We could not be more excited to share that Cisco Cloudlock Apps Firewall for the Microsoft Azure AD ecosystem of applications is now in general availability. Cloudlock customers have been leveraging Apps Firewall for years for the Google ecosystem, where Cloudlock has discovered over 275,000 unique applications to date.
An astonishing 27% of these applications are considered high-risk, given the excessive access permissions granted to the applications by users, which often enable the apps to access, edit, and distribute the user’s files, many of which contain sensitive information, as well as allow access to a user’s contacts, the ability to send emails on their behalf, and, in essence, impersonate a user.
A Timely Response to a Growing Threat
The volume of cloud-based attacks leveraging OAuth is growing, as seen in the recent news about infamous hacking group Fancy Bear. The group initiated an attack through a phishing campaign that led users to enable a “connected” cloud application via OAuth. This application used the excessive access permissions granted by users to accomplish its nefarious acts.
While many of these attacks initially rely on phishing, once users enable applications, the attack occurs via cloud-to-cloud communications, rendering the majority of security tools blind and ineffective. It is also worth noting that standard security best practices, such as password changes and multi-factor authentication, do not solve the problem as the OAuth token must be revoked to break the connection.
Connected Cloud Apps and OAuth 101
On average, organizations have over 1,000 unique third-party, “connected” cloud applications enabled via OAuth by their users. But what exactly is a “connected” cloud application? What is OAuth? Allow us to explain.
How Cisco Cloudlock Helps
Cisco Cloudlock enables security analysts to gain visibility into and control over the riskiest Shadow IT in the form of these user-enabled cloud applications connected to Google G Suite and Microsoft Azure Active Directory.
This enables compliance and reduces the risk of compromised accounts and sensitive data exfiltration by allowing users to revoke risky apps with excessive access scopes, while leveraging cloud security intelligence and application risk insight via app risk scores and peer insights such as the Community Trust Rating.
To Learn More
To learn more about how Cisco Cloudlock is helping organizations gain visibility into and control over their connected cloud applications, be sure to review our in-depth data sheet.