Definition

A Cloud Access Security Broker (CASB) provides visibility, governance, and policy enforcement for SaaS application use. CASB operates in three modes: log analysis for shadow-IT discovery, inline proxy for real-time enforcement of sanctioned cloud apps, and API connectors for scanning data at rest in SaaS. Typical capabilities: shadow IT discovery (find every SaaS app users touch), cloud DLP (extend DLP policy into SaaS via API integration), threat detection (compromised account identification, anomalous behavior), compliance reporting (which regulated data is in which cloud). Symantec CloudSOC is the Symantec CASB - strong inline mode via Cloud SWG integration, broad SaaS API coverage (M365, Google Workspace, Salesforce, Box, ServiceNow, 100+), tight integration with Symantec DLP for unified data protection across endpoint, network, email, and cloud.

Symantec products that implement this

  • Symantec CASB (CloudSOC) - Cloud Access Security Broker for SaaS - visibility into shadow IT, inline enforcement on sanctioned apps, API-based scanning for data at rest, and user behavior analytics.

Related terms

  • SWG (Secure Web Gateway) - Security service that inspects web traffic for malware, enforces URL policy, and applies content controls - historically on-prem, now cloud-delivered.
  • ZTNA (Zero Trust Network Access) - Identity-driven, application-level access to internal apps - the modern replacement for VPN.
  • SSE (Security Service Edge) - The security half of SASE - cloud-delivered SWG, CASB, ZTNA, and DLP without the SD-WAN connectivity component.
  • DLP (Data Loss Prevention) - Security capability that discovers, monitors, and protects sensitive data across endpoints, networks, storage, cloud, and email.
  • Shadow IT - Use of IT resources (typically SaaS apps) without IT department approval or governance.

Deep-dives on CASB