (On-Prem) allows you to limit the speed for uploading and downloading data to the appliance via bandwidth throttling. For details, see Bandwidth Throttling.
A blocklist is a key component of access control that allows you to restrict access to cloud services based on parameters such as cloud service, device type, IP address, and others. For example, you can block the download of reports from Salesforce. It prevents users from accessing cloud services that have been identified as potentially harmful or suspicious. For details, see Access Control Policies.
A botnet, also known as a robot network, is a network of computers infected by malware that are controlled by a single attacking party known as the “bot-herder”. A bot is an individual machine that is under the control of the bot-herder. It is mostly used for email spam, phishing, and DDoS attacks.
Box is a cloud storage application that provides businesses with cloud-based content management, collaboration, and file sharing tools. It allows users to store and manage files in the cloud which can be accessed from any device. Users can comments on files, share them, apply workflows, and enforce security and governance policies. Skyhigh CASB for Box enforces DLP policies across data at rest and in motion to make sure compliance with regulations and internal policies. For details, see Skyhigh CASB for Box.
Branch transformation allows traffic in the branch to be routed directly and securely to the internet rather than being routed via MPLS (Multiprotocol Label Switching) links to the data center before being routed to the internet. For example, important video calls can be prioritized over other less latency-sensitive traffic. It is a critical component for IT transformation as it increases application performance, and provides a rich user experience, which results in increased productivity and agility. Skyhigh Secure Web Gateway Cloud allows you to clone a branch in the policy tree to save the default configuration and customize the branch's rule sets for different regions. For details, see Clone a Branch in the Policy Tree.
Certificate Authority (CA)
CA, also known as certification authority is an internal or third-party organization that issues digital certificates to validate the identity of entities such as websites, devices, users, and connects them to cryptographic keys. A repository or directory stores digital certificates and certificate revocation lists (CRLs), allowing users to obtain other users' public keys and determine revocation status. The repository is usually a traditional X.500 directory or a database that supports the Lightweight Directory Access Protocol (LDAP).
CA uses its private key to create a digital signature on the certificate that it issues to verify the certificate's origin. Users can use the public key of the CA certificate to verify the authenticity of the certificates issued and signed by the CA. The primary goal of a CA is to validate the authenticity and trustworthiness of a website, domain or organization so that users are aware of the organization's identity and credibility. It is a crucial component of the Internet's public key infrastructure (PKI) that allows web browsers to authenticate websites and connect securely via SSL (and HTTPS).
Skyhigh Secure Web Gateway (On-Prem) allows you to use your own certificate authority to sign the certificates that the appliance sends to its clients instead of the default root certificate authority that is provided after the initial setup. For details, see Replace the Default Root Certificate Authority.
Cloud Access Security Broker (CASB)
CASB is an on-premises or cloud-based software that acts as an intermediary between cloud services customers and service providers. It acts as a gatekeeper to help organizations monitor and use cloud services safely while ensuring that network traffic complies with the organization’s security policies and regulations. The primary purpose of a CASB is to provide a unified set of controls and policies that apply to multiple, dissimilar cloud services.
Skyhigh CASB is the leading CASB, a multi-tenant cloud-based service that allows organizations to embrace cloud services with appropriate levels of security and governance while lowering overall risk and cost. It acts as the cloud service's first line of defense by providing organizations real-time control over their data. Skyhigh CASB's mission is to prevent cloud security failures and ensure that cloud services and applications are always secure.
Skyhigh CASB provides security services such as shadow IT discovery, data security (data classification), DLP (data at rest and in motion), encryption/DRM, collaboration/sharing control, machine learning, threat protection (UEBA), adaptive access controls to restrict context based access (location, device category), and secure configuration to ensure IaaS resources compliance.
Skyhigh CASB considers three cloud service models: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). Skyhigh Security Cloud is designed to secure all three cloud service models and provide cloud security features such as visibility, compliance, threat protection, and data security. For details see, Skyhigh CASB.
Content Delivery Network (CDN)
CDN is a group of geographically distributed and interconnected servers that work together to provide fast and secure delivery of Internet content. It aims to minimize the distance between the user and the website's server. CDN servers store and deliver web content based on users' geographic locations, improve content delivery by accelerating page loads, and optimize overall network performance. It provides websites with increased protection against malicious attacks like distributed denial-of-service (DDoS) attacks.
The term "cloud" is mostly referred to the Internet as it uses remote servers on the Internet to store, manage, access, and process data. It allows users to receive services on-demand from a provider's servers rather than their own.
The two types of cloud services are public cloud and private cloud. Public clouds are multi-tenant environments in which organizations can use services, applications, and infrastructure on a pay-per-use model rather than owning the IT infrastructure. Public cloud services allow organizations to manage users and services easily during the deployment of software and services. Private clouds are single-tenant environments hosted on-premise where the compute, storage and network is dedicated for use to a single organization. Private clouds are used by organizations with strict compliance to ensure that the data does not leave the on-premises facility.
A cloud application is a software application that is deployed in a cloud environment rather than being hosted on a local server or machine. It provides a similar user experience to that of an application installed entirely on a local machine, but with minimal resources, frequent updates, and access to functionality across different devices. Examples of cloud applications are Salesforce, Microsoft Office 365, Dropbox, and AWS. CASBs address several common use cases to secure cloud applications.
Cloud Application Visibility
Cloud application visibility is the ability to view all the cloud applications used across your organization. It also allows you to manage and secure your data. Skyhigh CASB monitors the inflow of traffic, whether it is authorized by IT or not.
Cloud architecture refers to the combination of components and sub-components required for cloud computing. Cloud computing consists of two components, the front end, and the back end. The front end is what the user views; it consists of interfaces and applications required to access the cloud computing platform. The back end manages all the necessary resources to provide cloud computing services. It consists of virtual machines, servers, data storage, security mechanisms, etc.
Cloud computing refers to the delivery of computing resources which include tools and applications like servers, data storage, databases, networking, software, etc over the internet. It has several features such as resource pooling, on-demand self-service, easy maintenance, accessibility, availability, security, etc. It enables the delivery of applications and business processes as services online, rather than resources like software and storage hardware that are “traditionally” hosted onsite. The three main services of cloud computing are Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).
Cloud Connector (CC)
Skyhigh Cloud Connector (CC), also known as Groundlink is an application that can be installed on a Windows, Linux, or Mac operating system to establish a secure connection between Skyhigh Security Cloud and the enterprise connection. It acts as a tunnel between Skyhigh Security Cloud and your resource locations, allowing cloud management without the need for complex networking or infrastructure configuration in an on-premise system. CC is a virtual machine that streamlines traffic to Skyhigh Security services. It is also an API that allows you to connect to cloud service providers such as AWS, Google, Microsoft Azure, and VMware. A CC's key features and benefits include security, connectivity, performance, cost reduction, scalability, ease of deployment, real-time visibility, and mergers and acquisitions.
Skyhigh Security typically updates its CC every three to four months, with all new features and enhancements available only in the latest release. Skyhigh Cloud Connector is FIPS compliant by default starting with Skyhigh Cloud Connector 5.4.0. Skyhigh Security allows you to connect Skyhigh Cloud Connector to Skyhigh CASB for discovery and analysis. For details, see Skyhigh Cloud Connector.
Cloud Data Protection
Cloud data protection is a type of data protection model used to protect stored, static, and moving data in the cloud. It is designed to implement data storage, protection, and security methodologies for data that resides in, moves in and out of a cloud environment. This model can secure data regardless of its location or whether it is managed internally or externally. A key element of cloud data protection is the use of a CASB to solve modern security use cases.
Cloud enablement is the process by which organizations architect, deploy and operate IT infrastructure, software, and resources that enable cloud computing. A cloud enablement initiative may include migrating servers, operating systems, databases, applications, and other components to the cloud. The goal of cloud enablement is to replace on-premises devices such as servers and data centers with applications and services that are accessed through the internet.
Cloud enclaving is a technique of performing segmentation in the cloud to limit access to internal applications and prevent over-privileged access. A cloud enclave creates a protected IaaS instance using a software-defined perimeter (SDP) security model, allowing organizations to deploy role-based access control, trust assessment, certificate management, and other security functions.
Cloud firewall is a security product hosted in the cloud to filter out unauthorized and potentially malicious network traffic. It provides a protective shield around cloud assets which include cloud platforms, data stored on clouds, infrastructure, and applications. The cloud firewall blocks malicious traffic and only allows the authorized traffic to bypass them which is specified via a set of rules configured by the administrators. It stands in between a trusted internal network and an un-trusted network (Internet). Cloud-based firewalls have significant advantages over hardware-based firewalls. For example, cloud-based firewalls can scan traffic in real-time to provide global, up-to-date protection.
Skyhigh Security allows you to monitor your network traffic and prevent unauthorized traffic and malicious activity using the Cloud Firewall Dashboard. You can use this dashboard to gain insights into firewall traffic, trend of allowed and blocked firewall events over the last seven days. For details, see Cloud Firewall.
Cloud Firewall as a Service (FWaaS)
Cloud Firewall as a Service (FWaaS) refers to a type of service that provides cloud-based traffic inspection capabilities to users who want to de-comission or strengthen their existing firewall appliances. FWaaS is a cloud-based firewall that offers advanced, next-generation firewall (NGFW) capabilities which include access controls such as URL filtering, advanced threat prevention, intrusion prevention systems (IPS), and DNS security.
Cloud Governance and Compliance
Cloud governance and compliance are a set of regulatory processes that create and implement policies and procedures to protect the security of cloud applications and data. The goal of cloud governance is to enhance data security, manage risk, and enable the smooth operation of cloud systems.
Cloud Infrastructure Entitlement Management (CIEM)
Cloud Infrastructure Entitlement Management (CIEM) is a cloud security solution used to manage identities and cloud permissions in the cloud and multi-cloud environments. It uses machine learning and analytics to detect anomalies in account permissions. It helps organizations to lower the risk of cyber threats, such as data breaches and data ex-filtration in public cloud environments by reducing excessive entitlements or permissions that users and services have to cloud resources. CIEM is delivered via a software-as-a-service (SaaS) model, alongside other cloud security solutions, such as Cloud Security Posture Management (CSPM) and Cloud Access Service Broker (CASB).
Continuous Integration and Continuous Delivery (CI/CD)
Continuous integration is a software development methodology in which team members use a version control system and frequently merge their work (code changes) in the central repository. This avoids the integration issues that can arise while merging changes into the release branch on release day. Continuous integration focuses on automatically building and testing code, as compared to continuous delivery, which automates the entire software release process up to production. It puts a great emphasis on testing automation to ensure the application's functionality. The advantages of continuous integration include early bug detection, reduced bug count, process automation, process transparency, and cost-effectiveness.
Continuous delivery is a software development methodology that automates the software release process by automatically building, testing, and deploying software changes to production. It is a continuous integration extension that allows you to choose the release timeline based on your business needs, such as daily, weekly, fortnightly, and more. The advantages of continuous delivery include reduced risk, high-quality application, lower costs, and quality product. The maximum benefits of continuous delivery can only be yielded if small batches are released to troubleshoot any issues that may arise.
CI/CD enables software development teams to concentrate on meeting business requirements while ensuring code quality and software security by automating integration and delivery. It sets up continuous automation and monitoring throughout the app lifecycle, from the integration and testing phases to delivery and deployment. CI/CD is a best practise for DevOps teams and agile methodologies. CI/CD tools aid in the storage of environment-specific parameters that must be packaged with each delivery. Skyhigh CASB evaluates the security vulnerabilities in DevOps templates by integrating the repository and CI/CD tools with Shift Left inline APIs. For details, see here.
Cloud migration refers to the transfer of an organization's digital assets, services, databases, IT resources, and applications to the cloud. An example of cloud migration is the adoption of SaaS applications (Salesforce, Microsoft Office 365) and also the migration of internally managed applications (SAS, Oracle), to cloud infrastructure (IaaS) services, such as Microsoft Azure and Amazon Web Services (AWS).
Cloud Native Application Protection Platform (CNAPP)
Cloud Native Application Protection Platform (CNAPP) is a cloud-native security model that integrates Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), and Cloud Service Network Security (CSNS) into a unified platform. The goal of CNAPP is to provide a single platform to view and manage security controls for cloud accounts and workloads in a manner that can be integrated into a development and cloud operations workflow. The key benefits of CNAPP are increased visibility, improved compatibility, early detection, and extensive automation. Gartner defined CNAPP as, “An integrated set of security and compliance capabilities designed to help secure and protect cloud-native applications across development and production”.
Skyhigh Cloud Native Application Protection Platform (CNAPP) is the industry’s first platform that brings application and risk context to converge CSPM to protect from a single, cloud-native enforcement point, and CWPP to protect workloads. For details see, Skyhigh Cloud Infrastructure (CNAPP).
Cloud protection is a critical component of cloud security that includes tools designed to reduce cloud misconfiguration risks and attack surfaces, eliminate the threat of lateral movement, and provide secure data and user access to cloud apps and app-to-app communications.
A proxy serves as a bridge between a user and the internet to validate and forward user requests for inspection. Traditional (physical) proxies can be used to inspect inline traffic, but they are expensive, prone to legacy, and have capacity and compatibility issues. Cloud proxies address these limitations by hosting the traffic inspection process in the cloud. Cloud proxies can be scaled globally to provide extensive security for traditional and remote workers, reduce IT expenditure, meet and exceed compliance and security benchmarks, improve user experience, and protect the organization from external visibility.
