McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Document

Proof of Concept (POC)
McAfee MVISION Cloud
Iftikhar Ali Iqbal, CISSP, CCSP, CISM
https://www.linkedin.com/in/iftikhariqbal/
VALID TILL JULY 2019
Document Control

Proof of Concept (POC) – McAfee MVISION Cloud
_____________________________________________________________________________ 2
Revision History
Version Date Changes
1.0 6February 2018 Initial Draft
1.1 1 May 2019 POC Welcome Letter
1.2 13 May 2019 Appended MVISION Cloud Shadow IT details
1.3 21 May 2019 Appended MVISION Cloud for Office 365 details
1.4 23 May 2019 Appended MVISION Cloud for AWS details
1.5 30 May 2019 Appended MVISION Cloud for Azure details
1.6 3 June 2019 Appended MVISION Cloud for G Suite details
1.7 3 July 2019 Appended MVISION Cloud for Box details
Contact Details
Name Email Number
Consultant Iftikhar Ali Iqbal https://www.linkedin.com/in/iftikhariqbal/

_____________________________________________________________________________ 3
Table of Contents
Solution Overview........................................................................................................... 4
MVISION Cloud for Shadow IT ................................................................................................................4
MVISION Cloud for Software as a Service (SaaS)......................................................................................5
MVISION Cloud for Office 365.........................................................................................................................6
MVISION Cloud for G Suite..............................................................................................................................7
MVISION Cloud for Infrastructure as a Service (IaaS) ...............................................................................7
Architecture .................................................................................................................... 9
System Requirements.....................................................................................................10
McAfee MVISION Cloud .......................................................................................................................10
Supported Browsers..................................................................................................................................... 10
McAfee MVISION Cloud Connector.......................................................................................................11
Data Source .................................................................................................................................................. 11
Software and Hardware Requirements........................................................................................................ 11
Network Connectivity................................................................................................................................... 11
System Permissions...................................................................................................................................... 12
Credentials.................................................................................................................................................... 12
Important Notes ..................................................................................................................................12
McAfee MVISION Cloud for Microsoft Office 365...................................................................................13
Service Permissions...................................................................................................................................... 13
MVISION Cloud’s DLP Monitor Sandbox (Content Security Integrator) ...................................................... 13
MVISION Cloud’s Cloud Access Control (Cloud Access Policy)..................................................................... 14
McAfee MVISION Cloud for Google G Suite ...........................................................................................15
Licenses ........................................................................................................................................................ 15
McAfee MVISION Cloud for Amazon Web Services (AWS)......................................................................16
Components Required.................................................................................................................................. 17
McAfee MVISION Cloud for Microsoft Azure .........................................................................................17
Responsibilities ..............................................................................................................18
Customer Responsibilities ....................................................................................................................18
Consultant Responsibilities...................................................................................................................18
Proof of Concept.............................................................................................................19
Objectives............................................................................................................................................19
MVISION Cloud for Shadow IT...................................................................................................................... 19
MVISION Cloud for Office 365...................................................................................................................... 20
MVISION Cloud for G Suite........................................................................................................................... 21
MVISION Cloud for Amazon Web Services (AWS) ....................................................................................... 22
MVISION Cloud for Microsoft Azure ............................................................................................................ 23
Tasks ...................................................................................................................................................24
MVISION Cloud for Shadow IT...................................................................................................................... 24
MVISION Cloud for Office 365...................................................................................................................... 24
MVISION Cloud for G Suite........................................................................................................................... 24
MVISION Cloud for Amazon Web Services (AWS) ....................................................................................... 25
MVISION Cloud for Microsoft Azure ............................................................................................................ 26
Sign-off................................................................................................................................................27

