A cloud access security broker (CASB) is a software tool or service that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure. CASBs are available as both on-premises or cloud-based software as well as a service.
CASBs work by ensuring that network traffic between on-premises devices and the cloud provider complies with an organization's security policies. The value of cloud access security brokers stems from their ability to give insight into cloud application use across cloud platforms and identify unsanctioned use. This is especially important in regulated industries. CASBs use autodiscovery to identify cloud applications in use and identify high-risk applications, high-risk users, and other key risk factors. Cloud access security brokers may enforce a number of different security access controls, including encryption and device profiling. They may also provide other services such as credential mapping when single sign-on is not available.
App Discovery can be used as a cloud access security broker (CASB) that provides a comprehensive set of capabilities to help you manage and control the use of cloud apps across your organization - including visibility into inappropriate cloud app usage. App Discovery can be accessed from the HEIMDAL Dashboard, under Products -> Threat Prevention -> Network or Endpoint. The App Discovery view displays a list of the applications discovered by the DarkLayer Guard engine in your environment and the following details: Application Name, Vendor, Installed Endpoints, and Risk Level.
You can track and monitor the usage of an application by clicking the Installed Endpoints hyperlink and seeing the hostnames and the number of DNS queries performed by the users on the displayed endpoint(s).
Also see: App Discovery and OpenAI ChatGPT