SonicWALL Cloud App Security is a cloud-based security service that enables organizations to monitor and manage cloud application usage, and reduce the risk of 'shadow IT'. Delivered through SonicWall Capture Security Center, Cloud App Security seamlessly integrates with your existing SonicWall infrastructure. It provides real-time visibility and control of cloud application usage, a comprehensive dashboard enables administrators to monitor usage of risky applications, track user activity, and set block and unblocked policies on sanctioned and unsanctioned applications.
SonicWALL Cloud App Security is a cloud-based security service that enables organizations to monitor and manage cloud application usage, and reduce the risk of 'shadow IT'. Delivered through SonicWall Capture Security Center, Cloud App Security seamlessly integrates with your existing SonicWall infrastructure. It provides real-time visibility and control of cloud application usage, a comprehensive dashboard enables administrators to monitor usage of risky applications, track user activity, and set block and unblocked policies on sanctioned and unsanctioned applications.
SonicWall
®
Cloud App
Security (Shadow IT)
User Guide
SonicWall Cloud App Security (Shadow IT) User Guide
Contents
1
2
About SonicWall Cloud App Security (Shadow IT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Using Cloud App Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Understanding Risk Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Classifying Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Browser Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
MySonicWall Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Firewall Types and Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Licensing Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Configuring SonicOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Launching Cloud App Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Using the Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Risk Posture charts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Cloud Apps Used chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Users/IPs chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Traffic chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Using the Dashboard charts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Top Applications charts . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Top Applications By Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Top Applications By User/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Top Applications By Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Top Users charts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Top Users/IPs By Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Top Users by App . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Top Users/IPs By Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
App Locations map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Using the Discovery View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Applications tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Filtering the Applications list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Displaying All of the Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Displaying Applications by Date Used . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Viewing Cloud Application Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Classifying Cloud Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Controlling Access to Cloud Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
User Activities tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Displaying Users by Date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Viewing User Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
SonicWall Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
About This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Contents
SonicWall Cloud App Security (Shadow IT) User Guide
About SonicWall Cloud App Security (Shadow IT)
1
3
About SonicWall Cloud App Security
(Shadow IT)
SonicWall
®
Cloud App Security (Shadow IT) is a cloud-based security service that enables organizations to
monitor and manage cloud application usage and reduce the risk of shadow IT. Delivered through SonicWall
Capture Security Center, Cloud App Security (Shadow IT) is a critical part of the Capture Cloud platform and
seamlessly integrates with your existing SonicWall infrastructure. The solution provides CASB-like functionality,
delivering real-time visibility and control of cloud application usage.
A comprehensive dashboard enables administrators to monitor usage of risky applications, track user activity,
and set block and unblocked policies on sanctioned and unsanctioned applications. The solution ensures safe
adoption of cloud-based applications without impacting employee productivity at a low total cost of ownership.
SonicWall Cloud App Security (Shadow IT) User Guide
About SonicWall Cloud App Security (Shadow IT)
4
The key features of SonicWall Cloud App Security (Shadow IT) include:
•Shadow IT discovery – Leverage existing firewall logs to automate cloud discovery to identify
applications being used and their risk posture.
• Real-time application visibility – Monitor usage in real-time with an intuitive dashboard view that
provides details of applications being used, traffic volume, user activity and location of use.
• Application classification and control – Set policies for unmanaged cloud applications based on an
application risk score derived from regulations, security certifications and reputation databases to
classify as sanctioned (approved by IT) or unsanctioned (allowed, but not approved by IT) applications.
SonicWall Cloud App Security (Shadow IT) provides you with two views into your cloud application environment:
• Dashboard – real-time views of the number and categories of cloud applications being used, number of
users accessing cloud applications, and the amount of data traffic used by cloud applications
• Discovery – details about both the cloud applications and the users who accessed them within your
organization
Topics:
• Using Cloud App Security
• System Requirements
• Launching Cloud App Security
Using Cloud App Security
SonicWall Cloud App Security (Shadow IT) delivers real-time visibility and control of cloud application usage. A
comprehensive dashboard enables administrators to discover usage of risky applications, track user activity, and
set blocked and unblocked policies on sanctioned and unsanctioned applications to protect sensitive data.
Using SonicWall Cloud App Security (Shadow IT), you can:
1 Discover which cloud applications are being accessed by users in your organization and understand the
risks associated with those applications.
2 Classify those applications as being Sanctioned or Unsanctioned.
3 Control which cloud applications users can access by setting policies to block or unblock them.
4 Monitor the usage of those cloud applications, such as the amount of data uploaded to and downloaded
from them, and identify the users who access them.