The Skyhigh Cloud Registry offers a comprehensive database of 30,000 SaaS, IaaS, and PaaS services, as well as detailed information about each cloud service in the form of a CloudTrust rating. Skyhigh Security's CloudTrust Program is an objective and comprehensive evaluation of a cloud service's security capabilities based on the 55 attributes developed in collaboration with the Cloud Security Alliance (CSA). Organizations use the Skyhigh Cloud Registry to understand how they use cloud services, because of its extensive breadth and depth of coverage. The services in the cloud registry are organized into categories (such as Collaboration, Cloud Storage, Social Media, and others) to help you better understand their use and find alternatives when necessary. All registry information provides organizations with a detailed understanding of the security implications of their cloud usage. For details, see Skyhigh Cloud Registry.
Cloud Sandbox is an isolated computing environment in which a program or file can be executed. If a file contains malicious code, the code can be detected before the file infects the application, network, or system on which they are executed. Sandboxes are used by software developers to test new programming code and malicious software. It is a key component of advanced threat defense and offers an additional layer of protection against security threats, such as exploits and stealthy attacks that use zero-day vulnerabilities. A cloud sandbox inspects internet traffic in real-time and executes programs in the cloud before it reaches their destination. It inspects files for all users globally, on and off the corporate network, eliminating the need to deploy sandboxes in multiple locations.
Cloud security refers to the technologies, policies, controls, and services designed to protect data, applications, and infrastructure hosted on the cloud from external and internal threats. It protects the network infrastructure at multiple levels against data breaches, unauthorized access, DDoS attacks, and other threats.
Cloud security has many advantages over hardware-based security as it reduces costs and management requirements for organizations while increasing reliability, scalability, and flexibility. It shifts security from the network to the cloud, where it can scan all traffic, even encrypted traffic, regardless of its destination or origin. Few examples of cloud security tools are Cloud Workload Protection Platform (CWPP), Cloud Access Security Broker (CASB), and Cloud Security Posture Management (CSPM). Secure Access Service Edge (SASE) and Zero-Trust Network Access (ZTNA) are other popular cloud security models.
Cloud Security Alliance (CSA)
Cloud Security Alliance (CSA) is a global non-profit organization with the mission to promote the use of best practices to help ensure a secure cloud computing environment. It collaborates with industry experts, associations, governments, and its corporate and individual members to provide cloud security research, education, certification, events, and products. CSA provides a forum for various parties to collaborate in order to create and maintain a trusted cloud ecosystem. Its Security, Trust & Assurance Registry program (CSA STAR) is designed to help customers assess and select a Cloud Service Provider (CSP) via a three-step program of self-assessment, third-party audit, and continuous evaluation.
Cloud Security Gateway (CSG)
A cloud security gateway is a cloud-based solution that acts as a tunnel between cloud service consumers and cloud service providers to inspect and filter malware which prevents device infection and network compromise. It safeguards users against web-based threats by implementing and enforcing corporate and regulatory policies. Instead of connecting directly to a website, a user connects to the cloud security gateway, which then connects the user to the desired website and performs functions such as URL filtering, web visibility, malicious content inspection, web access controls, and other security checks.
Cloud Security Posture Management (CSPM)
Cloud Security Posture Management (CSPM) is a category of security products that automate security and ensure compliance in the cloud. CSPM tools analyze and compare a cloud environment to a predefined set of best practices and known security risks. Some CSPM tools notify the cloud consumer when a security risk needs to be addressed, whereas other, more sophisticated CSPM tools use robotic process automation (RPA) to resolve issues automatically. It assists organizations to meet compliance standards, increases transparency in their cloud environments, and helps prevent data leakage. Skyhigh Security CSPM provides comprehensive discovery and risk-based prioritization, and Shift Left to detect and correct mis-configurations. For details, see About CSPM.
Skyhigh Security CloudTrust Program is an objective and comprehensive assessment of a cloud service's security capabilities based on the 55 attributes developed in collaboration with the Cloud Security Alliance (CSA). Skyhigh Security evaluates cloud services and awards the Skyhigh Security Enterprise-Ready™ seal to those that fully meet the program's stringent requirements. The CloudTrust program currently includes over 100 cloud service providers. For details, see About the CloudTrust Program.
Skyhigh Security calculates and assigns a CloudTrust rating to each cloud service, indicating its enterprise-readiness. This rating, which ranges from 1 to 9, is based on a weighted average of the 55 Risk Attributes across the categories of Data, User/Device, Service, Business, Legal, and Cyber. Organizations use the CloudTrust rating to define cloud governance policies. For details, see CloudTrust Ratings.
Cloud-washing refers to the deceptive practice of rebranding products and services with the term "cloud" to make them appear more relevant in the cloud computing environment. For example, vendors may host an existing product (software or hardware) in a virtualized environment and label their on-premise infrastructure as a cloud solution. However, such an implementation lacks the elasticity, accessibility, measurability, multi-tenancy, and automated, continuous updates that are provided by true cloud solutions.
Cloud Workload Security
Cloud workload security is the process of securing workloads that move between cloud environments. Cloud workloads can be defined as the containers, functions, or machines that store the data and network resources required to run an application. Cloud security is typically governed by a shared responsibility model, in which the cloud service provider manages the security of the underlying infrastructure (cloud storage services, cloud computing services, cloud networking services) and the cloud service consumer manages the security of everything above the hyper-visor (guest operating systems, users, applications, data).
Skyhigh CASB, as part of the Cloud Workload Protection Platform (CWPP), assists IT and SOC administrators in assessing hardening benchmarks for cloud workloads on a regular basis to ensure that they continue to meet all compliance requirements. Workload hardening entails making changes to the system to secure it, such as updating installed software, securing the file system, correcting network mis-configurations, and more. For details, see Workload Hardening.
Cloud Workload Segmentation/Cloud Workload Protection
Cloud workload segmentation is a cloud-based process that applies identity-based protection to workloads without the need for architectural changes to the network. This is accomplished through micro-segmentation, a method that divides the data center into separate security segments before establishing security protocols for each segment.
Cybersecurity is the practice of deploying people, policies, processes, and technologies to protect organizations, their critical systems, and sensitive information from digital attacks. It aims to reduce the risk of cyber attacks and provides protection against unauthorized access to systems, networks, and technologies. Subsets of cybersecurity in a corporate context include IT security, IoT security, information security, and operational security. Cybersecurity measures are intended to combat threats to networked systems and applications that originate from within or outside of an organization.
Cyber threats are different types of malicious software (malware) that can infiltrate computer systems or networks to gain unauthorized access, damage, disrupt, or steal an information technology asset, computer network, intellectual property, or sensitive data. Cyberthreat protection is a set of security tools and solutions that are designed to protect systems and networks from cyber threats.
A data breach is an incident in which sensitive data, such as personal health information (PHI), personally identifiable information (PII), financial data, or intellectual property is accessed or released from a system/network by an unauthorized user.
Data breach occurs as a result of the theft or loss of a computing device, internal employees accidentally introducing malware into the network, or external hackers directly targeting an organization's network. Data breach prevention is a top priority in most organizations because these incidents can damage an organization's reputation and are costly and time-consuming to remediate.
Deception technology is a type of cybersecurity defense practice that aims to deceive attackers by disseminating a set of traps and decoys throughout a system's infrastructure to imitate genuine assets. Security teams create decoys (such as domains, databases, servers, applications, files, credentials, cookies, or sessions) to divert attackers away from real targets and to generate high-fidelity alerts that decrease dwell time and increase incident response. These decoys can run in either a virtual or physical operating system and are intended to trick cyber criminals into believing they have discovered a way to escalate privileges and steal credentials.
If an attacker triggers a decoy, notifications are sent to a centralized deception server, which monitors the affected decoy as well as the attack vectors used by the attacker. This technology allows you to locate an attacker in your network and then redirect them to an engagement server that gathers intelligence about their tools, methods, and behaviors that aid in the termination of the attack. Skyhigh CASB supports definitions, validation, and keyword information for Information Technology data identifiers. For details, see Information Technology.
A token is a piece of data that acts as a substitute for another, more valuable piece of data. Tokens have almost no intrinsic value and are only useful because of their representative value, such as a credit card primary account number (PAN) or a Social Security number (SSN).
Detokenization is the process of restoring previously masked sensitive data to its original value in order to reduce the risk of sensitive information being compromised. Detokenization is only possible with the original tokenization system. Skyhigh CASB allows you to detokenize reports (CSV, XLSX) containing usernames and IP addresses via Report Manager or Skyhigh Cloud Connector.
Data Loss Prevention (DLP)
DLP is a set of technologies, products, and techniques used to prevent sensitive data from being lost, misused, or accessed by unauthorized users. It monitors, detects, and blocks the movement of data (data at rest, data in motion, and data in use) in a network based on policies set by the administrator. These policies could be based on dictionaries, which are algorithms that detect specific types of data in user traffic. They can also be categorized by user or group, URL categories, location, and other factors.
DLP products use business rules to enforce regulatory compliance as well as classify and protect confidential and critical information, ensuring that unauthorized users do not share data that could put the organization at risk. Skyhigh CASB helps ensure compliance and security requirements by providing an additional layer of control to various CSPs via DLP policies. Organizations can use Skyhigh CASB to leverage their existing enterprise DLP policies and extend them to the cloud. For details, see About Skyhigh CASB.
DDoS (Distributed Denial-of-Service)
DDoS is a type of malicious cyber-attack used by attackers to make an online service, network resource or host machine unavailable to its targeted users on the Internet. This attack uses multiple computers or multiple connected online devices (botnet) to attack a system, network, or application. If an organization is hit by a DDoS attack, its servers are overwhelmed by the botnet's "hits," and its services become unavailable.
Digital Experience Monitoring (DEM)
DEM technology is a performance analysis discipline that measures and manages system performance by monitoring the health of all systems that exist between an end user and an application. DEM provides the IT infrastructure and operations leaders with better visibility to quickly identify and resolve issues, improve user experience and productivity and decrease the chances for a user to bypass security controls and introduce risk.
In a traditional network model, traffic headed to the open internet or cloud applications and services is routed via outbound and inbound security gateways. Cloud-bound traffic from branch offices and remote locations is routed back to the central data centre or a regional hub for security controls to be applied. However, routing traffic over private (MPLS) networks only to send it to the cloud is costly and inefficient, especially for applications such as Office 365, which open multiple persistent connections per user. According to Microsoft, Office 365 was designed to be accessed directly for the best user experience. With the bulk business traffic passing through the internet, "direct connections" improve efficiency, lower costs, and improve user experience vastly.
DoS (Denial of Service)
Denial-of-service (DoS) is a type of malicious cyber attack in which attackers aim to render a computer or other device unavailable to its targeted users by interrupting the device's normal operation. DoS attacks use a single computer to overwhelm or flood a targeted machine with requests until normal traffic cannot be processed, resulting in denial of service to additional users. A common type of DoS attack is the Distributed denial-of-service (DDoS) attack.
Double Extortion Ransomware
Double extortion ransomware is a type of ransomware that exfiltrates sensitive data and also encrypts that data in the victim's environment, providing the attacker greater leverage to demand ransoms. In contrast to traditional encryption-only ransomware, double extortion ransomware can sell or leak stolen data if the ransom is unpaid.
Elasticity and Scalability
Cloud elasticity refers to a system's ability to increase or decrease its varying capacity-related needs such as storage, networking, and computing based on current workload requirements (total load on the system). An elastic system automatically adapts to match resources with demand as closely as possible, in real-time. For example, the addition of virtual machines. It enables you to understand how well your architecture can adapt to workload changes in real-time.
Cloud scalability refers to the ability of a system's infrastructure to scale in order to handle increasing workload requirements while maintaining adequate performance. It helps organizations to avoid the purchase of expensive equipments that may become obsolete in a few years and allows them to pay only for what they use via cloud providers.
The Skyhigh CASB multi-tenant cloud architecture delivers elastic scale for users while maintaining security and data privacy.
Encryption is the process of converting data into code to prevent unauthorized access to information. It is a method to secure digital data by employing one or more mathematical techniques, as well as a password or "key" used to decrypt the data. At present, most of the global internet traffic uses Secure Sockets Layer (SSL) encryption, but many organizations disable SSL inspection because it is computationally intensive and has a negative impact on performance. It is necessary for privacy, security, data integrity, authentication, and compliance Skyhigh Security Cloud inspects every byte of traffic (including SSL) to detect hidden threats before they infiltrate your network.
Skyhigh CASB provides encryption schemes to meet the data security requirements for many cloud services. Skyhigh CASB Crypto Engine handles both structured and unstructured data encryption, addressing the PII compliance requirement for data protection at rest while preserving the user experience with the target cloud service intact as close as possible. For details, see About Encryption.
An endpoint is any device that can connect to a network, locally or remotely, such as computers, laptops, mobile phones, tablets, or a server. Endpoints include many non-traditional items, such as printers, cameras, appliances, smart watches, health trackers, navigation systems, and other devices that can connect to the internet. For example, the endpoint of a traditional antivirus is the desktop, laptop, or smartphone on which the antivirus is installed.
Endpoints can present serious security risks to an organization because they are vulnerable to or can be used in a variety of attacks and vulnerabilities, such as ransomware, botnets, un-patched software, credential phishing, data loss/theft, etc. Endpoints are becoming increasingly vulnerable to cyber attacks as organizational workforces become more mobile and users connect to internal resources from off-premises endpoints globally.
Endpoint Protection Cloud
An endpoint protection cloud is a cloud-based service that protects endpoints (devices that connect to an organization’s network). Endpoint protection solutions are classified into two types: prevention (before an attack) and response (after an attack). Endpoint protection platforms today include both endpoint protection solutions (prevention and response), which are managed through a centralized interface. Endpoint protection clouds enable organizations to easily manage remote assets, which is critical as more people connect from outside the local network, bypassing firewalls and network-based MDM (Mobile Device Management) tools.
End-User Experience Monitoring
End-user experience monitoring refers to software tools that allow teams to analyze the performance of an application or device from the end user's perspective with the goal to improve productivity. End-user experience monitoring measures and analyses diverse metrics across the entire user journey, as opposed to traditional network monitoring, which typically measures network-centric metrics and collects network logs.
Exact Data Match (EDM)
EDM is an advanced detection tool to monitor and protect sensitive data from exfiltration. It is a key component of data loss prevention (DLP) which is used to detect sensitive and personally identifiable information (PII) such as social security numbers, medical record numbers, bank account numbers, and credit card numbers in structured data sources such as databases, directory servers, or structured data files (CSV and TSV) with high accuracy. EDM identifies and correlates multiple tokens (name, birth date, and social security number) that contribute to a specific record to determine ownership of that data and set a policy for it.
Skyhigh CASB uses structured, or Exact Data Matching (EDM) fingerprints to monitor your organization's data in a row and column format typically extracted from a database in CSV format. After fingerprinting your data, you can leverage that indexed data by adding a DLP Policy rule. For details, see About Fingerprints.
Microsoft Exchange Server is a platform for email, calendaring, contacts, scheduling, and collaboration that runs exclusively on Windows Server OS. It was designed to allow users to access the messaging platform from mobile devices, desktop computers, and web-based systems. Voice messages are supported by Exchange Server's telephony capabilities. It is a highly scalable solution that can support a large number of users while maintaining email synchronization between the server and end-user clients. Exchange is also well-known for its high availability (HA) features, which ensure that service is maintained in various outage scenarios.
Exchange is compatible with web-based mail clients such as Microsoft Outlook, which can connect to and manage email from multiple sources. Outlook was built specifically for Exchange and works best when used with an Exchange account. It is available as both on-premises software and as software as a service (SaaS). Exchange Server has evolved over time to become a foundational component of Office 365 as a software as a service (SaaS) offering in the Microsoft cloud, with Microsoft serving as the service provider.
Microsoft Exchange Online is a cloud-hosted version of Microsoft's Exchange Server messaging platform that can be purchased separately or as part of an Office 365 subscription. Users can connect to Exchange Online using the Microsoft Outlook desktop client, web-based Outlook, or the Outlook mobile application to access email and collaboration features such as shared calendars, global address lists, and conference rooms. Exchange Online is the proprietary email and calendar hosting service by Microsoft, while Outlook is an email client by Microsoft.
Organizations can leverage Exchange Online to eliminate some of the hardware issues and infrastructure component problems that can affect an on-premises Exchange deployment. It reduces the administrative burden associated with on-premises Exchange deployments. Exchange Online can be used in a hybrid mode, with some mailboxes remaining in the data centre and others hosted in Microsoft's cloud.
Skyhigh CASB Email DLP allows you to apply DLP policies to secure your Exchange Online deployment. For details, see Skyhigh CASB for Exchange Online Inline Email DLP and Skyhigh CASB for Exchange Online Passive Email DLP.
Fingerprinting is a technique that converts large amounts of data into short text strings (bit streams), which serve as identifiable fingerprints of the original data. It is a scalable method to detect and track sensitive information as it moves across a network because engines only need to identify the fingerprints rather than full data sets during an inspection. A fingerprint is created when an organization creates a unique profile of you based on your computer hardware, software, add-ons, and even preferences. For example, your screen settings, fonts installed on your computer, and the web browser you use can all be used to create a fingerprint.
Fingerprints allow you to monitor your organization's data, create indices of rolling hashes of that data on-premise, and prevent sensitive or confidential information from leaving the organization by enforcing compliance policies. For details, see About Fingerprints.
Federal Information Processing Standards (FIPS)
FIPS are standards and guidelines for federal computer systems developed by the National Institute of Standards and Technology (NIST) and approved by the Secretary of Commerce in accordance with the Federal Information Security Management Act (FISMA). It is a set of US Government data security and encryption requirements. FIPS compliance is required for all federal agencies, contractors, and service providers. Additionally, any systems used in a federal environment, including cloud service providers (CSPs) encryption systems, computer solutions, software, and other related systems, must be FIPS compliant.
Organizations that are FIPS compliant must follow the various data security and computer system standards outlined in the FIPS. These organizations are usually federal government organizations that either collect, store, share, transfer, or disseminate sensitive data, such as Personally Identifiable Information (PII). FIPS standards that cover data encryption include the Advanced Encryption Standard (AES).
Skyhigh Cloud Connector is FIPS compliant by default starting with Skyhigh Cloud Connector 5.4.0. Skyhigh Security allows you to run Secure Web Gateway (On-Prem) in FIPS compliant mode, which improves information processing security while imposing several restrictions on the product's usage. For details, see Restrictions on Secure Web Gateway in FIPS-compliant Mode.
A forward proxy acts as a gatekeeper between end-users and the websites they visit. It is a server that routes the web traffic between users and other systems which are outside the network. It regulates web traffic as per preset policies, converts/hides client IP (internet protocol) addresses, implements security protocols, and blocks unknown web traffic. It is a cloud access security broker (CASB) deployment mode in which the software installed on each user device forwards traffic to a cloud inspection point for data loss prevention (DLP), advanced threat defense (ATD), and more. Forward proxies are typically used internally by large organizations to block employees from visiting certain websites, monitor employee online activity, block malicious traffic from reaching an origin server and improve user experience by caching external site content.
According to Gartner, a cloud workload protection platform (CWPP) is a workload-centric security offering intended to meet the unique protection requirements of workloads in hybrid, multi-cloud data center environments. Gartner also states that CWPP should deliver consistent control and visibility for physical machines, virtual machines, containers, and server-less workloads, regardless of location.
Google Cloud Platform (GCP)
GCP is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail, Google Drive, and YouTube. It is a component of Google Cloud, which also includes the Google Cloud Platform public cloud infrastructure, as well as Google Workspace (G Suite), enterprise versions of Android and Chrome OS, and application programming interfaces (APIs) for machine learning and enterprise mapping services.
GCP provides infrastructure as a service (IaaS), platform as a service (PaaS), and serverless computing environments. Google App Engine, the company's first cloud computing service, was launched in 2008 as a Platform as a Service (PaaS) product that provides a platform for developing and hosting web applications in Google-managed data centers. GCP's key features include cost effectiveness, high scalability, custom machine types, the Internet of Things (IoT), an API platform and ecosystem, big data analytics, cloud artificial intelligence, and serverless computing.
Skyhigh CASB for GCP adds capabilities for monitoring, securing, and auditing Google Cloud Platform environments for threat protection, anomaly detection, configuration audit, and forensic audit logs. Skyhigh CASB provides this functionality by utilizing public GCP APIs. For details, see CSPM for Google Cloud Platform.
Google Drive is a platform and service for cloud file storage, synchronization, and collaboration. It allows users to store files in the cloud (Google's servers), sync files across devices, and share files. Users can create, share, and manage documents using its own productivity apps, such as Google Docs, Google Sheets, and Google Slides, all of which are part of the Google Docs Editors office suite.
Google Drive data is encrypted with the transport layer security (TLS) standard before leaving a user's device and re-encrypted with 128-bit advanced encryption standard (AES) when it arrives at Google cloud. Google Drive supports two-factor authentication, but it does not comply with the Health Insurance Portability and Accountability Act (HIPAA). It also integrates with existing tools in your organization, such as Adobe, Atlassian, Autodesk, Docusign, Salesforce, and Slack. Google Drive provides users with 15 GB of free storage via Google One, as well as additional storage via optional paid plans.
Skyhigh CASB for Google Drive allows organizations to extend existing enterprise data loss prevention (DLP) policies to G Suite, reinforcing compliance and security requirements by providing an additional layer of control over data stored in Google Drive. It continuously monitors file activity in an organization's Google Drive accounts and processes those documents using the Skyhigh CASB DLP policy engine, an on-premises Enterprise DLP policy, or a combination of the two. For details, see Skyhigh CASB for Google Drive.
Google Suite (G Suite)
G Suite was launched in 2006 as a software-as-a-service (SaaS) service for organizations to use Google’s services on their own domains for a monthly subscription. G Suite enabled organizations to use Google's suite of cloud-based productivity and collaboration tools as the backend of their business rather than maintaining their own network storage, email server, and various other tools. Gmail, Google Talk, Google Calendar, and Google Page Creator were among the initial tools released. Google Docs, Sheets, Slides, Forms, Google Drive, Google Chat, and Meet were added over time.
Skyhigh Security offers Skyhigh CASB, which provides secure access and addresses common cloud security use cases, to enable visibility into cloud-delivered applications such as G Suite. For details, see Skyhigh CASB for Google Suite.
Gmail or Google Mail is a free web-based e-mail service that provides users 15 GB of mailbox storage and the ability for sophisticated message content searching. It allows you to send and receive emails, block spam, manage your address book, and perform other standard email functions. Gmail also automatically organizes messages that are related to one another into a conversational thread. Google's mail servers automatically scan emails for a variety of purposes, including spam and malware filtering and the placement of context-sensitive advertisements next to emails.
Skyhigh CASB Email DLP allows you to apply DLP policies to secure your Gmail deployment. For details, see Skyhigh CASB Inline DLP for Gmail and Skyhigh CASB Passive DLP for Gmail.
Google Kubernetes Engine (GKE)
GKE is a management and orchestration system for Docker containers and container clusters running in Google's public cloud. It is based on Kubernetes, Google's open source container management system, and can be used on-premises, in a hybrid cloud, or in the public cloud. It is commonly used by organizations to create or resize Docker container clusters, container pods, replication controllers, jobs, services, or load balancers, resize application controllers, update and upgrade container clusters, and debug container clusters. GKE can be accessed via the gcloud command line interface or the Google Cloud Platform (GCP) Console.
GKE was created specifically to support managed Kubernetes deployments in Google cloud. It is a collection of Google Compute Engine instances that run Kubernetes. GKE is frequently used by software developers to develop and test new enterprise applications. Administrators also use containers to improve the scalability and performance of enterprise applications such as web servers. Google currently charges a flat fee based on the number of nodes in a cluster for Kubernetes Engine services.
GKE uses the Kubernetes policy templates listed in Policy Templates for CSPM. Skyhigh CASB integrates with GCP to perform DLP Scan, Activity Monitoring, and Configuration Audit scans on your GCP instance. For details, see CSPM for Google Cloud Platform.
Health Insurance Portability and Accountability Act (HIPPA)
HIPAA is a federal law that mandated the development of national standards to protect sensitive patient health information from being disclosed without the patient's knowledge or consent. It includes data privacy and security safeguards to protect medical information. The law has gained traction in recent years as a result of numerous health data breaches caused by cyber attacks and ransomware attacks on health insurers and providers.
The HIPAA Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information, establishes the first national standards in the United States to protect patients' personal or protected health information (PHI). Few examples of PHI are medical records, laboratory reports, or hospital bills.
Skyhigh CASB provides activity monitoring, threat protection, and data loss prevention to third-party or internal applications with Skyhigh CASB Custom Applications. If a Custom App is likely to collect sensitive data that is subject to HIPAA, you can mark those Risk Assessment categories when configuring the app. For details, see Categorize HIPPA, PCI, and PII Data in Custom Apps.
HTTPS is a combination of HTTP and the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocols, with SSL and TLS providing authentication and encryption to protect HTTP communications. It is an internet communication protocol that ensures the integrity and confidentiality of data transmitted between a user's computer and a website. When a user accesses a website or a web application, HTTPS authenticates both the website and the associated web server and encrypts data transmitted between the user and server.
The protocol protects users from eavesdroppers and man-in-the-middle (MitM) attacks. It also safeguards legitimate domains against domain name system (DNS) spoofing attacks. Although an increasing number of malware authors use SSL to conceal threats, many organizations still allow SSL traffic to pass un-inspected. Secure Web Gateway (On-Prem) supports HTTPS scanning, ensuring that SSL-secured web traffic is processed on Secure Web Gateway and made available to other filtering functions. For details, see About HTTPS Scanning.
A hybrid cloud is a computing environment that combines an on-premises data center (private cloud) with a public cloud, allowing data and applications to be shared. A hybrid cloud provides a single environment for running on-premises, private resources, and public cloud resources such as those provided by AWS, Microsoft, and Google. The primary advantages of hybrid cloud are flexibility, cost management, agility, scalability, resilience, interoperability, and compliance. Hybrid cloud security refers to the method of providing security for data, applications, and resources in a hybrid cloud environment.
Skyhigh Security allows you to run Web Gateway along with Skyhigh Security Service Edge to filter web traffic in a hybrid solution. Skyhigh Secure Web Gateway (On-Prem) allows you to enforce a web security policy to protect your network from web-based threats. The rules of your web security policy are applied to the traffic generated when your organization's users access the internet on-premises. You can use the hybrid solution to enable the rule sets on Web Gateway for cloud use, allowing your organization's users to access the web from outside your local network. For details, see Fields of Web Security.
