CASB - Cloud Access Security Broker
A cloud access security broker (CASB) (sometimes pronounced cas-bee) is on-premises or cloud-based software that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies. A CASB can offer a variety of services, including but not limited to monitoring user activity, warning administrators about potentially hazardous actions, enforcing security policy compliance, and automatically preventing malware.
A CASB may deliver security, the management or both. Broadly speaking, "security" is the prevention of high-risk events, whilst "management" is the monitoring and mitigation of high-risk events.
CASBs that deliver security must be in the path of data access, between the user and the cloud. Architecturally, this might be achieved with proxy agents on each end-point device, or in agentless fashion without requiring any configuration on each device. Agentless CASB allows for rapid deployment and delivers security on all devices, company-managed or unmanaged BYOD. Agentless CASB also respects user privacy, inspecting only corporate data. Agent-based CASB is difficult to deploy and effective only on devices that are managed by the corporation. Agent-based CASB typically inspects both corporate and personal data.
CASBs that deliver management may use APIs to inspect data and activity in the cloud to alert of risky events after the fact. Another management capability of a CASB is to inspect firewall or proxy logs for the usage of cloud applications.
The most popular products in category CASB - Cloud Access Security Broker All category products
Compare of products in the category CASB - Cloud Access Security Broker
Delivery |
API |
Advanced Threat Protection |
Scan Data at Rest |
Malware detection and prevention |
UBA |
Detect Compromised Credentials |
Forward and Reverse Proxy |
Consolidated Dashboard |
Segregation of Data |
Managed/Unmanaged Devices |
Role Based Access |
Single Sign On |
Track Downloaded Data |
FIPS 140-2 certified |
Encrypt Structured/Unstructered Data |
Simple and Advanced Data Pattern |
Prebuilt Library |
Inline DDoS Protection |
Integration with On-Prem DLP |
Incident Management |
Digital Rights Management |
Pricing |
|
Cloud
|
Cloud
|
Cloud
|
Cloud
|
Cloud
|
Cloud, software or appliance
|
Cloud
|
Cloud, appliance
|
Cloud
|
Cloud
|
Cloud
|
||||||||||||
|
|
|
|
|
|
|
|
|
|
|
||||||||||||
|
Yes
|
Yes
|
Partial
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Partial
|
||||||||||||
|
Yes
|
Partial
|
Partial
|
Yes
|
Yes
|
Yes
|
N/A
|
Yes
|
N/A
|
Yes
|
Partial
|
||||||||||||
|
Yes
|
Yes
|
N/A
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Partial
|
||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||
|
Yes
|
Yes
|
N/A
|
Yes
|
N/A
|
Yes
|
Yes
|
Yes
|
N/A
|
Partial
|
Partial
|
||||||||||||
|
Yes
|
Yes
|
Yes
|
Yes
|
N/A
|
Yes
|
N/A
|
Yes
|
N/A
|
Partial
|
Partial
|
||||||||||||
|
Yes
|
N/A
|
N/A
|
Partial
|
N/A
|
Partial
|
N/A
|
N/A
|
N/A
|
N/A
|
N/A
|
||||||||||||
|
Yes
|
Partial
|
N/A
|
Yes
|
N/A
|
Yes
|
N/A
|
Yes
|
N/A
|
Yes
|
Yes
|
||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||
|
Yes
|
Yes
|
Partial
|
Yes
|
N/A
|
Yes
|
N/A
|
Yes
|
N/A
|
Yes
|
Yes
|
||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||
|
Yes
|
Yes
|
N/A
|
Yes
|
N/A
|
Yes
|
N/A
|
Yes
|
N/A
|
N/A
|
Partial
|
||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||||
|
N/A
|
N/A
|
On number of users, apps
|
On number of users, options
|
N/A
|
Per user per year
|
$5 a month per user
|
Per user per year
|
Per month, per hour
|
N/A
|
N/A
|
Suppliers CASB - Cloud Access Security Broker
- ARG
- AUT
- AUS
- BEL
- BRA
- CAN
- CHN
- FIN
- FRA
- GBR
- GRC
- HUN
- IDN
- IRL
- IND
- MYS
- NOR
- PHL
- POL
- ROU
- SAU
- SGP
- TUR
- USA
- ARE
- BRA
- DEU
- DNK
- EST
- EGY
- ESP
- FIN
- FRA
- GBR
- IND
- ITA
- MAR
- MEX
- NLD
- PHL
- POL
- ROU
- SAU
- SWE
- SGP
- TUR
- USA
Vendors CASB - Cloud Access Security Broker
- ARG
- AUT
- AUS
- BEL
- BRA
- CAN
- CHN
- FIN
- FRA
- GBR
- GRC
- HUN
- IDN
- IRL
- IND
- MYS
- NOR
- PHL
- POL
- ROU
- SAU
- SGP
- TUR
- USA
- ARE
- AUT
- AUS
- BEL
- BRA
- CAN
- CHE
- CHN
- CZE
- DEU
- DNK
- ESP
- FIN
- FRA
- GBR
- GRC
- IDN
- ISR
- IND
- ITA
- JPN
- KOR
- MEX
- MYS
- NLD
- NOR
- NZL
- PHL
- PRT
- QAT
- SAU
- SWE
- SGP
- THA
- TUR
- TWN
- USA
- VNM
F.A.Q. about CASB - Cloud Access Security Broker
What is CASB? A Cloud Access Security Broker (CASB) is a policy enforcement point that secures data & apps in the cloud and on any device, anywhere.
What is the difference between security and management? Security is preventing risky events from happening, management is cleaning up after high-risk events.
What is Shadow IT? Cloud applications used by business users without IT oversight, also known as unmanaged apps.
What are managed apps? Cloud Applications that are managed by IT, e.g.Office 365.
What are the types of CASB? Three types of Cloud Access Security Broker
- a) API-only CASB offer basic management
- b) multi-mode first-gen CASB offer management & security
- c) Next-Gen CASB deliver management, security & Zero-Day protection.
What is a forward proxy? A proxy where traffic must be forwarded by the end-point Such proxies requires agents and configuration on client devices.
What is a reverse proxy? A proxy where traffic is automatically routed, requiring no agent or configuration on the end-point.
What is AJAX-VM? Acronym for "Adaptive Javascript and XML- Virtual Machine." AJAX-VM virtualizes cloud apps on the fly so they can be proxied without agents. Reverse-proxy CASB are brittle without AJAX-VM and break frequently with app changes.
What are the types of CASB architecture? There are three types of CASB architecture: API-only, forward proxy, and reverse proxy. Some CASB are API-only, others API and forward proxy. Next-Gen CASBs offer all three with AJAX-VM.
What is CASB encryption? Encryption/decryption of data prior to upload/download to a cloud application.
What is searchable encryption? An encryption system that combines full encryption with a clear-text index to enable search and sort without compromising encryption strength.
What is tokenization? Obfuscation by encoding each input string as a unique output string.
What is agentless MDM? Mobile security for BYOD that does not require agents. Easy to deploy and has no access to personal data or apps, thereby preserving user privacy.
Materials
CASB FAQ: Frequently Asked Questions
https://www.bitglass.com/casb-cloud-access-security-broker-faq