For cloud services on a user's multiple devices, how do we measure the trusted zone defended by anti-malware?

Abstract

Listen

Translate article

Cloud access security brokers (CASBs) operating in what has come to be called the cloud security gateway market are gaining industry acceptance as the next evolution in defending trusted zones for networked computing. The traditional clientserver framework of individual endpoint security coupled with enterprise network gateway security is proving inadequate to the overlapping extended networks created by mobility and cloud services. Useful measurement of the effectiveness of anti-malware and other cybersecurity defenses requires a clear definition of the trusted zones being defended. The value proposition of CASB services implies the successful defense of hundreds of individual trusted zones (one for each cloud service) for each individual user endpoint. The authors explore a different approach to defining the defended trusted zone in the era of multiple mobile endpoints and layered interacting cloud services. Defining the individual Office 365 user account as an example of a trusted zone for an individual user, the authors use traditional metrics of anti-malware efficacy to measure the properties of a well-defined singular trusted zone in the current environment where a user accesses hundreds of cloud services from multiple personal devices. Results of laboratory tests are presented where: the system-under-test is an individual Office 365 user account (Office 365 E3); the stimulus workloads (attack samples) are multiple forms of malicious activity (portable executable files, malicious links, weaponized documents, phishing emails); the attack vectors are through Office 365 cloud services (Exchange, SharePoint, OneDrive); and we measure the ability of malware to be successfully moved from being unavailable to the Office 365 user account to becoming available (regardless of what device the account owners use to access their individual Office 365 accounts). The goal of this research is to provide evidence as to the adequacy of adopting an individual user's overall internet access account as a simpler framework for the defended trusted zone for individual use of cloud services.