SonicWall Cloud App Security (Shadow IT) User Guide
About SonicWall Cloud App Security (Shadow IT)
5
Topics:
• Understanding Risk Levels
• Classifying Applications
Understanding Risk Levels
SonicWall Cloud App Security (Shadow IT) assigns one of these Risk Levels to each cloud application:
The Risk Level of a cloud application is determined based on several factors, including its:
• adherence to security standards, such as Identity and Access Control, Data Confidentiality and Leak
Prevention, and Threat and Vulnerability Management.
• compliance with established security certifications, such as FISMA, HIPAA, Safe Harbor, and SOC.
You can view the details of the risk assessment of a cloud application by viewing its App Profile in the Discovery
view.
Classifying Applications
Cloud applications can be classified as:
In addition to being classified, access to cloud applications can also be blocked.
System Requirements
Your security infrastructure must meet certain minimum requirements:
• Browser Levels
• MySonicWall Account
• Firewall Types and Firmware
• Licensing Requirements
• Configuring SonicOS
Risk Level Icon
Low Risk
Medium Risk
High Risk
Classification Icon Description
Sanctioned Approved by your IT organization
Unsanctioned Allowed, but not approved by your
IT organization
Unclassified This is the default classification for
all cloud applications.
SonicWall Cloud App Security (Shadow IT) User Guide
About SonicWall Cloud App Security (Shadow IT)
6
Browser Levels
Since SonicWall Cloud App Security (Shadow IT) is a cloud service, you only need access to a web browser and
an Internet connection to access the Capture Security Center. The following browser levels are supported:
MySonicWall Account
To login into the Capture Security Center and access SonicWall Cloud App Security (Shadow IT):
• You must have an active MySonicWall account.
• You account must be associated with specialized cloud access.
Firewall Types and Firmware
To effectively manage the network security appliances with Analytics Services or Management Services from the
Capture Security Center, the appliances in the environment need to meet the following requirements:
• The firewalls can be an NSA, TZ or NSv series device.
• Each firewall needs to be licensed with either the Comprehensive Gateway Security Suite (CGSS) or
Advanced Gateway Security Suite (AGSS).
• The firewalls in the configuration must not be associated with Cloud GMS 1.0.
• The firewalls in the configuration must be a part of a group.
• Each firewall must have a HTTPS management port enabled.
• The firewalls must be running SonicOS firmware version 6.5.1.1 42n or later.
.
Licensing Requirements
SonicWall Cloud App Security (Shadow IT) (CAS) 1.0 is bundled with Capture Security Center (CSC) Analytics.
Only users with CSC Analytics licenses can access the SonicWall Cloud App Security (Shadow IT) service. There is
no separate license for SonicWall Cloud App Security (Shadow IT).
Configuring SonicOS
You need to configure your firewall in order to view the data about the cloud applications being monitored.
To configure SonicOS for SonicWall Cloud App Security (Shadow IT):
1 Navigate to the MANAGE page.
2Navigate to Security Services > Content Filter.
Browser Supported Notes
Google Chrome (latest version) This is the preferred browser for real-time graphics
display on the Dashboard.
Apple Safari (latest version)
Internet Explorer 11 Do not use compatibility mode.
Mozilla Firefox (latest version)
IMPORTANT: If a firewall is behind a NAT device, then the firewall must have a HTTPS management port
enabled and opened for the cloud services to communicate with the firewall.
SonicWall Cloud App Security (Shadow IT) User Guide
About SonicWall Cloud App Security (Shadow IT)
7
3 In the Global Settings section, make sure that these options are selected:
• Enable Content Filtering Service
• Enable HTTPS Content Filtering
4 Click ACCEPT.
5Navigate to Policies > Objects > Content Filter Objects.
6 Click CFS Action Objects.
7 Click the Edit icon for the CFS Default Action.
8 In the CFS Action Object section, make sure that Enable Flow Reporting is selected.
9 Click OK.
Launching Cloud App Security
1Navigate to cloud.sonicwall.com.
2 Login with your MySonicWall credentials to get to the Capture Security Center.
3 Click the CAS tile to start SonicWall Cloud App Security (Shadow IT).
4 Follow the instructions provided in this guide on how to configure and use SonicWall Cloud App Security
(Shadow IT).
SonicWall products must be registered on MySonicWall to enable full functionality and the benefits of SonicWall
software updates and technical support. Log in or register for a MySonicWall account at
https://mysonicwall.com.
NOTE: It may take up to 30 minutes for data to be visible in the Cloud App Security (Shadow IT)
Dashboard. If data is not being displayed after that time, verify that the settings on your firewall
are properly configured.