_____________________________________________________________________________ 4
Solution Overview
McAfee MVISION Cloud is a cloud access security broker (CASB) that protects data where it lives today, with a
solution that was built natively in the cloud, for the cloud. It’s cloud-native data security. It is a single point to
gain visibility and control over your data in the cloud. Set your security policies once and then consistently
enforce them across SaaS, PaaS, and IaaS.
MVISION Cloud delivers the following capabilities:
• Cloud Discovery and Risk Monitoring
Processes logs and identifies all the cloud services in use within your organization. Provides an objective,
customizable risk assessment for each Cloud Service Provider (CSP).
• Cloud Usage Analytics
A Hadoop-based analysis engine detects usage anomalies based on statistical and behavioral models.
Identifies risky user behavior, inconsistent policies, and underutilized subscriptions to cloud services.
• Cloud Access and Control
Provides fine-grained controls around the usage of several CSPs. This includes data loss prevention (DLP),
contextual access control, data discovery, application auditing, standards-based encryption, anomaly
detection, mobile-to-cloud support, and Cloud Activity Monitoring without affecting the user experience.
MVISION Cloud for Shadow IT
Cloud services procured and managed outside of IT’s purview is often referred to as Shadow IT. Although, in
many ways Shadow IT is helping to make businesses more competitive and employees more productive, it
complicates the situation for IT and IT security teams. Security teams often have little to no visibility into the full
scope of IT services employees are using. Without visibility, it becomes very difficult for IT to manage both cost
expenditure and risk in the cloud.
McAfee MVISION Cloud for Shadow IT provides continuous visibility into all cloud services in use and their risk,
compliance and governance policy enforcement, and threat protection.
McAfee discovers all cloud services in use by employees both on and off-network, including thousands of cloud
services uncategorized by firewalls and web proxies. The solution’s usage analytics summarize cloud usage in
aggregate and at the department and user level with traffic patterns, access count, and usage trends over time,
enabling IT to securely enable cloud services that drive productivity and growth.

_____________________________________________________________________________ 5
MVISION Cloud for Software as a Service (SaaS)
McAfee MVISION Cloud provides organizations to securely accelerate their business by giving total control over
data and user activity in sanctioned Software as a Service (SaaS). Some of the key features include the following:
• Data Loss Prevention
Prevent regulated data from being stored in cloud services. Leverage McAfee’s content analytics engine to
discover sensitive data created in or uploaded to based on keywords/phrases, pre-defined alpha-numeric
patterns, regular expressions, file metadata, fingerprints of unstructured and structured databases or other
structured data files.
• Collaboration Control
Prevent sharing of sensitive data with unauthorized parties via online file and folder collaboration, as well
as web mail in real-time.
• Access Control
Protect corporate data from unauthorized access by enforcing granular, context-aware access policies such
as preventing download of sensitive data from cloud service to unmanaged devices.
• Activity Monitoring
Gain visibility into cloud service usage and accelerate post-incident forensic investigations by capturing a
comprehensive audit trail of all activity. McAfee captures hundreds of unique activity types and groups them
into 14 categories for streamlined navigation.
• User Behavior Analytics
McAfee uses data science and machine learning to automatically build models of typical user behavior and
identifies behavior that may be indicative of a threat such as insider threats, compromised accounts and
privilege user threats
• Malware Detection
Block known malware signatures, sandbox suspicious files, and identify behavior indicative of malware data
exfiltration or ransomware activity.

_____________________________________________________________________________ 6
MVISION Cloud for Office 365
Microsoft Office 365 Mail (Exchange Online)
MVISION Cloud Email DLP allows you to apply DLP policies to your Exchange Online deployment using email
journaling in Exchange Online. Journaling gives you the ability to send a copy of email traffic to MVISION Cloud
DLP for inspection. Each email sent from your organization is forwarded to a MVISION Cloud-hosted mailbox
where it is scanned.
Microsoft Office 365 OneDrive
MVISION Cloud for OneDrive helps ensure compliance and security requirements by providing an additional
layer of control through Data Loss Prevention (DLP) policies, anomaly detection, and activity monitoring for data
stored in OneDrive. It also provides a way for organizations to leverage their existing enterprise data loss
prevention (DLP) policies and extend them to the cloud.
MVISION Cloud for OneDrive supports two different types of architectures depending on customer use cases
and deployment requirements –OneDrive API and Inline Reverse Proxy. MVISION Cloud for OneDrive enables
near real-time scanning of content uploaded to OneDrive to evaluate DLP policies. This is triggered by file activity
and generally occurs within 10-15 seconds depending on bandwidth constraints, network latency, and file size.
Deployments that leverage an existing on-premise Enterprise DLP policy engine, such as McAfee DLP, can install
the MVISION Cloud Connector, which downloads documents directly from OneDrive and forwards them to an
Enterprise DLP policy engine using an ICAP protocol.
Microsoft Office 365 SharePoint (SharePoint Online)
MVISION Cloud for SharePoint enables near real-time scanning of content uploaded to SharePoint to evaluate
DLP policies. MVISION Cloud continuously monitors an organization’s SharePoint accounts for any file activity
and processes those documents using the MVISION Cloud DLP policy engine, an on-premise Enterprise DLP
policy, or a combination of both.
MVISION Cloud continuously monitors SharePoint for content changes leveraging APIs from SharePoint
(Office365). As employees add/modify new files in SharePoint, MVISION Cloud scans the files according to DLP
policies put into place. MVISION Cloud quarantines and/or tombstones documents per DLP policy. Quarantined
files can be released or deleted directly from the dashboard.
For deployments that leverage an existing on-premise Enterprise DLP policy engine, such as McAfee DLP, the
MVISION Cloud MVISION Cloud Connector can be implemented for additional examination by the on-premise
DLP solution is sent to the on-premise MVISION Cloud Connector.

