Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Getting Started

  1. Last updated
  2. Save as PDF
Limited Availability: To access User Unification, contact Skyhigh Support.

Every user across the SSE platform can be configured with an identity for each Skyhigh product to ensure security, proper access control, and accountability. For example, a CASB user can be configured with an email ID as an identity, and a SWG user can be configured with a SAM account name. Because of the ability to configure different Skyhigh products with other identities, the single-user identity across the SSE platform may differ. If a single user uses two different Skyhigh products, the user's information is stored under two distinct identities. Additionally, each user's data is gathered from various sources, and each source provides different sets of attributes. As a result, a Security Operations Center (SOC) administrator cannot perform a comprehensive user threat investigation or calculate multiple risk scores for a single user. This issue also prevents the administrator from accurately identifying threats and anomalies by limiting the system's ability to determine whether the same user is accessing Shadow or Sanctioned services.

To unify user identities across the SSE platform and to facilitate Unified Threat Investigation, Unified User Risk Score, and Accurate Threat Protection for each organization's user, Skyhigh has introduced User Unification.

Unify User Identities

This capability uniquely identifies the user across the SSE platform, allowing correlation between configured user identities accessing Shadow or Sanctioned services. Unifying the user identities addresses the following challenges:

  • Unified Threat Investigation
  • Unified User Risk Score
  • Unified Threat Protection

Benefits 

NOTE: The current release does not support Unified Threat Protection.

  • Unified Threat Investigation. Investigate potential threats by cross-referencing activities between Shadow and Sanctioned data.
    • Increase accuracy when investigating activities or incidents across the SSE platform by using single-user identification.

      For example, if exfiltration occurs, such as when a user downloads a file from Box and uploads it to Sendspace using a consistent Global User Identifier (GUID), a SOC admin can identify the activities across Shadow and Sanctioned applications and take appropriate action to mitigate the risk.
  • Unified User Risk Score. Use information from all SSE components to calculate each user’s risk level and then apply security rules based on that risk across all SSE products. 
    • Increase the accuracy of the User Risk Score by adding inputs from Shadow and Sanctioned services.
    • Make the User Risk Score relevant to all SSE users, not just CASB.
    • Identify and track users with multiple identities and calculate individual risk scores. As a result, we can calculate a rich user risk score for a single user across the SSE platform and complete the enforcement.

      For example, if a user is not risky on the CASB side and performs risky activities on the DLP side, it would be reflected in the Unified User Risk Score.
       
  • Unified Threat Protection. Drive Anomaly and Threat generation using activities from across SSE.
    • Calculate anomalies and threats using activities and incidents across all SSE products and generate more accurate anomalies and threats.
    • Highlight more accurate threats and prevent data exfiltration from Sanctioned to Shadow services.

      For example, suppose a user logs in to a sanctioned SaaS from the U.S.A., and within a few minutes logs in to a Shadow app from China with a different user identity. In that case, Skyhigh can surface a compromised account threat, and the SOC admin will be able to connect the dots between the user.

How to Unify User Identities?

Configure Manually. To unify user identities, you must configure the Cloud Connector on your product. To configure the Cloud Connector, see Configure Cloud Connector to Unify User Identities.

Migrate Automatically. To accelerate your transition from the legacy Cloud Connector model, Skyhigh Security automatically migrates your Directory Services configuration to support User Unification. For details, see 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.