Identity and Access Management (IAM)
IAM is a set of business processes, policies, and technologies that enable the management of electronic or digital identities. The primary goal of an IAM system is to provide a single digital identity for each entity (users and devices). IAM systems include single sign-on systems, two factor authentication, multi factor authentication, and privileged access management. It can be deployed on-premises, through a third-party vendor via a cloud-based subscription model, or in a hybrid model. IAM systems record user login information, manage the enterprise database of user identities, and facilitate access privilege provision and removal.
IT managers can control user access to critical information within their organizations by implementing an IAM framework. These technologies also enable the secure storage of identity and profile data, as well as data governance functions to ensure that only necessary and relevant data is shared. Key benefits of IAM are access control, automation, security, and compliance. Administrators can use IAM systems to change a user's role, track user activities, generate reports on those activities, and enforce policies on an ongoing basis. AWS IAM allows you to secure access to your AWS resources. You can configure IAM roles to integrate Skyhigh CASB with AWS. For details, see Configure IAM Roles to Integrate Skyhigh CASB with AWS.
Identity Provider (IdP)
An identity provider (IdP) is a service that stores and manages digital identities of users (prinicipals). It provides a single set of login credentials to users or interconnected devices, validating the entity's authenticity across multiple platforms, applications, and networks. For example, when a third-party website prompts you to log in via your Google Account, Google Sign-In is the identity provider. The goal of an IdP is to maintain federated identity by securing registered credentials and making them available to various directory services via translation services.
IdPs communicate with each other and other web service providers via languages such as Security Assertion Markup Language (SAML) or data formats such as Open Authorization (Outh). Few examples of IdPs are Google, Amazon Web Services (AWS), and Microsoft Azure Directory (AD). If the IdP provides endpoint authentication or user authentication services, it is also known as an authentication as a service (AaaS). It allows security administrators to organize and manage users, devices, and network resource identities, as well as interact securely over a private network. Skyhigh CASB allows you to add or update configurations to enable Single Sign-On (SSO) using your own identity provider. For details, see Primary User - Identity Provider.
Internet Protocol address (IP address) is a numerical label that is linked to a computer network and communicates via Internet Protocol. It is a unique address that identifies a device on the internet or a local network. The primary functions of an IP address are network interface identification and location addressing. IP addresses allow the internet to distinguish between different computers, routers, and websites. The four types of IP addresses are public, private, static, and dynamic.
IP addresses of the sending and receiving hosts are both contained in the header of every IP packet. The two versions of IP addresses are IPv4 and IPv6. The Internet Assigned Numbers Authority (IANA) and five regional Internet registries (RIRs) are responsible in their designated territories for assigning IP addresses to local Internet registries, such as Internet service providers (ISPs) and other end users. Cyber attackers can use your IP address to send you personalized spam, launch a targeted DDoS attack, or spoof your address and disguise themselves as you while executing cyber attacks. Skyhigh CASB allows you to include IP addresses in an Allow list for all environments to grant Skyhigh CASB access to your IaaS deployment. For details, see CSPM Allow List IP Addresses.
IoT (Internet of Things)
The term IoT refers to a network of interconnected devices and the technology that allows communication between the devices and the cloud, as well as between the devices. These devices are Internet-connected "smart" versions of traditional appliances such as refrigerators, light bulbs, Alexa, televisions, printers, security cameras, and more that have IP addresses which enable them to send and receive data.
Organizations use IoT to operate more efficiently, provide enhanced customer service, improve decision-making, and increase business value. Skyhigh Security provides comprehensive, low-cost-protection for all your internet-connected devices.
Infrastructure as a Service (IaaS)
IaaS is a cloud computing service model in which a cloud service provider provides computing resources such as storage, networking, servers, and virtual machines on a pay-per-use basis via the cloud. The IaaS provider hosts these resources in either a public cloud, a private cloud, or a hybrid cloud. IaaS, as opposed to PaaS and SaaS, offers the most granular control over cloud resources. IaaS is a collection of physical and virtualized resources that provide consumers with the fundamental building blocks required to run cloud-based applications and workloads.
IaaS reduces the complexity and costs of building and maintaining physical infrastructure in an on-premises data centre. The benefits of IaaS include affordability, improved efficiency, increased innovation, reliability, high scalability, and lower latency. IaaS providers also provide additional services such as detailed billing management, logging, monitoring, storage resiliency, and security.
Skyhigh CASB for IaaS provides a safety net for corporate resources and data in services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). You can use it to apply secure configuration management, data protection, code and container security, and activity monitoring on your IaaS services. For details, see Infrastructure as a Service.
Internet security is a critical component of cybersecurity which includes the management of cyber threats and risks associated with the Internet, web browsers, web apps, websites, and networks. The primary goal of Internet security solutions is to protect users and corporate IT assets from Internet-based attacks.
Skyhigh Security provides the only 100 percent cloud-delivered internet security platform, enabling secure, policy-based internet access and private apps for every user, on any device globally.
Jive is a digital collaboration solution that provides organizations with intranet, communication, and digital collaboration capabilities. It focuses on team and work productivity solutions. Jive includes team blogs, wiki-docs for collaborative editing, video, analytics, social media monitoring, and discussion tools. It allows groups to easily brainstorm, share ideas, and see what everyone is working on.
Skyhigh CASB can run and host your Jive instance securely, as well as customise it with security enhancements and customizations. Skyhigh CASB for Jive allows Security Operations Center Admins to monitor user activity in Jive, enforce DLP policies, and review threats detected by Skyhigh CASB's UEBA and machine learning algorithms. For details, see Skyhigh CASB for Jive.
Kubernetes, also known as K8s, is an open source platform for managing Linux containers in private, public, and hybrid cloud environments. It allows users to schedule, run, and monitor containers in clustered configurations, as well as automate related operational tasks such as deployment, monitoring, load balancing, storage, optimization, and security. Kubernetes is used by application developers, IT administrators, and DevOps engineers to automatically deploy, scale, maintain, schedule, and operate multiple application containers across node clusters.
Kubernetes manages a cluster of compute instances and schedules containers to run on the cluster based on compute resources available and container resource requirements. Containers are run in logical groups known as pods, and you can run and scale one or more containers as a pod. The Kubernetes control plane software determines when and where your pods should run, manages traffic routing, and scales your pods based on utilization or other defined metrics. Kubernetes starts pods on your cluster based on their resource requirements and restarts pods if they or the instances on which they are running fail. Each pod is assigned an IP address and a single DNS name, which Kubernetes uses to connect your services with each another and with external traffic.
Kubernetes is primarily used by enterprises to manage and federate containers, as well as to manage passwords, tokens, SSH keys, and other sensitive data. It can also be used by organizations to manage microservice architectures. Most cloud providers support the deployment of containers and Kubernetes. Some examples of Kubernetes distributions for production use include Rancher and public cloud-based tie-ins, such as Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS) and, Google Kubernetes Engine (GKE). Kubernetes was inspired by Google's internal data centre management software "Borg," and it is currently hosted by the Cloud Native Computing Foundation (CNCF).
GKE uses the Kubernetes policy templates listed in Policy Templates for CSPM. Skyhigh CASB integrates with GCP to perform DLP Scan, Activity Monitoring, and Configuration Audit scans on your GCP instance. For details, see CSPM for Google Cloud Platform.
Local Internet Breakouts
A local internet breakout brings internet access closer to users, allowing them to access their cloud-based applications and services with fast, local connections. Local breakouts allow remote offices and branches to route traffic directly to the internet via an internet service provider (ISP), which is often accomplished with low-cost broadband connections. Local breakouts improve user experience while reducing networking costs because internet traffic is no longer routed through private MPLS networks to a regional gateway.
Least-privileged access refers to an information security concept in which a user is given the minimum levels of access or permissions required to perform their tasks. It is also known as the principle of minimal privilege (POMP) or the principle of least authority (POLA), but what all terms have in common is that organizations attempt to reduce exposure by limiting unauthorized access to business applications or resources and restrict lateral movement across the network. It is widely considered to be a cybersecurity best practice and is a fundamental step in protecting privileged access to high-value data and assets. It is one of the core concepts of Zero Trust security.
Malware (malicious software) is a file or code that infects, explores, steals, or performs virtually any action desired by the attacker to damage a computer or network. Malware includes a wide range of viruses, worms, Trojan horses, spyware, adware, and ransomware, and it has grown in both quantity and sophistication. It is designed to steal, encrypt, or delete sensitive data, as well as alter or hijack core computing functions and monitor user's computer activity without their knowledge.
Microsoft Active Directory
Microsoft Active Directory stores information about objects on the cloud network and makes this information available for administrators and users to find and use. For example, AD DS (Active Directory Domain Services), the main service in Active Directory stores user account information such as names, passwords, phone numbers and allows authorized users on the same network to access this information. Active Directory organizes directory information logically and hierarchically using a structured data store. For details, see Active Directory Domain Services Overview.
Microsoft Azure is a cloud computing platform and an online portal that allows you to access and manage Microsoft's cloud services and resources. These services and resources include storing and transforming your data based on your requirements. You can access these resources and services with an active internet connection and a connection to the Azure portal. It is a platform-as-a-service (PaaS) solution that allows developers to build and host cloud-based applications and services.
Skyhigh Security Cloud Security Posture Management (CSPM) for Microsoft Azure provides activity monitoring and security configuration audit features to your Azure infrastructure. Skyhigh CASB logs all user activity in Microsoft Azure using multiple heuristics, detects threats, takes risk-mitigation action automatically, and assists with forensic investigations. For details, see About CSPM for Microsoft Azure.
Micro-segmentation is a network security technique that allows security architects to logically divide the data centre into distinct security segments, all the way down to the individual workload level, and then define security controls and deliver services for each unique segment. It originated as a medium to moderate traffic between servers in the same network segment and has evolved to allow servers, applications, and hosts to communicate more effectively while giving system administrators more flexibility and control over the network using a zero trust network access (ZTNA) framework. Organizations use microsegmentation to reduce the attack surface, improve breach containment and strengthen regulatory compliance.
Microsoft Office 365
Microsoft Office 365 is a cloud-based platform that includes industry-leading productivity apps such as Outlook, Word, Excel, and PowerPoint, as well as collaborative team solutions, intelligent cloud services, online storage, and world-class security. Since Office 365 was designed to be used in the cloud, Microsoft recommends direct internet access for the best user experience, and distributed organizations with hub-and-spoke architectures are encouraged to enable local internet breakouts in their branch offices. It frequently requires infrastructure upgrades because it dramatically increases the number of persistent connections, which quickly exceed firewall capacities.
Skyhigh Security enables secure local breakouts for remote offices and fast Microsoft Office 365 deployment, allowing users to become productive quickly. It does not require infrastructure changes, hardware, back hauling, and does not impact performance. Skyhigh Security also addresses the top CASB use cases that must be addressed in order to safely embrace cloud resources such as Microsoft Office 365.
Skyhigh Security allows you to enable Skyhigh CASB for the entire O365 suite. Skyhigh CASB for O365 enables you to enforce DLP policies for data at rest and in motion, detect activity to identify insider threats and compromised accounts, audit collaboration activity and enforce data sharing policies, record a complete audit trail of user and admin activities, and control data access based on user role, device, and location. For details, see Skyhigh CASB for Office 365.
Skyhigh CASB supports the Office 365 Dashboard, which provides a quick summary of the Microsoft Office 365 data you care about using cards based on saved views. For details, see About the Office 365 Dashboard. Skyhigh CASB regularly scans Microsoft 365 for new Connected Apps. Skyhigh CASB Incident Managers can use Connected Apps to discover third-party applications associated with Microsoft 365 and connected to your corporate environment via OAuth. It then provides a workflow for you to manually remediate, audit, allow, or block Connected Apps access to user data, notify users of an app's status via email, and revoke access. For details, see Connected Apps for Microsoft 365.
Multi-cloud is a cloud computing model in which an organization distributes applications and services by utilizing a combination of clouds, which can be two or more public clouds, two or more private clouds, or a combination of public, private, and edge clouds. It provides organizations with more flexibility to optimize performance, control costs, and leverage the best cloud technologies available.
Organizations are adopting multicloud environments rapidly due to the rise in remote work and demand for anytime, anywhere access to cloud services and applications. Multicloud does not necessarily imply cloud-only as some organizations maintain some functions in on-premises data centres or private clouds while using multiple cloud service providers for other purposes.
Multitenant Cloud Architecture
A multi-tenant cloud architecture is a type of cloud computing architecture that enables customers, or tenants to share computing resources in either a public cloud or private cloud with each tenant's data isolated and hidden from the other tenants. It refers to a single cloud instance and infrastructure that is designed to support multiple customers.
Multi-tenant cloud networks offer more storage and better access than single-tenant cloud networks, which have limited access and security parameters. It makes a larger pool of resources available to a larger group of people without compromising privacy and security or slowing down applications. Its key advantages are cost-efficient, customization, scalability, reliability, data security, portability along with easy integration and deployment.
Multi-tenancy is a software architecture that allows a single instance of software to serve multiple groups of users by allocating a dedicated share of the software to each group. It is a common feature of cloud-delivered services because it allows clouds to share IT resources in a cost-effective and secure manner. Multi-tenant applications can be customized according to the requirement of the various user groups that use them.