_____________________________________________________________________________ 7
MVISION Cloud for G Suite
Google Drive
MVISION Cloud for Google provides a way for organizations to leverage existing enterprise data loss prevention
(DLP) policies and extend them to G-Suite, reinforcing compliance and security requirements by providing an
additional layer of control for data stored in Google Drive.
MVISION Cloud continuously monitors an organization’s Google Drive accounts for any file activity and processes
those documents using the MVISION Cloud DLP policy engine, an on-premise Enterprise DLP policy, or a
combination of both. This is triggered by file activity and generally occurs within 10-15 seconds depending on
bandwidth constraints, network latency, and file size.
In addition to activities users perform, G-Suite Admin activities are also monitored and added to Threat
Protection.
MVISION Cloud for Box
MVISION Cloud for Box helps organizations by providing total control over data and user activity in Box. Data
Loss Prevention (DLP), Collaboration Control, Access Control, Activity Monitoring, User Behavior Analytics, and
Malware Detection features are available for Box.
Furthermore, Box Security Classifications can be used with MVISION Cloud's DLP policies to automate the
manual task of classifying documents. Files associated with sensitive information such as PII, HIPAA, or PCI can
be automatically classified and updated in Box via the integration. The MVISION Cloud integration is available
for eligible Box Enterprise accounts with Box Governance where API access has been enabled.

_____________________________________________________________________________ 8
MVISION Cloud for Infrastructure as a Service (IaaS)
McAfee MVISION Cloud extends Cloud features to monitor, secure, and audit Infrastructure as a Service (IaaS)
environments for threat protection, anomaly detection, configuration audit, and forensic audit logs. Some of
the key features include the following:
• Security Configuration and Compliance Audit
Audit and monitor the security configurations of all your IaaS services to detect and correct
misconfigurations to reduce risk and comply with internal/external policies.
Gain visibility into usage across managed and unmanaged IaaS accounts and accelerate post-incident
forensic investigations by capturing a comprehensive audit trail of all activity. McAfee captures hundreds of
unique activity types and groups them into distinct categories for streamlined navigation.
• User Behavior Analytics
McAfee uses data science and machine learning to automatically build models of typical user behavior and
identifies behavior that may be indicative of a threat such as insider threats, compromised accounts and
privilege user threats
• Malware Detection
Block known malware signatures, sandbox suspicious files, and identify behavior indicative of malware data
exfiltration or ransomware activity.
• Data Loss Prevention (DLP)
Prevent unauthorized regulated data from being stored in IaaS storage services. Leverage McAfee’s content
analytics engine to discover sensitive data stored in IaaS services based on keywords/phrases, pre-defined
alpha-numeric patterns, regular expressions, file metadata, fingerprints of unstructured and structured
databases or other structured data files.

