Cloud Discovery

Cloud Discovery is a component of the Cloud Access Security Broker (CASB) solution that protects the cloud infrastructure of an organization. Cloud Discovery manages user access to cloud services. Cloud services include, for example, Microsoft Teams, Salesforce, Microsoft Office 365. Cloud services are grouped in categories, for example, Data exchange, Messengers, Email. Kaspersky experts regularly update the Cloud Discovery categories and cloud services classified in the categories. Kaspersky Endpoint Security updates the set of categories and cloud services with the application databases. This means that Cloud Discovery does not use the Kaspersky Security Network for categorizing cloud services.

Cloud Discovery provides the following functionality:

• Monitoring cloud service usage
• Blocking user access to cloud services

System requirements

Cloud Discovery is available if the following conditions are satisfied:

• The application is installed on a computer running Windows for workstations.

  The component is not available for servers.

• Kaspersky Security Center Cloud Console 15.1 and later.

  The component is not available in Kaspersky Security Center Administration Console (MMC) or Kaspersky Security Center Web Console.

• Kaspersky Next license.
• Monitoring of user Internet activity is enabled. Prior to enabling user Internet activity monitoring, you must do the following:
  • Inject a web page interaction script into web traffic. The script enables registration of Cloud Discovery events. The script also provides full-featured blocking of access to cloud services. Without the script, the application blocks access only by cloud service domains.
  • For HTTPS traffic monitoring, you need to enable encrypted connections scan.
  • To get more accurate statistics of cloud services usage, you need to enable logging of data about visits to allowed pages. The functionality includes grouping of events when a user visits web pages that belong to the same domain. In this way, when a user uses a cloud service, Cloud Discovery logs only one event rather than multiple events for each web page.

Monitoring cloud services

When a user begins using a cloud service, Kaspersky Endpoint Security registers that event and creates an entry in the report. Cloud Discovery controls cloud service usage in the browser as well as in corresponding applications. Cloud Discovery controls cloud service usage over HTTP and HTTPS.

How to enable cloud service monitoring in Cloud Console

Blocking access to cloud services

The administrator can restrict user access to Cloud Discovery categories or individual cloud services. In this way, the administrator can allow only secure cloud services and avoid data leaks. Risk level information is displayed for each cloud service in Cloud Discovery. The risk level helps detect services that do not satisfy the security requirements of the organization.

The risk level is an estimation and does not imply any statements about the quality of the cloud service or its vendor. The risk level is simply a recommendation of Kaspersky experts.

Risk levels of cloud services are displayed in the Cloud Discovery section of the policy in the list of all controlled cloud service.

Other Kaspersky Endpoint Security components provide protection from threats and tracking of suspicious user activity when using cloud services.

Cloud Discovery notification

Cloud Discovery does not block cloud applications that were started before Kaspersky Endpoint Security.

Blocking access to unwanted cloud services is available only for the Kaspersky Next EDR Foundations license.

How to block access to unwanted cloud services in Cloud Console