Multi-tenancy allows the Skyhigh Security cloud architecture to secure users globally because it allows policies to follow users. It also has provides the scalability required to deliver multiple security services without delay.
Nano-segmentation provides organizations with threat protection by securing multi-tier applications in data centers and clouds. Organizations can use nano-segmentation to segment applications across data centers and clouds down to the most granular level while keeping security intact. It enables application segmentation to be equally effective in any computing environment. Nano-segmentation allows you to discover and monitor the behavior of network communications between container processes in a way that considers the ephemeral nature of containers without relying on external factors such as IP addresses. It provides security at the container or application level because it connects containers or applications together, whereas micro-segmentation alone is insufficient to secure containerized micro-services infrastructure.
Skyhigh Security allows you to secure the behaviour of complex and dynamic workloads by discovering inter-container communications based on known good configurations. For details, see About Container Nano-Segmentation.
Near Real-Time (NRT)
Near real-time (NRT) refers to the time delay introduced by automated data processing or network transmission between the occurrence of an event and the use of the processed data, such as for display, feedback, or control. This processing is used when speed is important but processing time in minutes rather than seconds is acceptable. The amount of time required for near real-time processing is determined by the problem space. A delay of minutes, seconds, or milliseconds is commonly considered near real-time. For example, a near-real-time display, depicts events as they existed at the present time minus processing time, as close to the time of the live event as possible.
Skyhigh CASB provides organizations with NRT Data Loss Prevention (DLP) for sanctioned cloud applications (OneDrive, Microsoft Dynamics 365), NRT DLP and Malware scans for Azure, AWS, Google Cloud Storage (GCP), and NRT Configuration Audit for AWS.
Network security is a set of technologies, devices, and processes designed to protect the sensitive data housed within the corporate data center. It is a set of rules and configurations that use both software and hardware technologies to protect the integrity, confidentiality, and accessibility of networks and data from breaches, intrusions and other threats. The different types of network security are access control, application security, firewalls, virtual private network (VPN), behavioral analytics, wireless security and intrusion prevention system. It is key to an organization’s ability to deliver products and services to customers and employees. The most basic example of network security is password protection, which is chosen by the network user.
Network segmentation is a network security technique that divides a network into multiple segments (subnets), with security protocols applied to each segment to manage security and compliance. Network administrators can control the traffic flow between subnets using granular policies. Organizations use network segmentation to improve monitoring, performance, localization of technical issues, and security. It's goal is to limit unauthorized access to devices, data, and applications by restricting communication between subnets. It also plays a crucial role in Zero Trust because it restricts unauthorized lateral movement within a network.
Organizations are abandoning traditional hub-and-spoke architectures for new, secure direct-to-cloud architectures. They prefer SaaS and IaaS, platforms, storage, and other cloud services, as well as cloud intelligence and agility, to make their businesses more efficient and competitive. Next-generation cloud networks are critical for growth, and digitally transforming your network infrastructure to become more open, seamless, and optimized.
NGFW (Next-Generation Firewall)
NGFW is a network security device that detects and prevents sophisticated attacks by enforcing security policies at the application, port, and protocol levels. NGFW includes features such as application awareness and control, deep-packet inspection, intrusion prevention system (IPS), and cloud-delivered threat intelligence in comparison to a traditional firewall which typically provides stateful inspection of incoming and outgoing network traffic. It can block modern threats such as advanced malware and application-layer attacks. It delivers five core benefits to organizations such as breach prevention and advanced security, comprehensive network visibility, flexible management and deployment options, fastest time to detection, automation and product integrations.
Okta is a cloud-native security company that provides identity and access management solutions to organizations. These solutions enable organizations to manage and secure user authentication into applications, as well as developers to embed identity controls in applications, websites, web services, and devices. Okta uses SAML (Security Assertion Markup Language), SCIML (System for Cross-domain Identity Management), and SIEM (Security Information and Event Management) techniques to manage user identity for cloud-based or on-premise applications or services, allowing access to multiple applications with a single set of credentials.
Okta's key features include single sign-on (SSO), multi factor authentication (MFA), lifecycle management, universal directory, API access management, and advanced server access. It offers IDaaS (Identity-as-a-Service) and integrates seamlessly with platforms and applications such as Office 365, Facebook, PowerPoint, G Suite, and others. Okta's services are built on Amazon Web Services (AWS) cloud infrastructure.
CASB Connect for Okta allows Security Operations Center (SOC) admins to monitor user activity in Okta, and review threats detected by Skyhigh CASB’s User and Entity Behavior Analytics (UEBA) and machine learning algorithms. For details, see CASB Connect for Okta.
Open Authorization (OAuth)
OAuth is an open standard authorization framework for token based authorization on the internet. It allows third-party services, such as Facebook and Google, to use an end user's account information without exposing the user's account credentials to the third party. OAuth acts as an intermediary on the end user's behalf, providing the third-party service with an access token that authorizes the sharing of specific account information. It is used to consolidate user credentials and streamline the login process for users so that they do not have to reauthorize every time they access an online service.
OAuth 1.0 was the first version of OAuth, released in 2007 as a method of authorization for the Twitter application program interface (API). OAuth 2.0 does not require either the client or the server to generate a signature to secure the messages. All communications are secured with TLS/SSL (HTTPS). OAuth 2.0 access tokens are session-based to a few weeks, but use refresh tokens to obtain a new access token rather than having the user reauthorize the application. OAuth 2.0 provides authorization flows tailored to web applications, desktop applications, mobile phones, living room devices, and non-browser-based applications such as API-based services.
Skyhigh CASB provides you access to Office 365 APIs via a custom OAuth application with asymmetric authentication. For details, see Custom oAuth Application for Office 365 and Azure API Integration.
On-Demand Scan (ODS)
Skyhigh Security Cloud offers On-Demand Scans (ODS), which enable you to examine cloud services for content that violates your DLP and Malware policies. The goal of an ODS is to aid in targeted investigations and ongoing audits involving specific types of data and collaboration. ODS allow you to inspect various aspects of your deployment with great flexibility. You can include multiple policies, allowing for multiple remediation actions, to create scans that return results that can be used for a specific purpose. An ODS can be run immediately against a single cloud service provider or scheduled for a daily or weekly scan. Skyhigh CASB processes the files during an ODS to inspect sensitive content and then deletes them immediately. ODS can only be used with API-based deployments. For details, see About On-Demand Scans.
Microsoft OneDrive is a cloud storage service that allows users to store, synchronize and share files, photos and other documents across multiple devices. It integrates with Microsoft Office, allowing users to access Microsoft Office applications such as Word, Excel, and PowerPoint documents from OneDrive. OneDrive also integrates with Facebook, offers automatic camera roll backup, and allows users to email slide shows. The application is bundled with Microsoft Windows and is also available for macOS, Android, and iOS.
OneDrive also serves as the storage backend for Microsoft Office's web-based version. It provides 5 GB of free storage space, with 100 GB, 1 TB, and 6 TB storage options available separately or with Office 365 subscriptions. Personal Vault is a feature which allows users to store sensitive data with additional security. This feature restricts users from accessing stored files unless they use a strong authentication method or an additional layer of identity verification, such as biometric authentication, a PIN, or a code sent to the user via email or SMS.
Skyhigh CASB for OneDrive ensures compliance and security requirements by adding an extra layer of control for data stored in OneDrive via Data Loss Prevention (DLP) policies, anomaly detection, and activity monitoring. It also allows organizations to leverage and extend their existing enterprise data loss prevention (DLP) policies to the cloud. For details, see Skyhigh CASB for OneDrive.
Operational Technology (OT) security
OT security is the use of hardware and software to monitor and control physical processes, devices, and infrastructure, therefore protecting systems from cyber threats. OT security solutions include a wide range of security technologies, ranging from next-generation firewalls (NGFWs) to security information and event management (SIEM) systems to identity access and management and much more.
Gartner defines OT security as, “Practices and technologies used to protect people, assets, and information, monitor and control physical devices, processes and events, and initiate state changes to enterprise OT systems”. OT security systems, which are used in conjunction with IT systems, use intentional software for industrial process automation and are mostly used in manufacturing or production environments, making them critical to an organization's wellness.
Office 365 Migration/Deployment
Office 365 is transforming the way that information is stored, managed, and protected. Since Office 365 was designed to be used in the cloud, there are numerous challenges to overcome when attempting to deploy it on a traditional hub-and-spoke architecture. Office 365 deployment is a critical step in your cloud adoption strategy. Office Deployment Tool (ODT) is a command-line tool that you can use to download and deploy Click-to-Run versions of Office 365 to your client computers, such as Microsoft 365 Apps for enterprise.
PaaS (Platform as a service)
PaaS is a cloud computing model in which a service provider provides users with hardware and software tools via the internet. It provides a platform for users to develop, run, and manage applications without the need to build and maintain cloud infrastructure. Key features of PaaS are infrastructure, development tools, middleware, operating systems, database management tools, and analytics.
PaaS services such as application hosting and Java development can be delivered via public, private, or hybrid clouds. PaaS services also include collaboration among development teams, application design and development, application testing and deployment, web service integration, information security, and database integration. PaaS providers provide more of the application stack than IaaS providers, including operating systems, middleware (such as databases), and other runtimes in the cloud environment. AWS Elastic Beanstalk and Google App Engine are two PaaS products.
The Skyhigh Cloud Registry helps you understand your cloud usage by providing a comprehensive database of 30,000 SaaS, IaaS, and PaaS services as well as detailed information about each cloud service via CloudTrust rating, which indicates that a cloud service is Skyhigh CASB Enterprise-Ready. For details, see About the Cloud Registry. Skyhigh Cloud Native Application Protection Platform (CNAPP) makes it simple to discover cloud assets, audits the cloud with CSPM, audits PaaS and Container (KSPM) resources, and secures workloads as they run in the cloud (CWPP). For details, see About CWPP.
Private Access is based on the Zero Trust Network Access framework, which is the industry’s first data-aware solution that secures access to private applications from any location and device, and controls data collaboration with integrated data loss prevention (DLP). Furthermore, Skyhigh Private Access converges with Skyhigh SSE (UCE), which includes Skyhigh CASB and Skyhigh Security WSGS to offer unified visibility, granular access control, and end-to-end data protection from a unified cloud management console. For details, see Skyhigh Private Access.
A payload is the carrying capacity of a packet or any other transmission data unit in computing. The term payload is associated with data payload (the transport of data across a network) and malware payload (malicious code used to exploit or compromise IT networks and systems). Malicious payloads are typically delivered via email as attachments or links to infected websites. Malicious payloads can remain dormant on a computer or network for seconds, weeks, or even months before being activated.
A payload can contain any type of malware, such as ransomware, botnet, viruses or worms. Few examples of damage caused by malicious payloads are data theft, activity monitoring, displaying advertisements, deleting or modifying files, downloading new files, and running background processes. Social engineering attacks and DNS hijacking are two common examples of payload delivery techniques. Skyhigh CASB uses the Advanced Persistent Threats category to detect threats (ransomware, malware exfiltration) based on suspicious payloads in documents. Skyhigh CASB evaluates APTs based on anomalies such as backup tampering, file encryption, and service access count. For details, see Advanced Persistent Threats.
See Advanced Persistent Threat (APT).
PII (Personally Identifiable Information)
PII is any data that can be used to identify a specific person. It can include direct identifiers, such as passport information, that can be used to uniquely identify a person, as well as quasi-identifiers, such as race, that can be combined with other quasi-identifiers, such as date of birth, to successfully identify an individual. It is defined as any information that can be used to identify one individual from another or to deanonymize previously anonymous data. PII protection is critical for personal privacy, data privacy, data protection, information privacy, and information security. Few examples of PII are name, address, email, phone number, date of birth, passport number, fingerprint, driver's license number, credit/debit card number, social security number, and other personal information.
Skyhigh Security protects PII via tokenization and keeps it confidential until appropriate authorities grant access to PII. Skyhigh CASB Tokenization for Shadow IT and Sanctioned IT uses SHA-1 tokenization and SHA-256 tokenization to protect user anonymity. For details, see About Tokenization for Shadow IT and About Tokenization for Sanctioned IT.
Skyhigh CASB provides activity monitoring, threat protection, and data loss prevention to third-party or internal applications with Skyhigh CASB Custom Applications. If a Custom App is likely to collect sensitive data that is subject to PII, you can mark those Risk Assessment categories when configuring the app. For details, see Categorize HIPPA, PCI, and PII Data in Custom Apps.
POP (Point of presence)
A POP is a physical location or demarcation point where two or more networks or communication devices share a connection. It typically consists of routers, digital/analog call aggregators, servers, frame relays, and Asynchronous Transfer Mode (ATM) switches. A POP has a distinct IP address and an Internet service provider (ISP) or online service provider (OSP) has at least one POP on the Internet. For example, an ISP POP is a local access point that allows users to connect to the Internet via their ISP. The number of POP's held by ISP's or OSP's indicates their size or rate of growth.
Skyhigh Cloud Native Application Protection Platform (CNAPP) provides the POP Management page, which lists all POP's and allows you to filter POP's based on status and accounts. You can also use this page to view POP's health status. For details, see POP Management Page.
Microsoft PowerPoint is a virtual presentation software that facilitates visual demonstrations in business group presentations. These presentations are made up of a series of individually designed "slides" containing images, text, animation, videos, and other objects. The app allows users to quickly and easily create, edit, view, present, or share dynamic slide presentations from anywhere. It was originally designed for the Macintosh platform but is now part of the Microsoft Office suite.
