Many enterprises lack a complete understanding of the cloud services they consume and the risks they represent, which makes compliance and protection difficult.

Source:MacDonald & Lawson, Gartner, How to Evaluate and Operate a Cloud Access Security Broker

Security is the number one reason preventing organizations from taking full advantage of all the benefits of moving applications to the cloud.

undefined

Visibility and Insight

Gain complete visibility into cloud usage; gain insight into all the cloud applications that are being used within your organization to proactively support productivity improvements and identify any risks by monitoring adherence to data protection and governance policies.

CensorNet Cloud Application Control enables you to continuously discover and monitor cloud application usage, giving you a total view into all the cloud services in use, including those not categorized by web proxies or firewalls. The range of cloud services is constantly monitored by CensorNet and updated automatically.

With a complete overview of cloud applications, you can:

  • Identify high risk cloud services that are in use and take appropriate action.
  • See which cloud services are not being used, or can be replaced by a better alternative and consolidate them to reduce costs.
  • Determine the access patterns by users and departments, which services they are using and what they are doing.
  • Gain insight into the cloud applications that are being used, both sanctioned and unsanctioned, in order to proactively enable the business with the right tools to drive productivity.
  • Understand the level of risk from the use of cloud applications in your organization.

Complete Control

Enforce governance policies and compliance with legislation for all the cloud applications in use, not only by setting up categories of applications or individual applications as permitted or denied for specific users or groups, but at a more granular level specifying particular actions allowed according to location or device, as well as role.

  • Allow users to access and view content but not download or print when connected to a public network.
  • Restrict the ability to post or upload content to applications, like social media, to specific roles or individuals but allow general access.
  • Trigger alerts for activity that contravenes company policy or is a potential non-compliance incident.

Better Protected 24/7

Identify and resolve insider threats, whether malicious or accidental, that occur by the use of cloud applications. Set up periodic alerts for security breaches and risky activity – like using unsecured collaboration or file sharing apps to post sensitive information – viewing the events by individual, device, group, and network.

  • Machine learning algorithm models typical user behavior and detects anomalies.
  • Identify access to app security settings and provide an audit trail.
  • Correlate all online activity, whether on email, web or cloud applications to gain a complete picture. For example, a file downloaded from Salesforce and then posted on a public file share application can be tracked. Or you can trace a document downloaded from an email and shared on social media.
  • Initiate fast incident investigation by searching and analyzing email, web and cloud application logs in one place. See all the online activity of an individual over a period of time across all the protocols.

Do More with Less

As users become more tech savvy and the range of cloud applications for any possible business need grow exponentially CensorNet Cloud Application control gives you hard data on exactly what is being used, how it is being used and who is using which application. There are often pockets of cloud application adoption within an organization that others are unaware of, file sharing application being a typical example, with groups all using different applications when it would be more efficient to use one solution throughout the organization.

  • Increase productivity by standardizing on single solutions that are matched to the business requirements.
  • Consolidate multiple service contracts to reduce costs and improve support.
  • Reduce costs by identifying applications that are no longer being used, or if more licenses are being paid for than are in active use.
  • Develop IT strategy with an understanding of the real business needs based on the applications being most often used and what they are used for.

Why choose CensorNet?

Selecting a security platform is an important decision

Our Unified Security Service is the only security platform that offers web filtering, email scanning, and cloud application control (CAC/CASB) in one single secure solution. All this is protected by user authentication, making life so much simpler! 

CensorNet enables you to monitor and control web, email and cloud application use, and provides your employees – whether in the office or mobile – with sophisticated 360-degree threat protection against cyber-attacks and accidental or malicious leaks of sensitive information.

The proxy-less architecture provides a fast and unobtrusive user experience that doesn’t hinder productivity or cause frustration. It is a cloud solution that meets your immediate needs and scales easily, without needing costly integrations or customizations to meet your goals.

How do we do this?

Cloud Application Visibility

CensorNet’s Cloud Intelligence Team maintains a comprehensive and continuously updated database of cloud applications grouped into categories according to function.

