Threat Protection

Attackers are defeating today’s security controls that rely on the network perimeter, firewalls, or exclusively focus on a specific platform. Activities across platforms are not correlated, making it difficult to identify suspicious behavioral patterns.

At the same time, security teams are inundated with alerts that lack priority, useful information, or context. Faced with a flood of unhelpful notifications, the legitimate security breaches get overlooked.

This problem is magnified with the use of cloud applications and platforms, as organizations often have little visibility into the activities of their users in their SaaS, PaaS, IaaS and IDaaS environments.

Account hijacking, often implemented through phishing, remains at least as prevalent within the SaaS context as it does within the enterprise, but most SaaS vendors lack a mechanism for its detection.

Gartner, Technology Overview for Cloud Access Security Broker

Threat Protection In Action: User and Entity Behavior Analytics

With User and Entity Behavior Analytics, Cisco Cloudlock detects suspicious activity across SaaS, PaaS, IaaS and IDaaS platforms. By establishing a behavioral baseline for each individual user and continuously monitoring user activity, Cisco Cloudlock detects potential anomalies that suggest malicious behavior. Thresholds can be established in centralized policies and alerts can be sent to security operations in real time.

Detecting and investigating suspicious behavior is simple with consolidated log storage, normalized log formats, preconfigured policies, and geolocation visualization. Additionally, APIs make integrations with SIEM and ticketing systems simple, enabling you to leverage your existing IT infrastructure.


Cross-Platform Security Intelligence

One step ahead of you – two steps ahead of the enemy. As a highly-extensible platform, Cisco Cloudlock feels right at home in the company of your existing security architecture.

  • Integrate with IDaaS tools such as Okta to investigate login behavior for over 4,000 apps
  • Connect to enterprise applications such as log management, security incident and event management (SIEM), ticketing systems, and more for additional insight
  • Integrate with intrusion detection / prevention IDP tools

How Cisco Cloudlock Helps: User and Entity Behavior Analytics

Activity Log Integration, User Activity Forensics, and Geolocation

User activity data collection and forensics views to detect security breaches, reduce incident investigation times, and comply with regulations.

  • Consolidated user activity log storage across SaaS, PaaS, IaaS, and IDaaS platforms with APIs for SIEM integration
  • Normalized logs with search functionality
  • Geolocation visualizations are added to events
Activity Log Integration, User Activity Forensics, and Geolocation

Pre-Configured Policies to Detect Suspicious Logins and Sensitive Activities

Manage sensitive activities in your cloud environments as security incidents to enable full visibility and incident lifecycle management.

  • Detection of suspicious login events: suspicious login indications, disabled account login failure, and impersonation events
  • Detection of sensitive administration activities: delegated administration, domain-level application installs, and security settings changes
Pre-Configured Policies to Detect Suspicious Logins and Sensitive Activities

Account Compromise Detection

Alerts on suspicious activities indicative of account compromise to extract data or perform malicious operations. Abnormal activities can be detected based on:

  • Violation of whitelist or blacklist country policies
  • Geolocation velocity (activities occurring from two or more places in a short amount of time)
  • Activities that differ from established behavioral baseline, including multiple failed logins or file accesses and a significant volume or frequency of data exfiltration
Account Compromise Detection
Free CloudLock Industry Report

Cloud Cybersecurity Report:
The Extended Perimeter

Key Findings:
  • Nearly one in four users (25%) own data that violates corporate security policy
  • 70% of corporate cloud-based collaboration occurs with non-corporate entities
  • Over half of third-party apps assessed in 2015 are banned due to security-related concerns
Download Now

Experience a Live Demo

See Cisco Cloudlock in action from one of our cloud security experts

Browser Not Supported

Your browser version is outdated.

We would recommend you upgrade to a recent version to ensure that you have a good experience on the CloudLock site. Outdated browsers also increase your security risk. So please update your browser and come back later!

Click on the icon below to download the latest version of your browser