Skyhigh CASB examines the contents of PowerPoint files sent from user devices to the cloud. It enables you to define a custom classification that detects sensitive keywords in the header and/or footer of PowerPoint files and use it in your DLP policies to protect sensitive data sent outside of your organization. For details, see Create a Classification for a Location in a Word or PowerPoint File.
Purdue Model ICS Security
Network segmentation is a powerful tool to increase the security of businesses with information technology (IT) and operational technology (OT) networks. The Purdue Reference Model is a model for Industrial Control System (ICS) network segmentation that defines six layers within these networks, the components found in the layers, and the logical network boundary controls used to secure these networks. It defines the various levels of critical infrastructure used in manufacturing lines and the best way to secure them.
A major advantage of this model is the segmentation and hierarchy. System components and assets are well defined and grouped into distinct layers. The borders between the layers are logical locations for network segmentation to control access between the layers. In IIoT environments, there can be a three-component architecture which includes devices, field or cloud gateways, and a services backend.
Ransomware is a type of malware (malicious software) that is designed to prevent a user or organization from accessing files on their computer. Cyberattackers encrypt these files and demand a ransom payment for the decryption key which places organizations in a position where paying the ransom is the easiest and cheapest way to regain access to their files.
Scareware, screen lockers, and encrypting ransomware are the three main types of ransomware. Few variants have added extra functionality such as data theft which forces ransomware victims to pay the ransom. Few ransomware authors sell the service to other cybercriminals, which is known as Ransomware-as-a-Service (RaaS). Ransomware attacks have grown in sophistication over the last decade, but a modern ransomware protection strategy can help protect against ransomware.
Ransomware attacks are attacks where malicious software, or malware, known as ransomware, is installed on a user's device or on a network. These attacks are planned and executed by cybercriminals with an aim to take a user's or organization's data and hold it "hostage" until a specific ransom is paid (usually in cryptocurrency). Ransomware protection can prevent cybercriminals from delivering and executing malwares on a device or network.
Ransomware protection is a set of tools, technologies, and strategies designed to keep cybercriminals from infecting a user's or organization's data with ransomware. A ransomware protection solution protects organizations against the most sophisticated ransomware attacks and recovers encrypted data safely, ensuring business continuity and productivity. A modern ransomware protection strategy should include an AI-driven sandbox quarantine, always-on protection, and the ability to inspect all SSL/TLS-encrypted traffic.
Skyhigh Security Service Edge uses the web features of Secure Web Gateway to detect threats, including ransomware. For details, see About Skyhigh Security Service Edge. Skyhigh Security Cloud Workload Protection (CWP) collaborates with Skyhigh CASB and Trellix ePO to provide endpoint security to protect against threats like ransomware for Amazon Web Services (AWS) and Microsoft Azure. For details, see About CWPP and Trellix ePO.
RBAC (Role-based access control)
RBAC, also known as role-based security, is an access control method that restricts network access based on individual user roles within an organization. It ensures that employees only have access to the information they need to do their jobs and prevents them from accessing irrelevant information. The role of an employee in an organisation determines the permissions that individual is granted, ensuring that lower-level employees do not have access to sensitive information or perform high-level tasks. RBAC roles refer to the different levels of network access that employees have. Roles in the RBAC data model are determined by a number of factors, including authorization, responsibility, and job competency.
RBAC provides fine-grained control, allowing for a more straightforward, manageable approach to access management that is less prone to error than assigning permissions individually. Organizations can designate whether a user is an end user, an administrator, or a specialist user. The advantages of using RBAC include increased operational efficiency, improved compliance, increased visibility for administrators, lower costs, and reduced risk of breaches and data leakage. RBAC and attribute-based access control (ABAC) are two types of access control methods. It is one of the most widely used advanced access control methods.
RBAC manages the first layer of access control for Skyhigh Security users. Skyhigh CASB lets you configure RBAC levels to prevent specific users from accessing sensitive system areas or to create workflows for users with specific responsibilities. Roles govern which areas of the Skyhigh CASB user interface or Skyhigh Cloud Connector a user can view or access. For details, see Skyhigh RBAC and User Management.
Remote Access Virtual Private Network (VPN)
A remote access VPN allows remote users to securely access and use applications and data stored in the organization’s data centre and headquarters by encrypting all traffic sent and received. It creates a virtual tunnel between user’s device and the company’s network. Multi-factor authentication, endpoint system compliance scanning, and encryption of all transmitted data ensure the privacy and integrity of sensitive information. A remote secure access strategy promotes collaboration and connectivity among teams, networks, and offices worldwide.
Remote access VPNs are effective when the data and applications of an organization reside solely inside an organization’s perimeter. With the shift in remote work and applications hosted on the cloud, the perimeter has extended to the internet, proving remote access VPNs less effective as they have slow connection speed, complicated setup & management, poor user experience and security risks.
A reverse proxy acts as a bridge between end users and the web or cloud destinations they are accessing. It is a type of proxy server that typically sits behind a private network's firewall and directs client requests to the appropriate backend server. A reverse proxy adds an extra layer of abstraction and control to ensure that network traffic flows smoothly between clients and servers. Reverse proxy refers to an agentless cloud access security broker (CASB) deployment mode, in which the CASB integrates with an organization's cloud apps and identity provider to secure access to sanctioned cloud resources. More organizations are adapting cloud browser isolation for agentless cloud security (key for protecting data and access on unmanaged devices where software installations are typically infeasible) because these proxies fail frequently.
Skyhigh CASB uses the reverse proxy approach and the primary benefit of a proxy CASB is that it can detect threats and respond in real time. Skyhigh Security's reverse proxy is a method to restrict access of authorized applications from unmanaged devices. Usually, the reverse proxy enables unmanaged devices to authenticate via SAML. As a result, all authorized applications from managed and unmanaged devices are routed to the Skyhigh Security proxy. However, if you use Office 365 and authenticate through Azure Active Directory, this method fails because the authentication is not redirected via SAML authentication. For details, see Reverse Proxy for Office 365 via Azure AD.
Skyhigh Secure Web Gateway (On-Prem) allows you to configure a reverse proxy to expose internal resources to the Internet while maintaining security. It also provides additional features such as load balancing, caching, SSL encryption for servers that would not otherwise be encrypted, malware scanning, and threat protection. For details, see Understanding a Reverse Proxy.
SaaS (Software as a Service)
SaaS is a software distribution model in which a cloud service provider hosts and makes applications available to users via the Internet. This model allows an independent software vendor (ISV) to contract with a third-party cloud service provider (CSP) to host the application, and the CSP may also be the ISV in large organizations such as Microsoft. SaaS is one of the three main types of cloud computing, along with IaaS and PaaS. It is a cloud-based delivery model in which software providers host the application and associated data on their own servers, databases, networking, and computing resources, or an ISV contracts a CSP to host the application in the provider's data center. SaaS applications can be accessed via a web browser, mobile app, or thin client from any device with a network connection. The multi-tenant architecture of SaaS applications enables the CSP to manage maintenance, updates, and bug fixes quickly, easily, and efficiently.
The SaaS model includes advantages such as flexible payments, scalable usage, automatic updates, accessibility, persistence, and customization. Few examples of SaaS applications are Google Docs, Salesforce, Dropbox, and Microsoft Office 365. Organizations can integrate SaaS applications with other software using application programming interfaces (APIs). For example, an organization can create it's own software tools and use the APIs provided by the SaaS provider to integrate those tools with the SaaS offering. SaaS is closely related to application service provider (ASP) and on-demand computing software delivery models, in which the CSP hosts the customer's software and distributes it to authorized users via the Internet.
Skyhigh CASB for Software-as-a-Service (SaaS) facilitates the secure adoption of cloud services via activity monitoring, threat detection, and data protection. Organizations can benefit from cloud transformation while protecting their data and users by implementing cloud-native controls. For details, see Sanctioned IT: Software as a Service. Skyhigh CASB supports three types of SaaS applications: Collaboration Apps, Structured Apps, and Long-tail SaaS Apps. It protects your SaaS applications with data loss prevention (DLP), secure collaboration, connected apps, configuration audit, access control, DRM/classification on downloads, and encryption. For details, see SaaS Modes of Support.
Salting is a method to protect passwords stored in databases by appending a salt value (string of 32 or more characters) to the plain-text password before hashing it to obtain the hashed value. It prevents attackers from reverse-engineering passwords and stealing them from the databases when they breach an enterprise environment. Salting increases password complexity, making them unique and secure without impacting user experience. Salts must be random and unique for each login to prevent password attacks. Salting can help organizations to mitigate or prevent attacks such as brute-force, dictionary, and rainbow table attacks.
Skyhigh CASB tokenizes Personally Identifiable Information (PII) using a unique salt provided by the locally installed Cloud Connector. Skyhigh Cloud Connector uploads the salt to Skyhigh CASB. The PII is tokenized using the salt in real-time as data is ingested into Skyhigh CASB from your Shadow IT and Sanctioned IT cloud service providers (CSPs) before it is used for display in the UI and stored in Skyhigh CASB's databases. For details, see About Tokenization for Shadow IT and About Tokenization for Sanctioned IT.
S3 (Amazon Simple Storage Service)
Amazon S3 is a web-based cloud storage service that provides users with scalability, data availability, security, and performance. It is designed for online backup and archiving of data and applications on Amazon Web Services (AWS). S3's key features include data storage, data archiving, application hosting, software delivery, data backup, disaster recovery, big data analytics tools, data lakes, mobile applications, Internet of things (IoT), media hosting, and website hosting. It supports multiple security and compliance certifications and provides 99.99% durability for objects stored in the service. S3 can also be linked to other AWS security and monitoring services, such as CloudTrail, CloudWatch, and Macie. Data can be transferred to S3 via the Internet using S3 application programming interfaces (APIs).
S3 was created with a limited feature set to make web-scale computing easier for developers. It provides seven storage classes which include S3 Standard, S3 Intelligent-Tiering, S3 Standard-IA, S3 One Zone-IA, S3 Glacier, S3 Glacier Deep Archive, and S3 Outposts. Users can upload, store, and download almost any file or object up to 5 TB in size, with the largest single upload limited to 5 GB. S3 subscribers have access to the same systems used by Amazon to run its own websites. The Amazon S3 Console, which is accessible via AWS Management, makes it easier to manage objects and buckets. It provides users a straightforward, browser-based interface to interact with AWS services. The console can also be used to organize storage using a logical hierarchy.
Skyhigh CASB provides the Vulnerable Storage page, which allows you to identify vulnerable S3 buckets and perform Closed Loop Remediation (CLR) on them to ensure their security. For details, see About Vulnerable Storage. Skyhigh Cloud Native Application Protection Platform (CNAPP) allows you to configure specific Configuration Policies to automatically initiate an ODS (On-Demand Scan) for publicly vulnerable resources violations in AWS. For details, see Automatically Scan Vulnerable S3 Buckets and Azure Blobs.
Salesforce, founded in 1999, is the first major cloud-based, pay-as-you-go platform. It started as Software-as-a-Service (SaaS) and is built on a multi-tenant architecture with benefits such as API integration, configuration, scalability, free capacity, low-cost ownership, platform support, and more. It is a popular customer relationship management (CRM) tool used by support, sales, and marketing teams globally.
Salesforce allows organizations to connect better with partners, customers, and potential customers by leveraging cloud technology. Organizations can use the Salesforce CRM to track customer activity, market to customers, and provide a variety of other services. It helps organizations to build a meaningful and lasting relationship with customers, identify their needs, solve problems faster, and deploy customer-focused apps.
Skyhigh CASB for Salesforce protects the data stored in your organization's Salesforce deployment with DLP, threat protection, encryption, and other features. Its reporting features allow you to conduct forensic investigations. You can configure Skyhigh CASB for Salesforce via API or proxy. For details, see About Skyhigh CASB for Salesforce.
SAML (Security Assertion Mark-up Language)
SAML is an open standard for securely sharing identity, authentication, and authorization information between systems. SAML uses the Extensible Markup Language (XML) standard for data sharing. It provides a framework to implement Single Sign-On (SSO) and other federated identity systems. A federated identity system connects an individual's identity to multiple identity domains. This method enables SSO for resources on an enterprise network, trusted third-party vendor networks, and customer networks. SSO applications use SAML to transfer information about user identities from an identity provider to a service provider.
SAML includes four types of components: SAML assertions, SAML protocols, SAML bindings, and SAML profiles. It is used to authenticate end users who are logged in to one service provider to another. For example, enterprise users who are logged into their primary SSO network can use SAML to authenticate to a third-party cloud application provider rather than logging in separately to the cloud application. SAML defines three roles: principal (end user), service providers, and identity providers. It's primary goal is to define the markup language that will be used to standardize the encoding of authentication data for exchange between systems. SAML also includes all of the associated protocols and bindings for exchanging security assertions between end users, service providers, and identity providers using SAML-compliant messages.
The SAML protocol is managed by the Organization for the Advancement of Structured Information Standards (OASIS), and the latest version, SAML 2.0, was published as an OASIS standard in 2005. Microsoft Azure AD, Citrix Workspace, and VMware are some products that use SAML to implement SSO services. Skyhigh Security allows you to use SAML SSO Configuration, which allows users to log in to Skyhigh CASB without remembering or storing passwords. It secures Skyhigh CASB primarily by eliminating the need to store (weak or insecure) passwords and dealing with forgotten password issues. For details, see SAML Configuration.
SD-WAN (Software-Defined Wide Area Network)
SD-WAN is a technology that uses software-defined networking (SDN) concepts to distribute network traffic across a wide area network (WAN). It uses policies to determine the most efficient way to route application traffic between branch offices and data centres. It provides easy deployment, central control, cost savings, and improved connectivity to branch offices and the cloud. It allows enterprises to leverage any combination of transport services which includes MPLS, LTE and broadband internet services to connect users to applications securely.
SD-WAN is a virtual WAN architecture that simplifies the connectivity, management, and operation of a traditional WAN. Skyhigh Security collaborates with leaders in SD-WAN to provide visibility, control, security, and data protection for users on your network to access to the internet directly. Skyhigh Security Service Edge supports SD-WAN integrations with Cisco, Citrix, Fortinet, Silver Peak, VeloCloud, and Versa. For details, see SSE SD-WAN Integrations.
Secure Access Service Edge (SASE)
SASE is a cloud network architecture that combines VPN and SD-WAN capabilities with cloud security services such as secure web gateways (SWG), cloud access security brokers (CASB), firewalls (FWaaS), and zero-trust network access (ZTNA) into a single cloud delivered service model. Gartner defines SASE as a method of securely connecting entities such as users and machines to applications and services globally.
The "edge" component of SASE is typically delivered via PoPs or vendor data centres located near the endpoints (data centres, people, and devices). With the transition to remote work and the emergence of a cloud-first culture, SASE assists organizations to make a secure, seamless transition to the cloud from legacy hardware in data centres, while securing access to cloud applications and reducing costs. It also provides organizations with flexibility, cost savings, reduced complexity, increased performance, threat prevention and data protection.
Secure Digital Transformation
Secure digital transformation refers to securing the use of digital technologies and processes to enable organizations to operate more efficiently, intelligently, and quickly. Digital transformation benefits organizations in automating processes, streamlining work, and provides better visibility into your organization's data. It involves a fundamental rethinking of business models and processes via the use of digital technologies such as cloud computing, big data, IoT, and artificial intelligence. Any digital transformation strategy must include the migration of applications and services to the cloud.
As organizations undergo digital transformation, it is critical to have the appropriate security tools and solutions in place to mitigate the risk of cyber attacks and data breaches. Effective resources ranging from password protection safeguards like multi-factor authentication (MFA) to penetration testing assist organizations to strengthen their security posture before cyber attacks.
Secure Remote Access
Secure remote access describes the ability to securely access networks, devices, applications, and systems (cloud-based or on-premises) from a "remote," or "off the network," location. It refers to any security policy, solution, strategy, or process that exists to protect your network, its resources, or any confidential or sensitive data from unauthorized access. Many organizations today are leveraging the concept of zero trust network access (ZTNA) as a new framework to provide secure remote access to remote users. ZTNA's continuous verification is a key component of securing remote users on the cloud.
Secure Web Gateway
Secure Web Gateway is a cyber security solution that provides threat protection and policy enforcement for users accessing the web. It acts as a gatekeeper between end users and the Internet. It prevents users from accessing infected websites and filters unwanted software/malware from entering an organization’s internal network. A secure web gateway is used by organizations to monitor real time web traffic, prevent access to high-risk and malicious websites or applications, enforce security policies to secure internet accessibility, and protect their data from unauthorized transfer. According to Gartner, a secure web gateway must at least include URL filtering, malicious-code detection and filtering, application controls for popular web-based apps (Skype, Zoom) and native or integrated data loss prevention.
Secure Web Gateway (On-Prem) is a web security solution that protects your network against web-based threats. It is as a physical or virtual appliance that acts as a gateway between your network and the internet, filtering outbound and inbound traffic based on the defined web security rules. Secure Web Gateway (On-Prem) prevents malicious and inappropriate content from entering the system while allowing useful information to pass through. For details, see Secure Web Gateway (On-Prem).
Secure Web Gateway Cloud is a global enterprise cloud service that provides comprehensive web protection via in-depth content scanning and integration with other Skyhigh Security web protection technologies. For details, see Secure Web Gateway Cloud.
Security as a service (SECaaS)
SECaaS is a cloud service model that provides security technologies, traditionally deployed as hardware appliances in enterprise data centers or regional gateways on a subscription basis. SECaaS solutions help organizations to ease security team’s responsibilities, scale security needs as business grows, avoid costs and maintenance of on-premise alternatives, and stay updated with latest security technologies. It bridges the security gap created by offline users and those connecting directly to cloud apps and the internet rather than via the secure gateway. Few examples of SECaaS solutions are Data Loss Prevention (DLP), Identity and Access Management (IAM), Security Information and Event Management (SIEM).
Security Configuration Audit
Security Configuration Audit guards organizations against sophisticated, long-term attacks in which attackers gain access to privileged systems and sensitive data. A regular audit of your security configuration is recommended to make sure that it meets your current business requirements. An audit allows you to remove unnecessary IAM users, roles, groups, and policies, as well as ensure that your users and software only have the necessary permissions.
Configuration auditing tools detect changes, assess configuration, reconcile detected changes against approved requests for changes (RFCs) and mitigate them. Configuration settings are assessed against company policies or industry-recognized security configuration assessment templates for auditing and security hardening.
Skyhigh CASB Configuration Audit allows your policy team to discover and monitor the configuration of your Infrastructure as a Service (IaaS) cloud services, such as AWS, Azure, and Google Cloud Platform. For details, see Configuration Audit.
Security Service Edge (SSE)
SSE is the fusion of network security services into a single cloud based solution which enables secure access to websites, cloud services, and private applications. These network security services include Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Firewall-as-a-service (FWaaS). SSE includes features such as access control, threat protection, data security, security monitoring, and acceptable use control enforced by network-based and API-based integration.
SSE provides organizations with the full set of security technologies required to secure remote access to applications, data, tools, and other resources for users, as well as monitor and track user behaviour to identify anomalies. It is a subset of Secure Access Service Edge (SASE) that focuses solely on security services. An organization can fully deploy a SASE model when cloud-centric edge WAN services and SSE are delivered from the same network architecture. According to Gartner, Skyhigh Cloud Native Application Protection Platform (CNAPP) is ranked 2nd on the list of top products in the SSE market.
Skyhigh Security Service Edge is a cloud-native security platform that allows for consistent threat and data protection controls to be applied from device to cloud. It combines multiple Skyhigh Security products, components, and technologies on Skyhigh CASB to provide a streamlined and consistent security management experience. For details, see Skyhigh Security Service Edge.
Shadow IT is the use and management of unsanctioned or unmanaged applications by employees without the permission of their organization's IT department. Such applications are vulnerable to data loss, leakage, or breach within the organization because IT lacks control and visibility over them. Shadow IT discovery, a feature of CASB technology is a solution to this issue. Shadow IT systems can include SaaS, PaaS, IaaS, and other cloud services, as well as ready-to-use software and hardware such as computers, smartphones, tablets, and other devices. Few examples of Shadow IT applications are WhatsApp, Google Drive, Slack etc.
Skyhigh CASB allows you to view top-level information on detected anomalies in your shadow IT services via the Shadow Anomalies page. For details, see View Shadow Anomalies.
Microsoft SharePoint is a document management and collaboration platform that assists organizations in managing archives, documents, reports, and other content that is critical to their operations. It is a web based collaborative platform that is natively integrated with Microsoft Office. SharePoint is used by organizations to create websites. It can be used to securely store, organize, share, and access information from any device.
SharePoint is configured using a web browser and provides most of its capabilities via a web user interface (UI) and web applications. It is used to manage content and site structure, create and delete sites, enable and disable product features, configure basic workflows and manage analytics. The latest version of the application is SharePoint 2019. It is available as part of the Office 365 suite as SharePoint Online. Microsoft also offers an on-premises version of SharePoint for organizations to keep their data in-house for compliance or security reasons.
Skyhigh CASB for SharePoint helps ensure compliance and security requirements by adding an extra layer of control for data stored in SharePoint via data loss prevention (DLP) policies, anomaly detection, and activity monitoring. For details, see Skyhigh CASB for SharePoint.
SIEM (Security Information and Event Management)
SIEM is a security solution that integrates SIM (security information management) and SEM (security event management) functions into a single security management solution. The core principles of a SIEM system are to collect relevant data from multiple sources, identify signs of malicious activity and take appropriate action. For example, when a potential issue is detected, a SIEM system logs additional information, generates an alert, and instructs other security controls to halt an activity's progress.
SIEM systems use a hierarchical deployment of multiple collection agents to collect security-related events from end-user devices, servers, network equipment, firewalls, antivirus, and intrusion prevention systems (IPS). The collectors route events to a centralized management console, where security analysts sort through the clutter, connecting the dots and prioritizing security incidents. A SIEM system can be rules-based or use a statistical correlation engine to establish relationships between event log entries. It improves incident management by allowing the organization's security team to trace an attack's path across the network, identify compromised sources, and provides automated tools to prevent ongoing attacks. Modern SIEM solutions include user and entity behaviour analytics (UEBA), security orchestration, automation, and response (SOAR).
SIEM advantages include faster threat detection, less threat damage, security information analysis, secured systems, centralized data repository, scalability, threat detection, security alerts, forensic analysis, security programs, audit and compliance reporting, help desk and network troubleshooting. SIEM tools identify and categorize data into categories such as successful and failed logins, malware activity, and other potentially malicious activity. Few examples of SIEM tools are Splunk, IBM QRadar, LogRhythm, Exabeam, and RSA.
Skyhigh CASB can export anomalies, threats, incidents, and the audit log to third-party SIEM systems using Syslog export via Skyhigh Cloud Connector. This feature allows you to export data to another system for additional analysis or to drive data protection rules. For details, see Export Anomalies, Threats, Incidents and the Audit Log to a SIEM. Skyhigh Cloud Connector SIEM integration is tailored to your organization's security requirements, allowing you to cut through the noise and prioritize high-risk threats while also receiving actionable insights. For details, see Cloud Connector Config SIEM Integration.
Service-Level Agreement (SLA)
SLA is a contractual agreement between a service provider and a customer that specifies the level of service, responsibilities, and priorities you expect from a vendor, as well as the metrics used to measure service and remedies or penalties if agreed-upon service levels are not met. An SLA also guarantees service availability, performance, and other metrics. It is a critical component of any technology vendor contract. It allows organizations to customize their various SLA's to meet specific service and customer requirements.
Skyhigh Security recommends that you use the Skyhigh Security Support Portal to submit requests for recategorization or addition of cloud services to the Skyhigh Cloud Registry. You can also make these requests through Skyhigh CASB. The SLA for recategorization and addition requests is seven business days.
ServiceNow is a cloud-based workflow automation platform that provides software as a service (SaaS) for technical management support. It provides cloud-based solutions for defining, structuring, managing, and automating services for enterprise operations. Key features of ServiceNow are IT services management (ITSM), IT business management (ITBM), customer service management (CSM), IT asset management (ITAM), software asset management (SAM), and HR service delivery (HRSD).
ServiceNow allows users to manage projects, teams, and customer interactions through a variety of applications and plugins. ServiceNow's products provide a service model that allows users to identify the root cause of issues they encounter and resolve them using self-service. The service model appears as tasks, activities, and processes from ServiceNow products, separated by cloud services. They are managed as a group as part of an integrated managed workflow that enables real-time communication, collaboration, and resource sharing.
ServiceNow can integrate with other tools easily. For example, users can perform VMware AirWatch tasks directly from the ServiceNow interface. It also has an app store with third-party tool offerings. ServiceNow names its versions based on major cities around the world. For example, the latest version of ServiceNow is Tokyo.
Skyhigh CASB for ServiceNow provides DLP protection, threat protection, encryption, and other benefits for the data stored in your organization's ServiceNow deployment. Skyhigh CASB's reporting features allow you to conduct forensic investigations and leverage machine learning to detect anomalous behavior indicative of compromised accounts or insider threats. You can also integrate ServiceNow with SSO services such as Okta, Azure AD, and Ping Federate to ensure that policies are enforced consistently across all devices and browsers. For details, see Skyhigh CASB for ServiceNow.
SMTP (Simple Mail Transfer Protocol)
SMTP is an email protocol (TCP/IP) that is used to send and receive email. It delivers an email to an email server, but separate protocols are used to retrieve that email from the email server because SMTP has limited ability to queue messages at the recipient's end. SMTP is used in conjunction with other protocols such as POP3 (Post Office Protocol) and IMAP (Internet Message Access Protocol), which enable users to save messages in a server mailbox and periodically download them from the server.
SMTP is a client/server protocol that allows an email server to send a message from an email client, such as Outlook or Gmail, to an e-mail server. The email server uses SMTP as a relay service to send the email to the recipient email server. The recipient's e-mail server downloads incoming emails via IMAP and stores them in the recipient's inbox. SMTP benefits include dedicated servers, bulk emailing, low cost, wide coverage area, email tracking, and prompt email delivery. Port 25 is commonly used for SMTP server connections.
Skyhigh Security allows you to integrate Skyhigh Cloud Connector with your existing SMTP server to send DLP policy violation email messages, reports, and notifications from Cloud Connector directly to your organization's email domain (such as firstname.lastname@example.org). This integration ensures authenticity and prevents emails from going to the spam folder. For details, see Cloud Connector Config SMTP Integration.