Detailed and searchable logging of all cloud application activity by individual, Active Directory group, network time and action performed.

undefined

Cloud Application Control

Sophisticated Policy Engine - Can attach policies to users based on who they are, what Active Directory (AD) group they belong to, which device they are using, the type of device and the network they are connected to.

All cloud applications and functions within the application are given a baseline risk by CensorNet, based on a typical risk profile, which can be modified to suit specific legislative frameworks and corporate policies. 

360-degree Security

Real-time anti-malware scanning at the network perimeter - Incorporating multiple layers of security including online threat detection, reputation and heuristics.

HTTPS Inspection 
Control access to SSL encrypted content. Deep HTTPS inspection allows SSL encrypted content to be scanned for malware. Available on the USS Gateway component.

URL Overrides 
Administrators can maintain their own URL categories. These can be applied to create overrides and exceptions within filter policies; setting blocks to a category of websites and cloud applications, but allowing specific exceptions.

BYOD Access Control 
Support BYOD by safely allowing BYOD access to the network via the built-in Captive Portal feature.

Cloud Application Discovery 
Detect Cloud Application usage and activity and reveal which applications are in use.

Cloud Application Risk Scoring 
Based on interception of web traffic and SSL inspection to provide a risk score.

IT Administration/Access Control

Sophisticated Policy Engine - Includes numerous different actions based on Active Directory (AD) attributes, device IP and MAC address, device type, tag and time.

Time Schedule - Policies can be applied on a rolling 7-day time schedule.

User Synchronization - Active Directory (AD) synchronization service ensures changes to Active Directory are replicated.

User Interface - A modern, clean and rich user interface provides an easy to use administration panel.

Advanced Role-based Access - Allows creation of multiple administrators with different levels of access to the administration interface.

Customized Notification Pages - Brand the notification pages (such as Access Denied, Captive Portal, etc.) with text, logo and terms of service information and spam quarantine notifications and disclaimers.

Reporting

Real-time Visibility - Productivity charts display instant visibility on compliance with defined access policies. Query in real-time web activity and cloud application use by user, domain, group and category. See exactly which users are doing what and drill down into activities that are triggering policy violations.

Report Builder - Administrators can customize their own reports based on many different criteria such as; time span, user, type of violation, device type. Reports can be saved and then exported to Excel or PDF. Even advanced automated reporting can be configured for admins to receive emails with customized reports.

Top Trend Reports - A selection of pre-defined trend reports with chart and table data.

Forty-two pre-set charts across malware, cloud applications, web and email services.

Email, Web and Cloud Application Logging - Analysis and reporting by user, group, application, device and action that covers more than one protocol. Provides the ability to monitor suspicious activity in one place with the logs already combined.

Architecture

undefined

Deployment

Software for Networks - Available as a download, CensorNet’s Cloud Gateway software can be deployed on a virtual or physical server in less than 30 minutes to extend security policies to your entire network.

Agent Software for Roaming Users or Standalone Devices - A Microsoft Windows and Mac OS X agent that enforces policies on the device. Tamper-proof and simple to deploy either with an install wizard or scripted via Active Directory (AD) Group Policy.

Email Security deployment is via a simple domain redirection.

Scalable - Highly optimized for large networks with global infrastructure and multiple data centers meaning that data at rest can be kept within a specific geographic region.

Deployment Modes - A gateway at the network that captures all traffic from domain, non-domain, guests and even BYOD devices. This can be set up to be a direct proxy set by an AD-group policy or specified in a WPAD file and agents for mobile and roaming users.

WPAD Support - Automatic creation of Web Proxy Automatic Discovery (WPAD) file based on network configuration.

WCCP Support - Deploy multiple gateways using WCCP.

Captive Portal - Allows existing domain users to access the network even if they bring their own devices (BYOD) and log in from those devices with valid user credentials.

Guest Portal - Enables your visitors to safely access your Wi-Fi and protects your network from any malware they may inadvertently bring in.