_____________________________________________________________________________ 9
Architecture
1. McAfee MVISION Cloud
The cloud tenant used to manage, analyze, report and create policies.
2. McAfee MVISION Cloud Connecter
A lightweight on-premise application that processes egress device (such as proxies, firewalls or SIEMs)
logs and identifies relevant log entries. It compresses the data and securely uploads it to the MVISION
Cloud service for discovery and analysis.
3. Web Gateway
Proxy being utilized as a log source. Logs will be collected by the MVISION Cloud Connector for analytical
processing over MVISION Cloud.
4. Okta Single Sign-On (SSO)
The identity provider already being used for Microsoft Office 365 and other services. For MVISION
Cloud, Okta is being utilized for use cases that can be achieved via MVISION Cloud Reverse Proxy.
5. Sanctioned SaaS
The Microsoft Office 365, G Suite and Box tenant that is being consumed by the employees.
6. Sanctioned IaaS Amazon Web Services (AWS)
The Amazon Web Service and Microsoft Azure tenant that is being consumed by the organization

_____________________________________________________________________________ 10
System Requirements
McAfee MVISION Cloud
The MVISION Cloud tenant along with the credentials for the SHNPOC (Sandbox) type tenant.
This credential will have the following roles:
• Administrator
To setup and configure services / infrastructure, users and alerts, and access the audit log.
• Compliance Manager
To carry out Service Governance-related workflows.
• Policy Management
To perform policy related workflows including creation of policies.
• Incident Management
To carry out incident management workflows.
• Executive Summary
To view high level usage information and statistics through Executive Summary.
• Usage Analytics Users
To view Usage Analytics; create, run, and share reports.
• Custom Apps Owner
To manage and deploy Custom Applications.
• Detokenization Privilege
To reveal user names instead of random tokens.
• Enterprise Connector (MVISION Cloud Connector) User
To access Enterprise Connector management pages and process logs.
Please ensure that the email address ‘no.reply@corp.skyhighnetworks.com’ is on your organization’s email
management system’s allow list. You will receive a welcome email with details of your credentials.
Supported Browsers
1. Google Chrome
2. Internet Explorer 11
3. Mozilla Firefox (features equivalent to Google Chrome)
4. Microsoft Edge (feature equivalent to Google Chrome)
5. Safari (unblock pop-up windows)

_____________________________________________________________________________ 11
McAfee MVISION Cloud Connector
Data Source
MVISION Cloud Connector would require good quality logs that would be processed and sent to MVISION Cloud
for analysis. These logs are provided either through secure web gateways, next-generation firewalls and/or IP-
based firewalls. Each log source requires a log configuration parsing rule.
As a best practice to ensure that the correct data is being analyzed and reviewed on the McAfee MVISION Cloud,
we request that a sample log of each log source be provided. The sample logs would be sent to the McAfee
MVISION Cloud Log Validation Team to ensure quality assurance and provide the correct log configuration for
parsing. Please provide the sample as follows:
• At a minimum 1000 lines or 2 weeks of log data
• Log source vendor name, version and type (example: McAfee Web Gateway - 7.8.1 – Secure Web Gateway)
Please note that the McAfee MVISION Cloud Log Validation Team will respond within forty-eight (48) hours. You
may need to repeat this process if the log source is missing fields. Please review it thoroughly as this impact the
proof of concept (POC).
Log Enrichment
Depending on the log data sources, additional information such as usernames, IP, location, department, etc are
not included. This additional information or custom attributes provides enrichment by giving context to the data
processed by the MVISION Cloud solution. This can be achieved via the following:
• Microsoft Active Directory (AD) integration (recommended)
• A comma-separated values (CSV) file with additional metadata
Software and Hardware Requirements
COMPONENT REQUIREMENT
Processor (CPU) 8 CPU (minimum)
Memory (RAM) 8 GB (minimum)
Hard-Disk 500 GB (free space)
Operating Systems • Windows Desktop – 7, 8, 8.1, 10
• Windows Server – 2008 R2, 2012, 2012 R2, 2016
• Linux 64-bit – Ubuntu, RHEL, or CentOS
Browser -
Software Microsoft Visual C++ Redistributable
Virtual Infrastructure • VMWare ESXi
• Microsoft Hyper-V Server
• Citrix XenServer
• Amazon Web Services (AWS)
• Microsoft Azure
Network Connectivity
DEFAULT PROTOCOL TRAFFIC DIRECTION
8443 TCP Outbound to MVISION Cloud Connector
443 TCP Bi-directional to https://www.myshn.net
443 TCP Bi-directional to https://pstat.myshn.net
443 TCP Bi-directional to https://success.myshn.net
443 TCP Bi-directional to https://shnpoc.myshn.net
443 TCP Bi-directional to https://shnpoc-collector.myshn.net