Skyhigh Private Access
Skyhigh Private Access allows users to securely access private applications from any device and location based on the corporate security policy and prevents the loss of sensitive data using integrated data loss prevention (DLP). Skyhigh Private Access converges with Skyhigh Security Service Edge, which includes Skyhigh CASB and Skyhigh Web Security Gateway Service to provide unified visibility, granular access control, and end-to-end data protection from a single cloud management console. Skyhigh Private Access provides organizations with features such as VPN and MPLS replacement, data protection integratation, unmanaged device security, adaptive access control policies, least-privilege access, and Zero Trust security. For details, see About Skyhigh Private Access.
Software-defined Perimeter (SDP)
SDP is a network boundary around an organization's assets at the network layer rather than the application layer. The goal of SDP is to establish a network perimeter with software as the basis rather than hardware. It is a security approach to secure infrastructures, such as routers, servers, applications, and systems connected to the internet. It hides the systems hosted on the cloud and on-premises from attackers and third parties. It allows organizations to control access to network resources based on the user's identity, preventing malicious users from accessing sensitive areas of the network and the network itself.
An SDP solution creates a virtual perimeter or boundary surrounding an organization's assets and infrastructure at its network layer rather than the application layer. It limits resource access only to authorized users via a multi-stage process that includes robust user authentication, device authentication, zero-trust enforcement, and secure access to resources.
SDP solutions provide benefits such as increased internet security, secure multi-cloud access, faster mergers and acquisitions, low third-party risks, and are an alternative to VPN. Instead of relying on traditional network security methods, SDP solutions help secure all applications, users, and their connectivity. SDP's can also be used as part of a Zero Trust security strategy. It was established in 2013 by the Cloud Security Alliance as a solution for robust networks that reduced the risks of data breaches. You can find Gartner’s findings on SDP here.
The SolarWinds Cyberattack, which occurred on December 13, 2020, was a coordinated software supply chain attack involving the SolarWinds Orion platform. SolarWinds, a major US IT firm was the subject of this cyber attack that affected its clients and was undetected for several months. An advanced persistent threat (APT) adversary gained access to the SolarWinds system and created "trojanized" updates on the Orion platform, which deployed malware on the networks of SolarWinds customers.
SolarWinds informed the SEC (Securities and Exchange Commission) that around 18,000 customers installed updates that left them vulnerable to attackers. This attack impacted on the clientele of SolarWinds which includes both private organizations such as Fortune 500 companies and public organizations such as multiple departments in the US government.
SSL (Secure Sockets Layer)
SSL is an internet security protocol that uses encryption to protect the data transferred between a web browser and server by encrypting the connection between them to ensure privacy and security. It is the predecessor to the modern TLS (Transport Layer Security) encryption protocol used in computer network security today. This cryptographic method is asymmetric because information encrypted with the public key cannot be decoded without the private key.
SSL uses public key and private key encryption alongside other cryptographic functions to secure connections between devices communicating over a TCP/IP network. Netscape created it in 1995 to ensure privacy, authentication, and data integrity in internet communications. A website that uses SSL/TLS has "HTTPS" in its URL rather than "HTTP".
SSL Decryption, Encryption, and Inspection
SSL decryption, encryption, and inspection are critical components of your cloud security posture because SSL traffic accounts for the majority of internet traffic. It benefits user privacy, but it also benefits cyber criminals. Malware is increasingly encrypting its command and control communications with HTTPS. Skyhigh Security inspects all internet traffic, including SSL-encrypted traffic, to detect and prevent hidden threats from entering your network.
Skyhigh CASB allows you to enable Activity Monitoring for shadow services (using SSL terminated logs). It tracks over 21,000 activity signatures of shadow services and provides administrators with activity logs for these services. For details, see Activity Settings.
SSL Decryption also known as SSL Visibility, is the process of decrypting traffic at scale and routing it to various inspection tools that identify threats both inbound to applications and outbound from users to the internet. When SSL decryption is enabled for your end users, SSL-encrypted traffic is decrypted, inspected, and re-encrypted before being sent to its destination.
Next-generation firewalls (NGFW), Data-Loss Protection (DLP) systems, Intrusion Detection/Protection systems (IDS/IPS), web gateways, and other security inspection tools excel at detecting threats within traffic but cannot efficiently decrypt traffic before inspecting it. This renders security inspection tools ineffective against encrypted threats, allowing malware or intellectual property data to pass through without being inspected or stopped. Learn how Skyhigh Security inspects all your SSL traffic and identifies encrypted threats without expensive appliances or limitations.
SSL (Secure Sockets Layer) inspection or HTTPS interception is the process of intercepting and reviewing SSL/TLS encrypted internet communication between the client and server. It functions by inserting an interception proxy between the client and server endpoints, which decrypts and inspects the traffic. SSL inspection is intended to inspect and filter out potentially dangerous content such as malware. It functions similarly to a legitimate man-in-the-middle (MitM) attack in which the encrypted traffic between the client and the server is decrypted and examined. It allows organizations to protect their data, servers and operations. Learn how Skyhigh Security inspects all your SSL traffic and identifies encrypted threats without expensive appliances or limitations. For details, see Skyhigh Security SSL Inspection.
Supply Chain Attack
A supply chain attack, also known as a value chain or third-party attack, is a type of cyber attack that occurs when an attacker gains access to your network (systems and data) via an outside partner or provider. These attacks inject malicious code into an application to infect all its users to cause data breach and malware infections in an organization. It intends to exploit trust relationships between an organization and external parties. A supply chain attack focuses on the weakest link in a trust chain. If an organization has strong cybersecurity but a vulnerable trusted vendor, attackers will target that vendor. Managed service providers (MSPs) are a common type of supply chain attack target. The SolarWinds attack in 2020 is a prime example of a supply chain attack.
Tokenization is the process of replacing sensitive data with unique identification symbols that retain all of the data's essential information while ensuring its security. It replaces sensitive data with equivalent nonsensitive data (token). The token is a reference (identifier) that maps back to the sensitive data via a tokenization system. Tokens can be generated in a variety of ways, including mathematically reversible cryptographic functions with a key, nonreversible functions such as hash functions, index functions, and randomly generated numbers.
Tokenization prevents hackers from accessing Personally Identifiable Information (PII). It is mostly used to protect credit card information, bank account information, and other sensitive information handled by a payment processor. Key characteristics of tokenization are compatibility, resource efficiency, compliance, improved security, and convenience. Digital tokenization and encryption are two cryptographic methods used for data security. The primary difference is that tokenization does not change the length or type of the secured data.
Skyhigh CASB leverages an irreversible one-way process to tokenize user identifying information on premises and obfuscate enterprise identity. Skyhigh CASB Tokenization for Sanctioned IT uses SHA-256 tokenization and Shadow IT uses SHA-1 tokenization to ensure user anonymity. Skyhigh CASB tokenizes PII using a unique salt provided by the locally installed Cloud Connector. Skyhigh Cloud Connector uploads the salt to Skyhigh CASB. The PII is tokenized using the salt in real-time as data is ingested into Skyhigh CASB from your Shadow IT and Sanctioned IT cloud service providers (CSPs) before it is used for display in the UI and stored in Skyhigh CASB's databases. Skyhigh Cloud Connector on-premise allows users to create a token table (MapDB) based on user information imported from an Active Directory. This database allows authorized users to detokenize users individually. For details, see Tokenization.
Microsoft Teams is a cloud based team collaboration application that is part of the Microsoft 365 and Office 365 suite of applications. It is the primary cloud-based unified communications (UC) offering from Microsoft. Key features of Teams include messaging, calling, video meetings, screen sharing, calendar, file sharing, live transcription, meeting recordings, live events, webinars, and external collaboration. It allows local and remote workers to collaborate on content in real and near-real time across multiple devices, including laptops and mobile phones.
Teams includes several security features, such as two-factor authentication (2FA), single sign-on (SSO) via Active Directory, and data encryption in transit or at rest. It provides organizations with features such as advanced threat protection (ATP), private channels, end-to-end encryption, safe links, and meeting controls. Teams integrates with other Microsoft 365 and Office 365 applications such as Exchange, Word, Excel, OneDrive, PowerPoint, and SharePoint. It also works with non-Microsoft applications such as Box, Cisco Webex, and Zoom. Microsoft Teams App Studio enables developers and organizations to create custom apps for Teams. Teams is free, but the paid version includes more features and integrations with other Microsoft applications.
Skyhigh CASB for Microsoft Teams enables Security Operations Center (SOC) Administrators to monitor user activity in Teams, enforce DLP policies to ensure that sensitive data that violates regulatory and internal compliance policies is not posted in the form of messages or files, and review threats detected by Skyhigh CASB's User and Entity Behavior Analytics (UEBA) and machine learning algorithms. For details, see Skyhigh CASB for Microsoft Teams.
URL filtering is a type of web filtering that allows an organization’s security department to limit employee's access to malicious URLs. This filtration works by comparing web traffic and addresses to a database of blocked and restricted websites that may be harmful to the employees’ and organization’s security.
Administrators can create block lists for individual URLs or entire URL categories to block specific websites or entire groups of websites at once. URL filtering reduces security risks and increases compliance and productivity in an organization. URL filtering is a feature of the Skyhigh Security SWG. Skyhigh Secure Web Gateway (On-Prem) includes URL filtering to ensure that network users cannot access web objects that are considered a risk to web security or are not permitted due to inappropriate subject matter or other factors. For details, see About URL Filtering.
User and Entity Behavior Analytics (UEBA)
UEBA, also known as behavioral analysis is a type of security solution that monitors the normal behaviour of users to detect any anomalous behaviour or instances where there are deviations from these “normal” patterns. For example, if a particular user downloads 10 MB of files every day but suddenly downloads 1 GB of files, the system detects this anomaly and alerts the security team to the potential threat in real time. It uses machine learning and behavioral analytics to detect insider threats, APTs, and zero-day attacks.
Web security refers to the protective measures and protocols that organizations use to protect themselves from cyber attacks and threats via the Internet. It is enforced by a cloud security appliance, which serves as a web proxy between users and the Internet. Web security provides numerous benefits to an organization and its employees which include malicious content protection, data security, regulatory compliance, improved network performance, and secure remote work.
Web browsing can potentially expose employees to a variety of threats such as phishing, ransomware, and malware. A web security solution provides comprehensive visibility and granular control over Internet-bound traffic. Web security solutions such as URL filtering, application control, SSL introspection, antivirus and data loss prevention (DLP) are used to protect employees on the Internet.
Skyhigh Web Security Gateway Service (WSGS) provides comprehensive web protection through in-depth content scanning and integration with other Skyhigh Security web security technologies. It protects your organization from security threats that arise when users in your organization access the web. For details, see Skyhigh Web Security Gateway Service (WSGS).
Zero Trust is a network security model based on the philosophy that no user or device, inside or outside of an organization's network, should be allowed to connect to IT systems or services until they have been authenticated and continuously verified. A zero trust network inspects and logs all corporate network traffic, controls and limits network access, and verifies or secures network resources.
Gartner listed Zero Trust security access as a core component of Secure Access Service Edge (SASE) solutions in 2019. The main principles of Zero Trust security are continuous monitoring and validation, least privilege access, microsegmentation, preventing lateral movement, and multi-factor authentication (MFA). ZTNA's principles are implemented in a variety of ways, including Zero Trust Architecture (ZTA), Zero Trust Network Access (ZTNA), and Zero Trust Edge (ZTE). ZTNA is the primary technology that enables organizations to implement Zero Trust security.
Skyhigh Private Access provides a comprehensive solution for securing application and environment access from any user, device, or location. Skyhigh Private Access's zero-trust security model allows you to mitigate, detect, and respond to risks across your entire environment quickly.
Zero Trust Exchange
With remote work becoming more common and users and data moving off the corporate network, and onto the internet, organizations need to secure this transformation. Zero Trust Exchange provides a platform of services to make this transition easier. It is built around five core attributes including zero attack surface, connecting users to apps instead of a network, proxy architecture, secure access service edge (SASE), and multitenant architecture.
Zero Trust Network Access (ZTNA)
ZTNA is a framework that provides secure remote access to private applications hosted across clouds and corporate data centers, from any remote location and device. Zero trust means no user or application is trusted by default. Enforces granular, adaptive, and context-aware policies for providing secure and seamless Zero Trust access. That context can be a combination of user identity, user or service location, time of the day, type of service, and security posture of the device. Skyhigh Security Service Edge integrates your ZTNA partners to leverage visibility of the ZTNA partners site within the solution. For details, see Integrate Zero Trust Network Access (ZTNA) Partners.
Zero Trust Network Access (ZTNA) Architecture
ZTNA architecture is a security framework that uses zero trust principles, which states that trust is never implicit and access to applications or data is granted on a 'least-privilege' basis as defined by granular policies. The adoption of ZTNA architecture by organizations represent a fundamental shift from traditional castle-and-moat solutions such as Internet-based VPN appliances for remote network access.
Organizations can successfully deploy this architecture by making their systems, services, API's, data, and processes accessible via the Internet globally, at any time, and on any device. ZTNA architecture allows organizations to do so securely by providing explicit, contextual access where required while protecting services from attackers. This architecture helps enterprise networks with a larger attack surface to prevent breaches, limit dwell time and lateral movement if a breach occurs. ZTNA architecture uses micro-segmentation and creates micro-perimeters around devices to achieve these goals.