CASB API Protection
CASB API Protection
Use an out-of-band API connection into your sanctioned cloud services to find sensitive content, enforce out-of-band policy controls, and quarantine malware. This deployment option has the advantage of being simple and friction-less to deploy, requiring only a few steps and granting access to the sanctioned app from the Netskope console using OAuth. The other advantage is that the API connection enables inspection of content that already resides in the sanctioned app. This is not possible with a proxy deployment. There are two limitations to API Data Protection. First, visibility and control is out-of-band, so visibility and control are after-the fact versus proactive and real-time. Second, only sanctioned cloud services are supported.
- Understanding API Protection
- API (Observe for Managed App Activities)
- API (Monitor for Managed App Activities)
- API (Protection for Managed App Activities)
- DLP – Protect state for Managed App Activities
- Threat Protection – Protect state for Managed App Activities
Articles
- Understanding API Protection
- API (Observe for Managed App Activities)
- Create a list of publicly accessible documents in an API-Protected service
- Create a list of externally shared documents stored in an API-Protected service
- Create a list of private documents stored in an API-Protected service
- Create a list of executable or other files stored in an API-Protected service
- Create a list of users with most public files stored in an API-protected service
- Create a list of users with non-expiring links to files stored in an API-Protected service
- Create reports on activity or incidents in an API-Protected service
- API (Monitor for Managed App Activities)
- Alert when a file is shared with large number of users (internal/external)
- Alert when a file is shared with specific groups
- Investigate specific external user activity to determine risk posture
- Investigate specific internal user activity to determine risk posture
- Identify and act on individual files or folders on a case by case basis
- Alert when a file is made public
- Alert when a file is externally shared
- API (Protection for Managed App Activities)
- DLP – Protect state for Managed App Activities
- Create a DLP policy to search an entire data repository and apply predefined labels per Enterprise data classification rules
- Create a policy to identify sensitive data in specific locations (public, external or non-approved groups)
- Create a policy to alert or block sharing of sensitive data with external Teams
- Create a policy to find encrypted or password protected files
- Create and apply a legal hold policy if required
- Threat Protection – Protect state for Managed App Activities