Identify Risky Unsanctioned SaaS Apps and Users
Focus
Focus
SaaS Security

Identify Risky Unsanctioned SaaS Apps and Users

Table of Contents

Identify Risky Unsanctioned SaaS Apps and Users

Learn how to identify and remediate risky apps on SaaS Security Inline.
Where Can I Use This?What Do I Need?
  • NGFW (Managed by Panorama or Strata Cloud Manager)
  • Prisma Access (Managed by Panorama or Strata Cloud Manager)
  • SaaS Security Inline license
  • NGFW or Prisma Access license
Or any of the following licenses that include the SaaS Security Inline license:
  • CASB-X
  • CASB-PA
SaaS Security Inline provides tools to help you identify risky SaaS apps and users, including analytics, risk scores, and reports. After you identify your organization’s risks, you have the following solutions to increase your security posture:
  • Author and submit SaaS security policy rule recommendations to address the risks. However, before you do so, consider some guidelines.
  • Identify a competing product that’s more secure. Search the Application Dictionary by Category to find a suitable replacement.
  • Notify users of the unsanctioned app to use the alternative, sanctioned app. Don’t forget to tag the sanctioned SaaS app.
  • Change the risk score.
  • Identify opportunities to develop training for employees and internal policies.

Identify Risky SaaS Users

Although Discovered Users, displays your list of users that are using discovered SaaS apps, not all of those uses are risky. You’ll need to observe the users in the context of the risky SaaS apps and overall app usage (MB). For example, if you find 100 users using WeTransfer but only a few people are uploading large amounts of data, those users are likely risky users and require more scrutiny.
  1. Log in to Strata Cloud Manager.
  2. Select ManageConfigurationSaaS SecurityApplications.
  3. Filter on SaaS apps with a risk score of 4 or 5.
  4. Do one of the following:
    • Click on the individual SaaS apps.
    • Click on the number of users for the SaaS apps.
  5. Sort the column by Usage.

Identify Risky SaaS Apps

A risk score in SaaS Security Inline enables you to make decisions about the security posture of a given app. The risk score is between 1 (low risk) and 5 (high risk) and is based on compliance attributes. Key attributes have a higher impact on the score: the score is assigned by applying different weights to each compliance attribute and calculating the score based on whether the app meets those compliance standards.
  1. Log in to Strata Cloud Manager.
  2. Select ManageConfigurationSaaS SecurityDiscovered AppsApplications.
  3. To navigate to the Discovered Applications view, select .
  4. Sort the table by Risk in descending order.
  5. Observe the Risk score for each SaaS app in the High risk category.
    Risk Score
    Description
    4-5
    High Risk — Very likely to be a risk.
    3
    Medium Risk — Moderate risk.
    1-2
    Low Risk — Unlikely to be a risk.
  6. Open the Application Detail for the SaaS app to assess the risk characteristics (compliance attributes) that contribute to this risk score.