_____________________________________________________________________________ 12
System Permissions
• Admin Account Access - Deployment, execution and access to log files.
• Local System Admin Account - If log files are stored locally.
• Network Admin Account - Is log files are stored on a network drive.
The shnlps.exe and shnlpcli.exe processes of MVISION Cloud Connector will be accessing log files.
Credentials
The credentials for MVISION Cloud Connector. This is different than the credentials for MVISION Cloud user
interface. This credential allows the configuration, installation, and modifications to the MVISION Cloud
Connector.
This credential will have the following roles:
• Enterprise Connector (MVISION Cloud Connector) User
To access Enterprise Connector management pages and process logs.
• McAfee ePolicy Orchestrator (ePO) Connector
To configure integration between ePO and the MVISION Cloud.
Please ensure that the email address ‘no.reply@corp.skyhighnetworks.com’ is on your organization’s email
management system’s allow list. You will receive a welcome email with details of your credentials.
Important Notes
1. The McAfee MVISION Cloud Log Validation Team will respond within forty-eight (48) hours for log
validation check. You may need to repeat this process if the log source is missing fields. Please review
it thoroughly as this will impact the proof of concept (POC).
2. It takes a minimum of 4-6 hours for the log processing and metadata activities. This includes uploading
from MVISION Cloud Connector to the MVISION Cloud and the data analytics performed by MVISION
Cloud. No information will be visible on the MVISION Cloud console before this.

_____________________________________________________________________________ 13
McAfee MVISION Cloud for Microsoft Office 365
Service Permissions
SERVICE ROLE OTHER
Exchange Online Global Administrator1 Configure Exchange Mailbox Auditing
OneDrive • Global Administrator1
• SharePoint Administrator2
SharePoint Online • Global Administrator1
• SharePoint Administrator2
Enable Audit Log Search in Office 365 Security & Compliance
1 The Global Administrator (GA) role must be assigned to the user used to enable the API.
Please note that MVISION Cloud does not inherent the admin rights. The need to provide the administrator
credentials is a requirement from the cloud service provider (CSP), in this case Microsoft. MVISION Cloud does
not control the permission requirements to enable the API.
If GA account is not available, then you can enable the API using a ‘Custom oAuth Application’.
Please inform us before the proof of concept (POC) begins there are more prerequisites to establish:
1. MVISION Cloud Support to enable Custom OAuth Application for the tenant.
2. Creation of a new web application (App Registrations) in Azure Active Directory in Azure Portal
3. Grant the correct Application Permissions to the web application.
4. Download the Manifest and create a self-issued and self-signed certification for the web application.
5. Upload the updated Manifest for the web application.
6. Assign the web application to your Subscription.
2 To deploy a MVISION Cloud SharePoint Online Application called the “DLP Monitor Sandbox” (a SharePoint
Add-in) and to be able to automatically create a quarantine section for Microsoft Office 365 incidents.
MVISION Cloud’s DLP Monitor Sandbox (Content Security Integrator)
This is a provider-hosted Add-in from MVISION Cloud. Provider hosted Add-ins have external components such
as web application, database hosted externally from SharePoint Online subscription.
The DLP Monitor Sandbox Add-in from MVISION Cloud is backed by a web-application (owned by MVISION
Cloud) hosted in Microsoft Azure.
This Add-in is used to register SharePoint remote event receivers for SharePoint and OneDrive sites to
completely manage the following workflows:
• Detect sensitive content being uploaded/updated in OneDrive and SharePoint and perform
remediation actions specified in DLP policies.
• Detect the activity of sharing sensitive content internally and externally (outside the organization).
• Perform remediation actions, such as modifying sharing permissions, revoking collaboration, and
removing public links on files.
SharePoint remote event receivers enable monitoring of file upload and sharing activity in near real-time.
This will be installed on the App Catalog of SharePoint Online.

