Who’s who?• Imperva (NYSE: IMPV)

– Founded in 2002

– 800+ employees

– 4000+ enterprise customers

– Leader in data security

• Incapsula

– Acquired by Imperva in 2014

– Major player in CDN, DDoS protection and WAF in the cloud market

• Skyfence

– Acquired by Imperva in 2014

– Major player in CASB market

Incapsula

Incapsula Application Delivery Cloud

Comprehensive DDoS Protection

DNSDNS

DDoS Protection Service Protected Assets

WebsiteProtectio

n

Name Server

Protection

Infrastructure

Protection

Why Choose Incapsula?

Market Leading Products

Global 1.25Tbps

Network of 25

Datacenters

Best DDoS Mitigation Service

Top Ten Reviews 2013 –2014

Best Web Security and Performance Service

Top Ten Reviews 2012 –2014

Security Innovator of the Year

Cloud Awards.com 2014

Readers choice: DDoS

Protection Solution of the Year

Search Security 2014

North America Top 10Red Herring – 2011

Global 1.25Tbps

Network of 25

Datacenters

Market Leading Products

Global 1.25Tbps

Network of 25

Datacenters

Market Leading Products

Global 1.25Tbps

Network of 25

Datacenters

Skyfence

Customer-facing Applications

Moving to IaaS or PaaSproviders

Employee-facing Applicationsare SaaS and Cloud Apps

Data Proliferation to the Cloud

Traditional Data Center

59

No visibility into who is using what apps

No way to assess cloud apps risks and prioritize

Unable to monitor and analyze all activity

No endpoint control capabilities for cloud apps

Cloud apps are a prime target for hackers and malicious insiders –data exfiltration

Corporate Employees, Mobile

Workers and Hackers

Cloud Applications

Cloud Applications

Challenges of Cloud Apps and “Shadow IT”

6

Visibility and Control for Cloud Applications

Cloud Discovery & Governance (Offline)

Cloud Audit & Protection (Inline)

Cloud Security Suite

Monitor Activity of Users & Admins – Push to SIEM

Endpoint & Data Access Controls with Risk-based MFA

Detect Anomalies & Prevent Account Takeover Attacks

Discover “Shadow IT” Apps & Assess Risk Review User Entitlements to Find Dormant & Orphaned Accounts

Centrally Assess Security & Configuration Settings of Cloud Apps

Corporate Employees, Mobile

Workers and Hackers

Cloud Applications

Cloud Applications

Your Specific

Factors

� App inventory

� Number of users

� User activity & volume

� Provider practices

Cloud Discovery

Generic Factors

How Does a Low Risk App Become a Big Threat?

� Who are the admins/owners?

� What users have excessive

rights?

� Do ex-employees have access?

� Do external users have access?

� How does my security compare

to industry best practices?

Contextual Risk

Governance

Your Specific Factors

LowRisk

Most AccurateRisk

HighRisk

Common Skyfence Use Cases for the Cloud

Secure Office 365 Users

• Endpoint access control

• Monitor & control uploads and downloads

• Prevent account takeover

Control Collaboration and File Sharing

• Visibility over sharing of unstructured data

• Data security

Manage AWS Console Users

• Discovery of AWS console users

• Risk-based strong authentication

• Blocking/controlling high-risk actions

• Prevent account takeover

Discover Line of Business Apps

• Sanctioned and unsanctioned

• Over 5,000 apps supported (Salesforce, NetSuite, etc.)

Metro Bank Uses Skyfence to Secure Office 365 Apps

Background

• Fast-growing, UK-based bank

• 1400 users

• Office 365 apps: Email, SharePoint, Yammer, and OneDrive

Challenges

• Employees require remote access to Office 365 apps

• Microsoft “IP fencing” was ineffective at controlling BYOD access

• Required non-intrusive approach – no impact to end users

• Integrate with AirWatch MDM deployment

Solution Benefits

• Global enforcement of access controls

• Consistent, detailed, and clear visibility into all cloud app activity

• PCI DSS compliance for cloud access outside of the organization