Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Skyhigh Security Labs

Skyhigh Security CSL and Skyhigh CASB Labs

Skyhigh Security Cloud Security Labs (CSL) is a program that delivers new product ideas based on in-house research to accelerate cloud adoption, detect new threats, and find ways to identify and remediate them. These product ideas generated by this research then appears in the Skyhigh CASB as features of Skyhigh CASB Labs, available via the User Menu > Skyhigh Labs

To enable access to Skyhigh CASB Labs on your tenant, contact your Skyhigh CASB Account Executive or Sales Representative. You can control access to Skyhigh CASB Labs for specific users using RBAC. 

Skyhigh Security CSL focuses on the following areas of research. 

Cloud Threat Intelligence

Skyhigh CASB CSL researches activity across its extensive global user base to discover patterns of usage that compromise the security of corporate information. As an example, Skyhigh CASB CSL pioneered an innovative approach to behavioral botnet detection by creating an algorithm that uses multi-dimensional probabilistic weighting to percolate domains that display characteristics of a Command and Control server. By using classical signal processing techniques, Skyhigh CASB can characterize abnormally programmatic behaviors, providing customers with detailed forensics to pinpoint and remediate exact systems that have been compromised.

Cloud Service Intelligence

Skyhigh CASB CSL researches cloud services to provide customers with a comprehensive view of the state of cloud services available in the global market and insight into the risks of each of these cloud services. In addition to continuously identifying and evaluating cloud services in real-time, Skyhigh CASB CSL extends the depth of intelligence via integration with Darknet and other sources of cyber-risk intelligence while extending the breadth of risk visibility into the B2B partner ecosystem. In addition, Skyhigh CASB CSL also audits over 20,000 cloud services when a major vulnerability, such as Heartbleed, VENOM, FREAK, POODLE, or BASH, is exposed, determines the security implications using advanced data mining and natural language processing, proactively informs customers of cloud service risks, and provides recommendations for remediation.

Cryptography Research and Development

Skyhigh CASB CSL works with five leading cryptography academics from Cornell Tech, University of London, Georgia Tech, and the University of California, San Diego, who form the Skyhigh CASB Cryptography Advisory Board, to collaborate on cutting-edge research and deploy cryptographic innovations for the cloud security market. Along with the Cryptography Advisory Board, Skyhigh CASB CSL has developed and brought to market several important advancements in cloud cryptography such as searchable symmetric encryption, order-preserving encryption, and format-preserving encryption.

Skyhigh Security CSL Public Research

To view the complete list of published reports from Skyhigh CASB CSL, go to  

Skyhigh CASB Labs

Research from Skyhigh CASB CSL has generated the following product ideas in Skyhigh CASB Labs. 

Geo Analysis

Data exfiltration to domains and IPs that are not part of Skyhigh CASB Registry are displayed in this interactive geographical map. Each destination domain or IP is associated with a country where the data was uploaded, and is represented as a bubble on the chart, where the size of the bubble indicates the amount of data uploaded. On click, it also lists the Top 10 domains/IPs with risk scores (obtained from Zscaler). 

Vendor Analysis

Cyber risk profile the vendors and partners the customer interacts with and risk score them on a scale of 1-10 based on attributes. These less tech-savvy vendors could possibly become a conduit for attack for the enterprise (like Target, Neiman Marcus, or JPMC attacks). The Skyhigh CASB offering automatically discovers these partners and vendors, evaluates them against multiple risk attributes, and risk scores them for further insights.

Cyber Risk Query

Identify the employees whose PII, CC, Bank details, and password is leaked and possibly being traded on Darknet. As most users reuse the passwords across multiple domains, this could lead to exposure of company confidential information. Skyhigh CASB's Darknet analysis identifies the users whose data is leaked, and IPs that could be participating in a malicious activity such as botnet or spam propagation.

Indirect Traffic

Uses indirect access to capture HTTP/HTTPS access to services through the services used within that tenant.


Audit is used to summarize and visually represent the signatures that have been captured for Salesforce and Concur for each user.

Cloud Access Threats and Exposures (CATE)

Cloud Access Threats and Exposures are used to classify user's access into different categories: Insider Threat, Data Leak, Compromised Accounts, and Noncompliance.

  • Was this article helpful?