_____________________________________________________________________________ 14
MVISION Cloud’s Cloud Access Control (Cloud Access Policy)
Cloud Access Policies are used to protect cloud data access and manage devices. Cloud Access Policies can be
set up to block access to all service uploads or step-up authentication before downloading a file.
It also specifies the correct behavior for managed and unmanaged devices. This is managed by provisioning
certificates to devices and creating policies that require an unmanaged device to register before accessing a
page, for example. Certificates are OS-agnostic, version-independent, and can be easily revoked or cycled,
offering you a great deal of control and flexibility in cloud access management.
It is supported for both Reverse and Forward Proxy integrations.
In order to perform the some of the required use cases, MVISION Cloud’s reverse proxy feature will be enabled.
Following are the requirements:
1. A copy of your Root CA certificate in base64 format, which is used to sign client certificates.
2. Okta:
a. Okta URL
b. An API Token created for the MVISON Cloud Proxy URL.

_____________________________________________________________________________ 15
McAfee MVISION Cloud for Google G Suite
Licenses
G Suite Edition MVISION Cloud
Basic Data Loss Prevention for Gmail (inline)
Business • Data Loss Prevention for Gmail (inline), Google Drive
• Threat Protection
Enterprise • Data Loss Prevention for Gmail (inline, passive), Google Drive
• Threat Protection
Service Permissions
1. Usage of G Suite Super Administrator
2. Enable Application Programming Interfaces (APIs) Access and Audit Access
3. Authorization for MVISION Cloud:
a. Deployment of McAfee MVISION Cloud for Google Drive Marketplace App; OR
b. Include the following scopes for the McAfee MVISION Cloud API Client Name (to be provided)
i. https://www.googleapis.com/auth/admin.reports.audit.readonly,
ii. https://www.googleapis.com/auth/admin.reports.usage.readonly,
iii. https://www.googleapis.com/auth/drive,
iv. https://www.googleapis.com/auth/drive.file,
v. https://www.googleapis.com/auth/admin.directory.user,
vi. https://www.googleapis.com/auth/admin.directory.user.security,
vii. https://www.googleapis.com/auth/admin.directory.domain.readonly

_____________________________________________________________________________ 16
McAfee MVISION Cloud for Box
Service Permissions
1. A Box account with administrator with account type as ‘Developer’
2. If there are Co-Admins for Box, then the following permissions are required:
a. Users and Groups
i. Manage users
ii. Manage groups
b. Reports and Settings
i. View settings for your company
ii. Edit settings for your company
iii. Run new reports and access existing reports
3. Grant access to the MVISION Cloud custom application for Box; this includes the following permissions:
a. Read and write all files and folders stored in Box
b. Manage enterprise properties
c. Manage users
d. Manage app users
e. Admin can make calls on behalf of Users
f. Admin or co-admin can make calls for any content in their enterprise
g. Generate Tokens for all users
4. To use Box Security Classifications with MVISION Cloud, the Box Governance feature should be enabled
5. New Box Web Experience enabled across your entire tenant

_____________________________________________________________________________ 17
McAfee MVISION Cloud for Amazon Web Services (AWS)
Components Required
Amazon Simple Storage Service (S3)
An object storage offered by Amazon Web Services (AWS) that provides through a web service interface. The
basic storage units of Amazon S3 are objects which are organized into buckets. Each object is identified by a
unique, user-assigned key. S3 is used for a number of AWS services, including CloudTrail.
Amazon Web Services (AWS) CloudTrail
AWS CloudTrail is an application program interface (API) call-recording and log-monitoring Web service offered
by Amazon Web Services (AWS).
AWS CloudTrail allows AWS customers to record API calls, sending log files to Amazon S3 buckets for storage.
The service provides API activity data including the identity of an API caller, the time of an API call, the source of
the IP address of an API caller, the request parameters and the response elements returned by the AWS service.
Service Permissions
‘ReadOnlyAccess’ to the S3 bucket storing AWS CloudTrail via AWS Identity and Access Management (IAM). IAM
enables you to manage access to AWS services and resources securely.
McAfee MVISION Cloud for Microsoft Azure
Service Permissions
Account with permissions that allow to read security configurations and storage account contributor of Azure
resources.

