by David Schwalenberg
July 29, 2015
Many services used by today's organizations are cloud based. These cloud services include file storage and sharing services such as Dropbox and iCloud, customer relationship management (CRM) services such as Salesforce, resource planning services, and others. An organization can use Tenable's Tenable.sc Continuous View (CV) to detect and track what cloud services are being used, discover if any unauthorized cloud service interactions are occurring, and even determine potential vulnerabilities associated with the use of cloud services.
This report presents detections of network interactions with cloud services. These interactions are mostly detected through passive traffic analysis or via logged events; however, some cloud applications and vulnerabilities are also detected through active scans. Since some components in this report are only event-based, while others include passive detections, and still others also include active detections, there may be some services that are only detected by certain components. Additional components in the report present cloud service interactions by service type, track cloud service sessions, and display which subnets on the network interact most with cloud services.
The Cloud Service Types Detected chapter in this report presents information on the cloud services detected by type. A service type field is included in many of the LCE plugins that detect network interactions with cloud services. Event-based detections of cloud services within each of the types are presented in this chapter. The cloud service types are:
- File Sharing (such as Dropbox and iCloud)
- Note Sharing (such as Evernote and Todoist)
- Email (such as Gmail and Outlook.com)
- Webinar (such as WebEx and GoToMeeting)
- Social (such as Jive)
- Customer Relationship Management (CRM) (such as Salesforce and Base CRM)
- Enterprise Resource Planning (ERP) (such as NetSuite and QuickBooks Online)
- Resource Planning (such as Workday and Basecamp)
- Human Resources (such as ADP and DocuSign)
- Infrastructure (such as Microsoft Azure)
The Popular Cloud Service Detections and Vulnerabilities chapter in this report contains sections for a number of popular cloud services. Each section presents information on detections of the specified service and any discovered vulnerabilities associated with the service. The report can be edited and sections can be removed or new sections added as desired.
The report is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the Tenable.sc Feed under the category Monitoring. The report requirements are:
- Tenable.sc 4.8.2
- Nessus 8.6.0
- NNM 5.9.0
- LCE 6.0.0
This report does not include interactions with social media and other cloud-based consumer applications. The Social Network Activity Executive Report can better assist an organization in detecting those types of interactions.
Tenable's Tenable.sc Continuous View (Tenable.sc CV) is the market-defining continuous network monitoring platform. Tenable.sc CV includes active vulnerability detection with Nessus and passive vulnerability detection with Tenable's Nessus Network Monitor (NNM), as well as log correlation with Tenable's Log Correlation Engine (LCE). Using Tenable.sc CV, an organization will obtain the most comprehensive and integrated view of its network and the cloud services it is using.
The following chapters are included in the report:
- Executive Summary - This chapter summarizes the detections of network interactions with cloud services such as file storage and sharing services, customer relationship management (CRM) services, resource planning services, and others.
- Cloud Service Types Detected - This chapter presents information on cloud services detected by type. The Cloud Service Types Detected matrix presents indicators that highlight the different types of cloud services detected; a purple indicator means that services of that particular type were detected via events. In the sections that follow, details about the detections of cloud services within each of the types are presented. In each section, a table presents all event-based detections of the service and a pie chart presents the top Class C subnets that have event-based detections of interactions with the service. This information can be used to determine if services of a given type are being used, which subnets are interacting with the services the most, and if any unauthorized interactions are occurring.
- Popular Cloud Service Detections and Vulnerabilities - This chapter presents information on popular cloud service detections and vulnerabilities. The Popular Cloud Services Detected matrix presents indicators for 15 popular cloud services; a purple indicator means that the service (or a vulnerability associated with the service) was detected actively, passively, or via events. In the sections that follow, details about the detections of each popular cloud service are presented. In each section, a table presents all active, passive, and event-based detections of the service and vulnerabilities associated with the service. Also within each section, a pie chart presents the top Class C subnets that have active, passive, or event-based detections of interactions with the service. This information can be used to determine if the service is being used, vulnerabilities with the service, which subnets are interacting with the service the most, and if any unauthorized interactions are occurring.