Symantec CloudSOC: CASB Product Overview and Insight

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

See our complete list of Top CASB Vendors.

Symantec added CASB capabilities to its portfolio in 2016 with the acquisition of Blue Coat Systems’ Perspecsys and Elastica. These two CASB products were merged to create Symantec’s current CASB offering, CloudSOC, which is aimed at enterprise customers with strong cloud discovery, usage monitoring and DLP needs. Gartner placed the solution among the leaders in its most recent CASB Magic Quadrant.

Notable features

CloudSOC offers a number of features enterprise customers will appreciate:

  • Cloud service discovery and usage is one of CloudSOC’s strongest capabilities, according to Gartner
  • Policy violation notices can include lists of approved cloud services and provide links for users to access them
  • Machine learning engines are included for application intelligence, transactional activity, user behavior analytics, and data loss prevention (DLP)
  • CloudSOC includes a wide range of predefined DLP selectors based on common data formats and types, dictionaries, file type detection, fingerprinting, and similarity matching that can be trained from a body of positive and negative content

Works with: Microsoft Office 365, Google G Suite, Box, Dropbox, Salesforce, Amazon Web Services, Microsoft Azure, ServiceNow, DocuSign, Jive, GitHub, Slack, Cisco Webex Teams, Workday, Yammer, and more.

Technology (API, proxy or hybrid): API, proxy

Use cases

CloudSOC is used by many industry verticals, among them finance, healthcare, telecom, services, retail, manufacturing, technology and consulting. It is a good fit for organizations with heavy cloud use or that are migrating to cloud use and want protection over all their corporate resources. CloudSOC is also popular with organizations wanting a single integrated DLP solution that can protect their data in the cloud, at the endpoint, in email, in the data center, and on the network.

Security certifications

SOC-2; FIPS; ISO 27001 and FedRAMP in process; CSA STAR Certification; Slack Security Partner; Google Cloud Partner; Microsoft Partner; Dropbox Technology Partner; Webex Teams Partner; AWS Advanced Technology Partner (Jan 2019); Box Partner

Features in depth

CloudSOC is a multimode CASB with strong visibility, data security, and threat protection capabilities. It offers granular access control, data security, and threat protection for the use of virtually any public cloud service. With the integrated Symantec Secure Access Cloud, CloudSOC can also provide CASB protection over use of web apps hosted in private cloud or hybrid data centers. CloudSOC claims a unique ability to protect corporate resources across SaaS, IaaS, private cloud, and hybrid data centers.

Visibility: CloudSOC discovers and monitors Shadow IT use of cloud apps based on log ingestion. It can input logs from virtually any type of system, including firewalls, proxies, endpoints, SIEM systems, and more. It comes with an extensive intelligence system on cloud apps that is refreshed every two weeks to maintain accuracy. It tracks around 300 app and risk attributes and maintains details on more than 40,000 unique apps (a unique app can be represented by multiple domains). CloudSOC also offers discovery and intelligence on mobile apps in addition to cloud server-side apps. Integration with Symantec Secure Web Gateway products can provide additional control and protection.

Data Security: CloudSOC claims a highly accurate, data science-driven DLP to protect data in public and private clouds. Customers can use the ContentIQ system built into CloudSOC or they can protect all data anywhere with tight integration with Symantec’s DLP solution.

Threat Protection: CloudSOC uses Symantec’s anti-malware, file reputation, cloud sandbox, and URL reputation technologies to protect against threats infiltrating and attempting to proliferate via cloud apps. It also comes with an intelligent UEBA capability that automatically identifies high risk and compromised users. It tracks each user with a dynamic ThreatScore and presents a Threat Map for each user so CloudSOC admins can often identify a problem and diagnose the issue at a glance. Automated policies can also take action quickly if a user account suddenly becomes high risk.

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

Paul Rubens Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis