McAfee CASB Integration in FileCloud

McAfee MVISION Cloud

 

FileCloud includes a smart data leak prevention (DLP) functionality that monitors user actions and prevents them if they pose a security risk.

In Version 20.2, FileCloud has added integration with external cloud access security broker (CASB) software to enable you to expand your DLP monitoring and risk prevention. This enables you to expand activity monitoring and measures taken when there is a possible security breach.

Currently, FileCloud supports integration with McAfee CASB software, but in the future will provide integration with additional CASB providers.

McAfee MVISION Cloud is a cloud platform that uses a unified policy engine to import existing policies or define new policies across data at rest and in transit. Use out-of-the-box templates for various business use cases, compliance, and benchmarks. Manage incidents and roll-back files and permissions based on certain rules.

McAfee MVISION CASB and FileCloud integration bring together a great cloud security solution and an unparalleled enterprise file sharing and sync solution with unmatched security and compliance features. Together, these two solutions can thwart any internal or external threats and provide advanced data security for the cloud

To enable CASB integration with FileCloud:

  1. In the Admin portal navigation pane, click Settings, and then select Third Party Integrations > McAfee MVISION CASB.
  2. Check Enable FileCloud CASB Integration.
    The field FileCloud CASB API Key appears.
  3. Leave the key as the default FileCloudCasbDefaultApiKey.
  4. Click Save.

This enables you to use McAfee CASB to apply extensive DLP rules when monitoring user events such as actions on files and folders and logins to the system. If a CASB DLP rule is violated, McAfee takes actions such as notifying a user, deleting a file, or removing a share.

For example, you could set up McAfee CASB to monitor the content of files when they are shared in a public FileCloud folder and move any files that include the keyword confidential to a quarantine folder.

To receive information about events, McAfee registers a webhook with FileCloud, which enables FileCloud to push information about events as they occur to McAfee CASB.

McAfee CASB supported features

FileCloud events and McAfee responses

FileCloud pushes information to McAfee when a user performs one of the following actions:

  1. adds a file
  2. updates a file
  3. adds an external file
  4. downloads a file
  5. logs in successfully
  6. creates a share
  7. creates an account
  8. deletes an account

McAfee responds to events that may compromise security using FileCloud’s API. FileCloud’s API includes the following endpoints:

  1. register
  2. deregister
  3. getwebhook
  4. downloadfile
  5. upload
  6. deletefile
  7. getshareinformation
  8. removeuserfromshare
  9. removegroupfromshare
  10. deleteshare
  11. getuserinformation