Avanan for G Suite. Technical Overview. Copyright 2017 Avanan. All rights reserved.

Similar documents
McAfee MVISION Cloud. Data Security for the Cloud Era

SonicWall Capture Client 1.0. Operations

Phishing in the Age of SaaS

HIPAA Compliance. with O365 Manager Plus.

CHECK POINT CLOUDGUARD SAAS SUPERIOR THREAT PREVENTION FOR SAAS APPLICATIONS

GLBA Compliance. with O365 Manager Plus.

CloudSOC and Security.cloud for Microsoft Office 365

Securing Office 365 with SecureCloud

Microsoft Security Management

ForeScout Extended Module for Carbon Black

FISMA Compliance. with O365 Manager Plus.

DreamFactory Security Guide

Evaluating Encryption Products

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

SandBlast Agent FAQ Check Point Software Technologies Ltd. All rights reserved P. 1. [Internal Use] for Check Point employees

AppDefense Cb Defense Configuration Guide. AppDefense Appendix Cb Defense Integration Configuration Guide

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Mobile Devices prioritize User Experience

Proteggere Office365 e Cloud file sharing in meno di un minuto Tiberio Molino Sr.Sales Engineer Trend Micro

Cisco s Appliance-based Content Security: IronPort and Web Security

Google Identity Services for work

Hybrid Identity de paraplu in de cloud

Security and Compliance for Office 365

#1 Enterprise File Share, Sync, Backup and Mobile Access for Business

SentinelOne Technical Brief

Securing Office 365 with Symantec

Seqrite Endpoint Security

Security for the Cloud Era

MODERN DESKTOP SECURITY

Integrating Juniper Sky Advanced Threat Prevention (ATP) and ForeScout CounterACT for Infected Host Remediation

Kaspersky Endpoint Security. AppConfig Technical Capabilities

Juniper Sky Advanced Threat Prevention

Exchange Online Technical Overview. CCAP Exchange Online Overview 10/27/ /28/2011

JUNIPER SKY ADVANCED THREAT PREVENTION

Workspace ONE UEM Notification Service. VMware Workspace ONE UEM 1811

Comodo SecureBox Management Console Software Version 1.9

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

METADATA FRAMEWORK 6.3 AND CYBERARK AIM INTEGRATION

Competitive Matrix - IRONSCALES vs Alternatives

MaaS360 Secure Productivity Suite

#1 Enterprise File Share, Sync, Backup and Mobile Access for Business

Securing Your Most Sensitive Data

ClientNet. Portal Admin Guide

Software-Define Secure Networks The Future of Network Security for Digital Learning

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

Data Insight Feature Briefing Box Cloud Storage Support

ForeScout Extended Module for Symantec Endpoint Protection

2018 Edition. Security and Compliance for Office 365

McAfee Skyhigh Security Cloud for Citrix ShareFile

CIS Controls Measures and Metrics for Version 7

rat Comodo EDR Software Version 1.7 Administrator Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

OpenIAM Identity and Access Manager Technical Architecture Overview

Security Architecture

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017

CIS Controls Measures and Metrics for Version 7

Symantec Endpoint Protection Family Feature Comparison

Web Push Notification

How-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

At a Glance: Symantec Security.cloud vs Microsoft O365 E3

Securing Office 365 with MobileIron

Product overview. McAfee Web Protection Hybrid Integration Guide. Overview

McAfee Skyhigh Security Cloud for Amazon Web Services

Synchronized Security

MindAccess DevOps Plan Product Sheet

Partner Center: Secure application model

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

Who am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Managing Microsoft 365 Identity and Access

CounterACT Check Point Threat Prevention Module

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Go mobile. Stay in control.

Vodafone Secure Device Manager Administration User Guide

ForeScout Extended Module for VMware AirWatch MDM

Administering Jive Mobile Apps for ios and Android


Forescout. eyeextend for Carbon Black. Configuration Guide. Version 1.1

Compliance Brief: The National Institute of Standards and Technology (NIST) , for Federal Organizations

Administering Jive Mobile Apps

Cloud Security & Advance Threat Protection. Cloud Security & Advance Threat Protection

Tenable.io User Guide. Last Revised: November 03, 2017

Introduction. The Safe-T Solution

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Single Sign-On. Introduction


Sophos Central Partner. help

Extract of Summary and Key details of Symantec.cloud Health check Report

Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus

Service Manager. Database Configuration Guide

McAfee Advanced Threat Defense

THE ACCENTURE CYBER DEFENSE SOLUTION

Symantec Enterprise Solution Product Guide

Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

Transcription:

