CCSK

Expand all | Collapse all

CASB vs. Web Proxies?

  • 1.  CASB vs. Web Proxies?

    Posted 15 days ago
    In Domain 11 of the Security Guidance, they talk about CASBs. I was wondering, what are the differences between CASB and web proxies?

    ------------------------------
    Jenna Morrison
    Training Department Intern
    Cloud Security Alliance
    ------------------------------


  • 2.  RE: CASB vs. Web Proxies?

    Posted 7 days ago
    Hi Jenna,
    I just signed up here, so this is my first post :)

    Related to your question, as far as I know, CASB is a specific solution to be integrated with Cloud environments. It analyze the traffic (maybe decrypt) to cloud providers to identify what kind of info is going out. You can apply some sec policies with CASB to take control of the communication between users and Cloud Provider.
    On the other hand, a web proxy analyzes outgoing web traffic but it is not a specific solution for cloud traffic. For example, a web proxy could limit browsing to certain categories (eg "social networks", "videogames", "news"). Perhaps one of those categories is "cloud services", so you can realize if a user is connecting to "Dropbox" for example, but it cannot be as granular as CASB.

    Regards!

    ------------------------------
    Laura Alvarez
    Sec Arquitect
    Fluidra
    ------------------------------



  • 3.  RE: CASB vs. Web Proxies?

    Posted 6 days ago
    Welcome to Circle! I'm glad you joined this community and are already offering your insights :)

    And thank you for your response it was very helpful!

    ------------------------------
    Jenna Morrison
    Training Department Intern
    Cloud Security Alliance
    ------------------------------



  • 4.  RE: CASB vs. Web Proxies?

    Posted yesterday
    Hello Jenna, Laura,

    I joined here today and this is my first post too. :)

    Laura is perfectly right in that CASB has far more granular controls compared to web proxies which are simpler devices. A few other differences that I could think of:
    - CASBs could be implemented as forward proxies, reverse proxies or even using APIs. When implemented using APIs they could potentially help with Data Leakage Prevention to the extent of having the ability to protect 'data at rest' too.
    - CASBs can detect and prevent malware from exfiltrating data
    - CASBs also have an updated list of independent risk assessment for each cloud service. The strength of this database of information is what differentiates one CASB from another.
    - CASBs could use machine learning for detecting threats
    - CASBs can help prevent users from downloading data to unprotected devices

    CASBs thus have a bunch of such functions which help implement the 'Zero Trust' network of today. They add on to and complement the web proxies of earlier days whose only function was to prevent users inside a network from accessing illicit content outside.

    Hope this helps!!

    ------------------------------
    Janit Vora
    Enterprise Architect
    Tata Consultancy Services Ltd
    ------------------------------



  • 5.  RE: CASB vs. Web Proxies?

    Posted 2 hours ago
    Welcome to Circle!

    I appreciate your reply and the examples you gave. This was very helpful :)

    ------------------------------
    Jenna Morrison
    Training Department Intern
    Cloud Security Alliance
    ------------------------------