Smart Cloud Security: Block and Quarantine Zero-day Malware in the Cloud

Netskope

The complexity of different types of malware continues to grow and zero-day malware is often missed by traditional security solutions. Often, zero-days will not become malicious until all the bits and pieces are compiled together – and by that time it’s too late.

The Netskope Threat Research Labs has discovered many zero-days and continues to find more. Your organization needs a way to keep up-to-date with the latest types of attacks, including hybrid threats from the cloud and web.

Netskope customers have deployed our unified, cloud-native platform to enforce policies across SaaS, IaaS, and the web to block and quarantine zero-day malware in the cloud as well as other critical use cases. We have noted 20 of these use cases in our e-book, 20 Examples of Smart Cloud Security, and we’re highlighting each one in this blog.

Here’s use case #19: Block and quarantine zero-day malware in the cloud.

What security teams need is a way to detect new strains of malware and automatically block and quarantine the infected file en route to and from all cloud services and websites.

How can a CASB enable this use case? A CASB sits in between the user and the cloud service provider and monitors usage, secures data, and guards against threats. In the case of defending against zero-day malware in the cloud, a CASB needs to be deployed in all modes to fully address this use case. Not only will an API-based deployment into sanctioned cloud services be needed to scan files resident in the service, but reverse and forward proxy modes should be enabled as well to catch the data in real time as uploads and downloads happen and remediate. The forward proxy mode will be especially important as that will address unsanctioned cloud services as well.

Besides deployment choices, here are some functional requirements needed to achieve this use case:

  • Support for cloud-based inspection with dynamic analysis using a cloud-based sandbox
  • Support for multiple threat intelligence mechanisms including external and internal
  • Support quarantine workflows that are malware-centric