Avanan for G Suite Technical Overview

Contents Intro 1 How Avanan Works 2 Email Security for Gmail 3 Data Security for Google Drive 4 Policy Automation 5 Workflows and Notifications 6 Authentication 7 Permissions 8 APIs 9 Operation Modes 10 Resolved Data 11

Intro Avanan can offer visibility and protection unparalleled by proxy solutions, by connecting cloud-based versions of third-party security tools directly to the G Suite infrastructure using its native application programming interface (API). Avanan offers best-of-breed cloudified security tools including: Anti-Phishing Malware & Ransomware Detection Data Leakage Prevention Encryption Anomaly Detection Incident Response Automated Security Policies 1

How Avanan Works The Endless Security Stack Avanan finds the industry s best security technologies and wrap them in the Avanan API, standardizing all their user, file, event and policy information. These security technologies can be deployed in a single click to secure every application in your G Suite environment. Complete Cloud Integration Avanan connects directly to the native API of your G Suite environment. This provides both real time and historical information about every user, file, event and policy--not only of your users, but everyone that has access. 2

Email Security for Gmail Avanan scans inbound, outbound, and internal emails, catching threats as the last layer of defense - after they are missed by Gmail s default security. Avanan s email security technology analyzes 200+ indicators in every email to detect phishing attacks, malware and ransomware. 3

Data Security for Google Drive Data Leak Prevention Avanan uses cloud-native controls to enforce granular share policy by regulating collaboration rights for individual files or folders based upon its contents and context. Files can be deleted, quarantined or encrypted before they become available to the wrong users. Predictive AI Avanan s AI tools perform statistical analysis on the contents of every file to predict which files may contain malware before they can be detected by other methods. File Sanitization Malware Sandboxing Avanan performs emulations in cloud sandboxes to analyze each file s behavior and detects malicious files before the threat reaches any endpoints, whether it is within shared folder, email, or cloud application. Unlike alternative malware testing methods (like proxies or MTAs), our sandbox integration provides a safe yet seamless experience for the end user with little to no delay/interruption. Instead of relying on detection that is prone to false-negatives, file sanitization will replace the original file with a sanitized version of the file, maintaining its content and format but removing any macros and binary resources. Avanan s granular policy controls allow you to set what gets sanitized, from banning certain file types to disallowing macros entirely. Encryption Avanan s policy-driven controls can encrypt documents automatically based upon content or context. Authorized users can open and edit the files without need for passwords, but maintain protection even if stored in a shared directory. 4

Policy Automation Monitor Only Monitor only mode provides visibility into the cloud-hosted email leveraging G Suite s publicly available API. Scan results are provided from 60+ best of breed security tools. In this mode, manual and automated query based quarantines are available after delivery to the user mailbox. Detect and Prevent Detect and Prevent mode provides an increased level of protection that scans email in the user s inbox leveraging the G Suite APIs. This mode adds an automated policy action to quarantine malware, phishing attacks etc. based on the results of the best-of-breed security stack. In this mode user notifications and release workflows are available. Protect (Inline) Protect Mode provides the highest level of protection and scans emails prior to delivery to the end user s inbox. Leveraging the same G Suite APIs and implementing email rules, Avanan can scan email with a best-of-breed security stack to protect end users from malware, data leaks, phishing attacks and more. Scanning and quarantining takes place before email is delivered to the user s inbox. This mode insures that threats are detected and remediated before the user has access to the email. 5

Workflows and Notifications Detect and Prevent Mode and Protect (inline) Mode both offer three separate workflows to manage Malware and Anti-Phishing attacks in the platform. The only difference is when the workflow is invoked. Detect and Prevent scans email after delivery of email to the user and Protect (inline) scan just prior to delivery. Workflow Options Malware User is alerted and allowed to restore the email User is alerted, allowed to requests a restore. Admin must approve Email quarantined. User is not alerted. Admin can restore Phishing User receives the email with a warning* Email quarantined. Admin can restore Email Quarantined. User is alerted, allowed to request a restore. Admin must approve Suspicious User receives the email with a warning* Do nothing * Advanced options are available to customize all manual generated messages and notifications to the end users. 6

Authentication Access to G Suite API is based on granting to the Avanan app in company s domain within Google Apps using the company s Google administrator account. Procedure: Starting from the Avanan portal, the user integrates with G Suite. The Avanan platform then redirects the user to an authorization page on: https://accounts.google.com Using the company s Google administrator account, the user is redirected to the Avanan Cloud Security Platform app in Google Apps marketplace on: https://chrome.google.com/webstore The company s administrator then install the Avanan Cloud Security Platform application which will enable Avanan to access the Gmail and Google Drive APIs on behalf of company s Google administrator. Because the authentication and granting is done within the Google Marketplace service, Avanan never sees the company s admin credentials. More information about Google s authorization process can be found below: Gmail API Authorization Google Drive API Authorization 7