_____________________________________________________________________________ 18
Responsibilities
Customer Responsibilities
The following items will be the responsibility of the personnel assigned to this engagement:
• Define a team that consists of all the necessary individuals (example, firewall, email, virtual administrator)
required to install and configure prerequisites and evaluate McAfee solutions.
• Ensure Consultant personnel will have access to the following resources:
a. POC team
b. Logon credentials to the POC systems
c. Physical building access
d. Workspace with telephone and internet access
e. Remote access to the POC systems (if necessary)
• Provision any necessary resources in the test environment used to conduct the POC prior to arrival or
remote access. This may include, but is not limited to:
a. Hardware
b. Operating systems
c. Supporting applications (non-McAfee)
d. Sample devices, servers and/or data (example: log files)
• If the POC is to be in live production, Consultant will not be held responsible for support of systems
damaged, loss of production or any incidents arising from the POC
• Notification of any workplace safety requirements that personnel are required to conform to access the
POC environment.
Consultant Responsibilities
The following items will be the responsibility of the personnel assigned to this engagement:
• Aid in conducting installation and testing against documented success criteria.
• Provide access to technical support on an as needed basis.
• Provide McAfee software, tenant (if required) and trial license keys (if required)

_____________________________________________________________________________ 19
Proof of Concept
Objectives
The following provides the success criteria for this Proof of Concept (POC):
Objective Results (+/-)
Overview of McAfee MVISION Cloud
Overview of the Shadow IT assessment
McAfee MVSION Cloud for Shadow IT
Data Feeds
Ingest secure web gateway or firewall logs to MVISION Cloud
Ingest custom attributes (username, department, etc) via a user data source
Discovery and Risk Management
Discover all cloud usage by service, risk, category and users continuously
Access to global cloud security rating system with the ability to search and compare
Ability to adjust risk measurements based on organization risk appetite
Ability to view statistics on services not identified by rating system
Identify, Monitor and Analyze (Services)
High Risk services by category (cloud storage, collaboration and IaaS)
High Risk services by regulation (GDPR)
Services which have been breached
Services which allow anonymous usage
High Risk services allowed by perimeter security controls
Ability to manually add services for analytics as per Administrator (human) assessment
Auto-Assessment for service adoption (cloud storage, collaboration and IaaS category)
Auto-Assessment for service adoption based on Cloud Security Alliance (CSA) Star
Auto-Assessment for enterprise service adoption based on vendor’s recommendation
Identify, Monitor and Analyze (Users)
High Risk services consumed per user and department
Continuous monitoring of suspicious/high risk users
Analyze individual user activities and behavior anomalies
Identify, Monitor and Analyze (Vulnerable Storage)
Discover Amazon Simple Storage Service (Amazon S3) buckets with open permissions
Dashboard
Provide pre-build and customized dashboard views

_____________________________________________________________________________ 20
Overview of McAfee MVISION Cloud for Software as a Services (SaaS)
McAfee MVSION Cloud for Office 365
Data Loss Prevention (DLP)
Run on-demand scans to discover sensitive data-at-rest for Exchange Online
Quarantine sensitive data being uploaded to SharePoint Online
Quarantine sensitive data being uploaded to OneDrive
Apply classifications based on keywords to files shared on SharePoint Online and OneDrive
Collaboration Control
Block leakage of sensitive data via collaboration in real-time based on classifications
Allow internal users to collaborate on sensitive data with any permissions
Allow business partners to collaborate on sensitive data with view only permission
Block leakage of sensitive data via collaboration by removing shared link
Access Control
Setup CASB as a reverse proxy via Identity Provider (IdP)
Allow only managed devices to connect to services via certificate
Block unmanaged/personal devices access to services
Notifications
Provide a placeholder instead of the actual sensitive data
Provide email notifications to users on the incident
Incident Management
Ability to review incidents including user and service details
Ability to view incidents in the form of list and graphs
Ability to filter incidents based on various options on lists and graphs
Ability to export incident(s) information in various formats (example: PDF, XLS)
Ability to take various actions for incident response efforts
Ability to change the status of incidents

_____________________________________________________________________________ 21
McAfee MVSION Cloud for G Suite
Run on-demand scans to discover sensitive data-at-rest for Google Drive
Quarantine sensitive data being uploaded to Google Drive
Collaboration Control
Block leakage of sensitive data via collaboration in real-time based on classifications
Allow internal users to collaborate on sensitive data with any permissions
Allow business partners to collaborate on sensitive data with view only permission
Block leakage of sensitive data via collaboration by removing shared link
Notifications
Incident Management

_____________________________________________________________________________ 22
McAfee MVSION Cloud for Box
Quarantine sensitive data being uploaded to Box
Notifications
Incident Management

_____________________________________________________________________________ 23
MVISION Cloud for Amazon Web Services (AWS)
Overview of McAfee MVISION Cloud for Infrastructure as a Services (IaaS)
McAfee MVSION Cloud for Amazon Web Services (AWS)
Activity Monitoring
Discover usage anomalies on accounts with details such as service, user, source IP, etc
Security Configuration and Compliance Audit
Ability to perform on-demand scans for compliance audit
Discover misconfigurations and recommendations based on CIS levels
Discover misconfigurations and recommendations based on vendor’s research
Create views based on organization requirements (Unrestricted Access, Inactive Entity, etc)
Create custom audit policies utilizing configured AWS tagging
Incident Management
Ability to review incidents including service name, instance name and attributes
MVISION Cloud for Microsoft Azure
Overview of McAfee MVISION Cloud for Infrastructure as a Services (IaaS)
McAfee MVSION Cloud for Amazon Web Services (AWS)
Activity Monitoring
Discover usage anomalies on accounts with details such as service, user, source IP, etc
Security Configuration and Compliance Audit
Ability to perform on-demand scans for compliance audit
Discover misconfigurations and recommendations based on CIS levels
Discover misconfigurations and recommendations based on Azure Security Center
Discover misconfigurations and recommendations based on vendor’s research
Create views based on organization requirements (Unrestricted Access, Inactive Entity, etc)
Data Loss Prevention
Run on-demand scans to discover sensitive data-at-rest for Exchange Online
Incident Management
Ability to review incidents including service name, instance name and attributes

_____________________________________________________________________________ 24
Tasks
To meet the above defined success criteria, the following activities would need to be performed:
# Tasks
1. Finalization of POC scope of work / success criteria
2. Collection and validation of log data (allow 72 hours)
3. Validation of POC environment as per prerequisites
4. Deployment and configuration of MVISION Cloud Connector
5. Configure usage of custom attributes
6. Initiate and validate log processing (2 weeks)
7. Configure Service Groups, Dashboard Cards and Views
8. POC objectives walkthrough
9. Prepare audit/findings report
10. POC overview presentation
# Tasks
3. Deployment and configuration of MVISION Cloud’s DLP Monitor Sandbox
4. Enable APIs for Microsoft SharePoint Online, OneDrive and Exchange Online
5. Configure DLP rules, end user and admin notifications
6. Configure DLP on-demand scans
7. Perform rule triggers for incident generation
8. Rule tuning and monitoring of POC system
9. Prepare incident/findings report
10. POC use case demonstration and overview presentation
# Tasks
3. Enable APIs for Google Drive

_____________________________________________________________________________ 25
# Tasks
3. Enable APIs for Box

_____________________________________________________________________________ 26
MVISION Cloud for Amazon Web Services (AWS)
# Tasks
3. Enable APIs for Amazon Web Services
4. Configure on-demand scan for violations based on CIS levels and vendor research
5. Create custom rule based on AWS tags
6. Monitor for user anomalies or perform triggers for incident generation
7. Create views and dashboards as per organization requirement
MVISION Cloud for Microsoft Azure
# Tasks
3. Enable APIs for Microsoft Azure
4. Configure on-demand scan for violations based on CIS levels, Security Center and vendor research
6. Monitor for user anomalies or perform triggers for incident generation
7. Create views and dashboards as per organization requirement

_____________________________________________________________________________ 27
Sign-off
By signing this document, it is agreed that Consultant has delivered the stated deliverables and the Customer is
acknowledging that the stated deliverables have been received.
Accepted and Agreed for Customer Accepted and Agreed for Consultant
Signature: Signature:
Printed Name: Printed Name:
Printed Title: Printed Title:
Date Signed: Date Signed:

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Document

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Document

Similar to McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Document (20)

More from Iftikhar Ali Iqbal

More from Iftikhar Ali Iqbal (16)

Recently uploaded

Recently uploaded (20)

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Document