SonicWall Cloud App Security (Shadow IT) User Guide
Using the Dashboard
2
8
Using the Dashboard
The Dashboard displays real-time views of:
• number and type of cloud applications being used, highlighting those with a High
• number of users accessing cloud applications, highlighting those at High, Medium, and Low Risk
• amount of data traffic being used by cloud applications, highlighting those at High, Medium, and Low
Risk
SonicWall Cloud App Security (Shadow IT) User Guide
Using the Dashboard
9
The Dashboard displays information in summary charts for the:
• Risk Posture
• Top Applications
• Top Users/IPs
The Dashboard displays information for only one network security appliance at a time. Select the network
security appliance for which you want to view the cloud application information by selecting it from the
drop-down list at the top left of the Dashboard.
Click the Reload icon on the top right of the Dashboard to refresh the information being displayed.
Risk Posture charts
The Risk Posture charts display a summary of the current Risk Levels for your organization for:
• Total Apps Used
• Total Users/IPs
• Total Traffic
The top bar of the Dashboard shows you the current total counts for these important metrics.
• Total Apps: total number of cloud applications accessed
• High Risk Apps: total number of cloud applications accessed with a High Risk Level
•Total Users/IPs: total number of current users (User Activities tab on the Discovery View)
•Total Traffic: cloud applications accessed sorted by the total traffic (Applications tab on the Discovery
View)
Click on the label or the count next to it to view the details associated with that total count.
SonicWall Cloud App Security (Shadow IT) User Guide
Using the Dashboard
10
Cloud Apps Used chart
The Cloud Apps Used chart displays the number of cloud applications accessed during the past 30 days,
highlighting those with Risk Levels of High Risk, Medium Risk, and Low Risk.
Hover over individual points in the charts to see the number of cloud applications used at each Risk Level. (See
Understanding Risk Levels for information about how Risk Levels are determined.)
Users/IPs chart
The Users/IPs chart displays the number of users accessing cloud applications during the past 30 days,
highlighting those with Risk Levels of High Risk, Medium Risk, and Low Risk. (See Understanding Risk Levels for
information about how Risk Levels are determined.)
Hover over individual points in the charts to see the number of users accessing cloud applications, tracked by
Risk Level, at those specific points in time.
Traffic chart
The Traffic chart displays the amount of data traffic sent and received from the cloud applications during the
past 30 days.
Hover over individual points in the charts to see the amount of data traffic sent and received from the cloud
applications, tracked by Risk Level, at those specific points in time. (See Understanding Risk Levels for
information about how Risk Levels are determined.)
SonicWall Cloud App Security (Shadow IT) User Guide
Using the Dashboard
11
Using the Dashboard charts
The Dashboard charts display information about various aspects of cloud application usage and user traffic of
those applications. You can view additional details by hovering the cursor over sections of the charts.
• Hover over the icon to see the name of the cloud application.
• Hover over the icon to see the name associated with the Risk Levels of the cloud application.
See Understanding Risk Levels for information about how Risk Levels are determined.
• Hover over the icon to see how the cloud application has been classified (Sanctioned, Unsanctioned, or
Unclassified).
See Classifying Applications for information about you can classify cloud applications.
SonicWall Cloud App Security (Shadow IT) User Guide
Using the Dashboard
12
• Hover over a section of the circular chart to see the detail for that item (the color matches the colored
square next to the item in the list on the left).
• Hover over the user or IP address to see the application usage for that user.
Top Applications charts
The Top Applications charts list the most accessed cloud applications:
• Top Applications By Traffic
• Top Applications By User/IP
• Top Applications By Usage
Top Applications By Traffic
Top Applications By Traffic lists the top ten cloud applications ranked by the amount of data traffic sent and
received from those cloud applications during the past 7 days.
SonicWall Cloud App Security (Shadow IT) User Guide
Using the Dashboard
13
Top Applications By User/IP
The Top Applications By User/IP chart displays the top cloud applications ranked by the number of users who
accessed cloud applications during the past 7 days.
Top Applications By Usage
The Top Applications By Usage chart displays the top cloud applications ranked by the number of times they
were accessed during the past 7 days.
Top Users char ts
The Top Users charts list the top users:
• Top Users/IPs By Traffic
• Top Users by App
• Top Users/IPs By Usage
Top Users/IPs By Traffic
The Top Users/IPs By Traffic chart displays the top users of cloud applications ranked about the amount of
traffic they used during the past 7 days.
SonicWall Cloud App Security (Shadow IT) User Guide
Using the Dashboard
14
Top Users by App
The Top Users by App chart displays the top cloud applications ranked by the number of users who accessed the
cloud applications during the past 7 days.
Top Users/IPs By Usage
The Top Users/IPs By Usage chart display the top users of cloud applications ranked by the number of times
they accessed the discovered cloud applications during the past 7 days.
App Locations map
The App Locations map displays the locations from where the cloud applications were accessed. Hover over the
location dot to see the name of the application and more precise location.
SonicWall Cloud App Security (Shadow IT) User Guide
Using the Dashboard
15
You can also filter the results to only display the locations of cloud applications within a specific category by
selecting it from the drop-down list on the upper right.
SonicWall Cloud App Security (Shadow IT) User Guide
Using the Discovery View
3
16
Using the Discovery View
Use the Discovery view to learn about the details of the cloud applications used within your organization.
The Discovery view contains two tabs:
• Applications tab
• User Activities tab
You can use the back arrow icon next to Discovery at the top of the view to return to the Dashboard view as an
alternative to clicking on Dashboard in the left navigation pane.
You should use this icon to return to the Dashboard rather than using the Back button on your browser.
SonicWall Cloud App Security (Shadow IT) User Guide
Using the Discovery View
17
Applications tab
The Applications tab displays:
• Application: the name of the cloud application. Expand this by clicking on the arrow to the left of the
name to view:
•App Profile: a breakdown of the cloud application, listing its organization profile, its adherence to
secure practices and standards, and compliance certifications.
• User List: IP addresses of the users who have accessed the application, how much data was
uploaded to and downloaded from the application.
• Risk Score: computed based off the adherence of the cloud application to secure practices, standards,
and compliance certifications. The points are based on the weight assigned to each attribute of
adherence, and its importance and relevance to the associated category risk. Hover over the icon and
value to see the Risk Level (Low Risk, Medium Risk, or High Risk). (See Understanding Risk Levels for
information about how Risk Levels are determined.)
• User/IP: number of users (by IP address) who have accessed the application. Hover over the number to
see a list of IP addresses associated with those users.
•Transactions: number of transactions performed with the application
•Data Uploaded: amount of data uploaded to the application
• Data Downloaded: amount of data downloaded from the application
• Classification: the classification of the application: Unclassified, Sanctioned, or Unsanctioned. By default,
all cloud applications are classified as Unclassified, allowing you to classify the cloud applications based
on the requirements of your organization.
• Control: whether the application is Blocked or Unblocked (this is the default)
By default, only 10 applications are listed at a time on the Applications tab. You can view more applications at
one time by selecting a different value from the drop-down list at the bottom left of the table.
SonicWall Cloud App Security (Shadow IT) User Guide
Using the Discovery View
18
Filtering the Applications list
Click the Filter icon on the far left of the Applications tab toolbar to customize what is displayed on the
Applications tab.
You can:
• In the Application section:
• Search for a specific applications by entering part or all of their names
• Select a specific y of applications
• Select a specific Risk Level: High, Medium, or Low. (The name to the right shows how many applications
have been assigned that Risk Level.)
• Select a specific Classification: Sanctioned, Unsanctioned, or Unclassified.
• Select a specific Control setting: Blocked or Unblocked.
The number in blue to the right of the filter option displays the number of items that would be displayed if that
filter option is selected.
Once selected, the filter option you selected takes effect immediately.
To reset all of the filter settings:
1 Click the Reset filters icon located second from the right on the Applications tab toolbar.
SonicWall Cloud App Security (Shadow IT) User Guide
Using the Discovery View
19
Displaying All of the Applications
By default, only the cloud applications accessed during the past 7 days are listed in the table. To view a list of all
discovered cloud applications, uncheck the Recently accessed apps checkbox. The complete list of all
applications available in the cloud application registry will be displayed.
SonicWall Cloud App Security (Shadow IT) User Guide
Using the Discovery View
20
Displaying Applications by Date Used
By default, the cloud applications accessed on current date are listed. You can select an earlier date within the
past 30 days by using the slider to entering a specific Custom date.
To view the cloud applications accessed on a date within the last 30 days:
1 Slide the date slider next to the Recently accessed apps checkbox to the left. The list of cloud
applications will update to display the cloud applications accessed on that date.
To view the cloud applications accessed on a specific date:
1 Select the Custom button.
2 Select a date from the displayed Calendar. The list of cloud applications will update to display the cloud
applications accessed on that date.
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
-
1
-
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
SonicWALL Cloud App Security is a cloud-based security service that enables organizations to monitor and manage cloud application usage, and reduce the risk of 'shadow IT'. Delivered through SonicWall Capture Security Center, Cloud App Security seamlessly integrates with your existing SonicWall infrastructure. It provides real-time visibility and control of cloud application usage, a comprehensive dashboard enables administrators to monitor usage of risky applications, track user activity, and set block and unblocked policies on sanctioned and unsanctioned applications.
Ask a question and I''ll find the answer in the document
Finding information in a document is now easier with AI
Related papers
-
SonicWALL Analytics Quick start guide
-
-
-
SonicWALL Home Security System NSA 5000 User manual
-
-
-
-
-
-