Permissions Avanan applications comply with the security guideline of minimal permission - requiring the minimal set of permissions required for its functionality. The Gmail and Google Drive APIs offer a range of tool permissions, but the minimum required permissions for the Avanan platform are: Gmail E-mails (View and manage) View users on your domain Insert mail into your mailbox Manage mailbox labels View and modify but not delete your email View your emails messages and settings Manage your basic mail settings View and manage Pub/Sub topics and subscriptions View your email address View your basic profile info Google Drive View the activity history of your Google Apps View your Chrome OS devices' metadata View your mobile devices' metadata View and manage the provisioning of groups on your domain View users on your domain Manage data access permissions for users on your domain View audit reports of Google Apps for your domain View usage reports of Google Apps for your domain View and manage the files in your Google Drive View your Google Drive apps View metadata for files in your Google Drive View the files in your Google Drive View your basic profile info 8

APIs Gmail Gmail offers a tremendous number of data APIs. (For the full list, see https://developers.google.com/gmail/api/v1/reference). The Avanan platform uses the following resources: Messages Labels History of changes Attachments Google Drive Google Drive offers a tremendous number of data APIs. (For the full list, see https://developers.google.com/drive/v3/reference/). The Avanan platform uses the following resources: Files and Folders metadata (not include file contents) Users and Groups metadata Permissions Changes (not include content of files changed) Channels Tokens Applications 9

Operation Modes The Avanan Platform initiates by fetching all emails, attachments, files, and folders metadata in a bootstrap process. The bootstrap ensures the customer s dedicated virtual appliance has the same cloud state. The cloud state used by Avanan tools are composed by the following entities: Gmail Users E-mails Attachments Labels used in e-mails Once the cloud state is saved, The Avanan Platform starts monitoring the changes for each user. To track each change for each user in the cloud, Avanan uses the following channels: Subscribe each user to Google Push Notifications for new messages (https://developers.google.com/gmail/api/guides/push) Fallback to polling each user history of changes, each minute if Push Notifications fails (https://developers.google.com/gmail/api/guides/sync) Google Drive Users Groups and Memberships Tokens Apps Files and Folders Permissions Once the cloud state is saved, The Avanan Platform starts monitoring the changes for each user. To track each change for each user in the cloud, Avanan uses the following channels: Subscribe each user to Google Push Notifications for changes (https://developers.google.com/drive/v3/web/push) Fallback to polling each user, each minute if Push Notifications fails (https://developers.google.com/drive/v3/web/manage-changes) Subscribe each user to Google Reports API to get its activities related to permissions, authorization to external apps and tokens. (https://developers.google.com/admin-sdk/reports/v1/get-start/getting-started) 10

Resolved Data The following table lists the data that is retrieved from Gmail and Google Drive and how it is stored on the Avanan platform. Within Avanan s infrastructure, each customer receives a dedicated server environment, with each customer s data processed and stored within separate customer-dedicated virtual appliances. (There is no multi-tenancy.) Data How it is stored User information: name, groups, phone, etc. Saved in the customer-dedicated virtual appliance Message/Attachment: name, size, hash, permissions, etc. Saved in the customer-dedicated virtual appliance. Permission fields also point to the relevant users. File/Folder: name, size, hash, permissions, etc. Saved in the customer-dedicated virtual appliance. Permission fields also point to the relevant users. Message/Attachment content If a policy is configured to scan content for malware, DLP or other services that require file-scan, the content is downloaded to dedicated appliances, scanned and removed. The content is not cached or saved by Avanan. Only the scan result is saved in the customer-dedicated virtual appliance. File Content If a policy is configured to scan files for malware, DLP or other services that require file-scan, the file is downloaded to dedicated appliances, scanned and removed. The content is not cached or saved by Avanan. Only the scan result is saved in the customer-dedicated virtual appliance. Activities: Send/Receive emails Saved in the customer-dedicated virtual appliance Activities: type (file, login, ) user, item (file/folder), action (upload, download, share), time, IP, etc. Saved in the customer-dedicated virtual appliance Site data: domain name, company name, configuration params, etc. The list of parameters configured in the corporate Google account that are relevant to the Avanan operation are saved in the dedicated virtual appliance. 11

About Avanan The Avanan Cloud Security platform was developed to directly address the concerns associated with cloud adoption security. By employing a layered security approach, Avanan can catch security threats that a single security vendor would miss when used on its own. Deployed in minutes, the Avanan Platform is completely out of band, with no need for a proxy or endpoint agent. info@avanan.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback