Using the Audit App

Symantec CloudSOC Tech Note Tech Note — Using the Audit App

Broadcom, the pulse logo, Connecting everything, and Symantec are among the trademarks of Broadcom.

The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. For more information, please visit www.broadcom.com.

Broadcom reserves the right to make changes without further notice to any products or data herein to improve reliability, function, or design. Information furnished by Broadcom is believed to be accurate and reliable. However, Broadcom does not assume any liability arising out of the application or use of this information, nor the application or use of any product or circuit described herein, neither does it convey any license under its patent rights nor the rights of others.

Table of Contents Introduction

Opening Audit

Choosing data sources

Viewing and fltering audit results

Viewing summary results

Viewing services, users, and destinations

Filtering Audit Results

Search Cloud Applications by Service, Category, Tag, Risk, User, Country, and Platform

Saving and loading flters

Using flter multi-select

Confguring your services view

Tagging cloud services

Creating custom tags

Viewing services tagged Ignore

Adding comments for services

Exporting Audit results

Exporting ProxySG CPL block policy fles from Audit

Evaluating cloud services

Viewing service information

Customizing service rankings

BRR Scoring for Individual Applications

Customizing global service ratings

Creating a custom BRR profle

Comparing cloud services

Exporting service and usage details

Use of Attribute Filters in Find and Compare Services

Requesting a BRR review

Submitting a new service request

Tracking your service requests

Creating Custom Gatelets in Audit

Creating and scheduling custom reports

Service attribute reference

Service category reference

Service Category

Are services that...

Revision history

Introduction

The CloudSOC Audit application is a powerful tool that helps you make intelligent decisions about which cloud applications you should embrace, and which you should avoid. Audit fnds and monitors all the cloud applications being used in your organization, and highlights any risks and compliance issues these applications may pose.

With Audit, you can quickly identify risky services that your employees have adopted, as well as identify the employees using these services. It shows you why each app is risky, as measured against over 60 objective security, compliance and business continuity criteria. Opening Audit

To open the Audit app:

1. Log into your CloudSOC account with your administrator credentials.

2. In CloudSOC, click Audit as shown in the following. Audit is at or near the middle of the bar.

Tip: Once you’re familiar with Audit, you can use the Audit submenu to go directly to specifc Audit pages.

Audit opens to the Summary tab as shown in the following. The summary tab shows you an overview of your organization’s SaaS usage and risk exposure.

Choosing data sources

The Audit app uses data from log fles generated by your network devices and proxies to show you your company’s actual SaaS activity. You can select to use one, several, or all available, data sources. The compressed source fles sent to Audit must be less than 9 GB.

Note: This Tech Note assumes that you have already uploaded frewall and proxy logs to CloudSOC. It also assumes that CloudSOC has already processed the logs, and that the results of analysis are available. For more information, see the Tech Note Managing Data Sources for the CloudSOC Audit App.

To select data sources for Audit:

1. At the top of any Audit page, click Select Sources as shown in the following.

Audit opens a list of available data sources as shown in the following.

2. Select one or more of the available sources, or select All to use an aggregate of all available sources.

If you are using a supported centralized proxy/frewall management solution to aggregate logs from multiple devices into one data source, you can further narrow your data source selection to a specifc devices within the data source:

1. If it is not already selected, click the aggregated data source.

2. Click the gear icon to open a panel that shows the devices aggregated into the data source.

If the gear icon is absent, fltering by individual devices is not supported for the data source.

3. On the panel, select devices to include in the Audit view.

Viewing and filtering audit results

The power of the Audit app comes from in-depth research on Cloud applications such as SaaS, PaaS and IaaS conducted by the CloudSOC research team, and a powerful yet simple set of analytics tools.

These features let you quickly drill down and answer key questions such as:

● What unapproved cloud applications are my users using most?

● Which enterprise cloud applications are the riskiest, and who is using those applications?

● What cloud services have been compromised in the last 90 days?

● Which SaaS applications have my users adopted recently that can be risky?

● Which cloud applications consume the most bandwidth?

● Which cloud applications are hosted in locations that violate company or regulatory requirements?

● Which cloud applications fail to meet security and compliance requirements?

● What alternatives are there to the SaaS applications in use? Are there alternatives that fulfll my users’ needs but are more secure and enterprise-friendly?

You can answer all these questions and more using the Audit app’s flters. These flters let you slice and dice Audit data along various dimensions such as type of service, its risk level, services used by specifc users, services hosted in a particular geographical location and much more. We encourage you to explore various fltering and drill down options to see how they can show you about your company SaaS activity.

Viewing summary results

To view Audit results and see the top 20 SaaS applications your employees actually use:

1. In CloudSOC, select Audit, and then select Summary. Audit opens to the Summary tab as shown in the following.

The Summary tab shows you your current overall Audit score, and a trend chart of your Audit score over time. The current overall Audit score is based on your

company Business Readiness Rating of every cloud service in use, weighted according to the number of users of each service, and is a value between 0 and 100. It is also dependent on your selections, such as service visibility and selected number of days. Business Readiness Rating (BRR) is a metric that the CloudSOC research team assigns to each cloud service based on a variety of criteria, such as how secure is the service. The research team also categorizes each cloud service as high risk (rating of 0 - 33), medium risk (rating of 34 - 66), or low risk (rating of 67 - 100). For more information about how cloud services are rated, see Viewing service details.

The trend chart is calculated once a day at midnight, and is based on:

○ All available data sources that are not marked as "Ignored"

○ All Cloud SaaS services which are allowed trafc

○ The previous 12 months of data

You can select the time range from seven days to 12 months. Use this chart to track your Audit score. Hover over a point on the curve to see the score at that point in time. Blue diamonds mark points in time at which you edited the global BRR profle. This feature lets you see when changes in the score were caused by changes to the way Audit evaluated your cloud services.

The right endpoint of the curve may not match the numerical audit score, since the numerical score is based on the currently selected data sources, while the curve is based on all available sources.

The Audit Summary tab also shows you when the selected service has been involved in a recent security compromise. You can sort the Summary tab services list for compromises using the sort menu as shown in the following.

You can also confgure CloudSOC to reduce the BRR of any cloud service that has been compromised in the prior 90 days. The Compromised in Last 90 Days process works as follows:

a. The machine learning algorithm retrieves data from multiple internet sources and identifes probable data breaches of your apps. b. Any sources fagged as being likely application data breaches are sent to reviewers in the security team. c. The reviewers analyze the available information and source to determine details such as the breach date, public notifcation date, responsible party, and root cause of breach. If the analysis determines a breach, then it is fagged as a breach and included in the Cloud Threat Feed functionality.

The preceding process is performed multiple times a day.

See Customizing service rankings for more information.

You can view the top fve users and destinations for each service by clicking the service on the list. The top fve users and destinations appear on the right hand side of the page. To view all users of a service, click View All above the list of service users as shown in the following.

2. To change the view to the most-used services, select Top Used Services from the menu above the services list as shown in the following.

These are the 20 SaaS applications that your users use the most. 3. To generate one-page executive infographics that shows your company’s risk status at a glance, click Generate Infographic near the top of the Summary page. The infographic shows either the top fve riskiest services or the top fve used services depending on the current view.

4. To generate a more detailed multi-page audit report on your risk status, click Generate Audit Report, next to Generate Infographic. Note: If the Infographic and Report buttons are absent, it is probably because your CloudSOC access profle does not grant you access to these functions. See the CloudSOC Tech Note Using CloudSOC Access Profles for more information.

Viewing services, users, and destinations

Audit’s Summary page shows you only the top 20 SaaS applications in use. To see a full list of the SaaS services, users, or destinations:

1. If you have not already done so, open Audit as described in Opening Audit.

Audit opens to the Summary page.

2. At the left edge of the Audit page, select one of the following according to what you are looking for:

● Services--Shows you full results for the SaaS services your organization uses

● Users--Shows you full results for all your users of SaaS services

● Destinations--Shows you geographic locations for all SaaS services in use

The top of each of these tabs shows you a graphic view of the selected dimension as revealed by analysis of your network logs. For the Services and Users tabs, this area shows bar graphs of SaaS activity over time as shown in the following. For the Destinations tab, this area shows SaaS services in their locations on a world map as shown in the following.

You can hover the cursor over highlighted circles to view summary destination information, and click a circle to flter the Destinations table on the selected destination.

Below the graphic view is a tabular view showing detailed information.

3. Use the tools on the tab to refne your view into the SaaS activity:

● In the graphic view, use the time span tools to focus the view on a particular time period as shown in the following.

Note: You can confgure the default time span setting for all CloudSOC apps in your user profle. On the CloudSOC menu bar, select username, and then select User Profle and set the Default Time Period to suit your needs.

● In the graphic view, use the right and left arrows to select a particular time period of the selected span as shown in the following.

● In the tabular view, click any column heading to order the table according to the entries in that column. Click the heading again to reverse the order. An up or down arrow appears next to the heading to show you which column the table is ordered by, and whether it is in ascending or descending order.

● In the tabular view, use the Search box to flter the table for specifc text strings as shown in the following.

Events are grouped by user, service, source IP address, destination IP address, source port, and destination port. Session count is based on events in fve-minute intervals. If two consecutive events in a group are separated by 5 minutes, then the events are assigned to a diferent session. Otherwise, all events are assigned to one session group, and trafc is added to the same session.

Filtering Audit Results

Audit provides powerful fltering tools that let you flter the results on the Services, Users, and Destination tabs. The flters let you slice your audit results in several dimensions, and give you fne-grained visibility into your SaaS activity.

To flter Audit results:

1. If you have not already done so, open Audit as described in Opening Audit.

2. From the Audit menu, select one of the following according to what you are looking for:

● Services ● Users ● Destinations

3. Near the upper right corner of the page, click Filters as shown in the following.

Audit shows you the available flters, grouped together on various tabs as shown in the following.

4. Select the flters of interest. As you select each flter, it eliminates those choices that fall outside the flter boundaries.

Audit lists the selected flters below the search bar. It also shows you the total number of flters above the Filters tab. This feature helps you remember that what you are viewing is a fltered subset of the available Audit data.

Note that Audit also lets you flter results based on tags. For more information, see the later section Tagging cloud services.

5. To flter results on user and service attributes, click the Add Additional Filters link at the lower right corner of the tab.

a. Click Select Attribute, then start typing the name of the attribute in the text search box. Audit shows you the attributes that match your entry, and also shows applicable categories, as shown in the following.

b. Use operators to relate attributes to values as shown in the following table. Not every operator is available for every attribute:

Operator Meaning = Equals (case sensitive) != Not equal to (case sensitive) Is Null Empty; has no content Not Null Not empty; has any content < Less than > Greater than <= Less than or equal to >= Greater than or equal to ~= Equal to (case-insensitive) ~!= Not equal to (case-insensitive) ~In In list (case insensitive) ~Not In Not in list (case insensitive)

c. If you want, combine additional flters with AND and OR operators as shown in the following.

d. Click Apply Custom Filters.

e. In Category select an option, and it will appear as a tag. Next, click Apply Custom Filters:

In the main flter pane, you will see an Additional Filters tag:

f. If any Service, Category, Tags, Country, City, or Browser flter is applied on the main flter panel, then it will be carried forward to the Additional Filters dialog box panel, as long as you do not have an Additional Filters tag already in the main flter panel. Go back to Services, and click a service. After that, click Add Additional Filters:

You will see a tag for the selection you made in the main panel. All subsequence Service selections made in this panel will be afected by this tag, as can be seen by the notifcation “some attributes are disabled due to other flter selections”:

g. When you select an attribute in the Additional Filters panel, the moment you click Apply Custom Filters, any selection you had in the main flter panel tabs (Services, Categories, Tags, Risk, Users, Cities, Countries, Browsers, Platforms) will be deselected. This is because Additional Filters are frst-level flters, and the main panel flters are second-level flters. You can proceed to select any of these options again.

h. In the Additional Filters panel, the attributes of Service, Category, Tags, Country, Destination, and Browser are multi-choice, that is, more than one option can be selected. When more than one option is selected, an OR operation is applied:

i. If in the main flter panel you select Apply Multi Select, then you cannot select Add Additional Filters.

6. Scroll down to the Metrics and Charts area to see key metrics for the selected view.

Tip: Hover over charts and graph segments to view an expanded description of the data in question.

In the following example, we have fltered for high-risk services located inside the United States.

7. Scroll down further to view the selected data in tabular form. This area shows you the services, users, or destinations that meet the flter criteria.

Search Cloud Applications by Service, Category, Tag, Risk, User, Country, and Platform

You can now search services faster by adding the following prefxes to your search:

● SERVICE ● CATEGORY ● TAG ● RISK ● USER ● COUNTRY ● PLATFORM

Go to Audit, and then click Services:

Click Filters, and in the search feld use the prefx and your search term:

You will see that now your flter has been added:

Notice that the prefxes are similar to the tabs, but in the singular.

Saving and loading filters

You can save and load confgurations of flters. This feature makes it easy to consistently apply sophisticated flter confgurations. Each CloudSOC admin can save and load their own set of flters.

To save a confguration of flters that you have applied, click Save Filters and enter a name for the flter confguration as shown in the following.

To load a flter confguration that you saved earlier, click Load Filters and select the flter confguration from the menu as shown in the following.

Using filter multi-select

The flters panel has normal and multi-select modes.

In normal mode, when you select multiple flters, they are joined with an AND operator. Marking a choice in a category excludes all other choices within that category. Any search phrase you enter into the free-form search feld is also ANDed with these flters along with the selected time period.

In multi-select mode, you can mark multiple choices within each category. Choices within each category are ORed together, while choices across diferent categories are ANDed. Multiselect is useful when you want to narrow down the results in a category but still want to include more than one choice.

To use multi-select mode:

1. Mark the checkbox near the Apply Multi Select button at the lower right corner of the flters panel as shown in the following.

2. Mark checkboxes for your flter choices. Unlike normal mode, you can make more than one choice per category. Audit enables the Apply Multi Select button.

3. Click Apply Multi Select. Audit applies your flter choices and shows you the matching results.

Configuring your services view

To confgure the type, status, and class of services that Audit shows you:

1. On any Audit page, next to Service Visibility, click Confgure as shown in the following.

2. In the Service Type area, select either Cloud or Mobile:

● Cloud shows you cloud-based apps that run inside a browser.

● Mobile show apps run on mobile devices outside a browser on a mobile device. If you select Mobile, Audit hides the "Classifcation" and "Show services with ignore" elements described in the following, since they are not supported for mobile apps. For more information, see the CloudSOC tech note Using Audit for Mobile Apps Discovery.

3. In the Access Status area, select one of the following either Allowed or Denied:

● Allowed shows you the services that were allowed by your frewall or proxy.

● Denied flters the Audit results to show you services that your users attempted to access, but for which the access was blocked by policies on your proxy or frewall. See Filtering Audit results for more information about flters.

Audit gets information about blocked services from your device or proxy logs. These logs do not directly show the policies that are in efect, but they do show when those policies block access to a service or website.

4. In the Classifcation area, select one of the following:

● Enterprise shows you services that are primarily enterprise-oriented such as Google Apps.

● Consumer flters the Audit results to show you only consumer-oriented services such as Facebook.

● Enterprise and Consumer flters the Audit results to show you only those services that operate in both the enterprise and consumer spaces.

● All services flters the Audit results to show you all enterprise and consumer services

5. Use the Show services with ignore slider to enable or disable the display of services you have tagged "Ignore" as described in Tagging cloud services. By factory default, Audit does not show these services in its lists and tables. However, you can use this slider to override the factory default and show these services.

6. If you want to make the confguration your default view of the type, status, and class of services that Audit shows you, click Make Default at the bottom of the panel. The next time you open Audit it applies these settings (and any flters they embody) as your default view. To clear your default settings and revert to the factory default, click Reset.

Tagging cloud services

Audit lets you apply tags to cloud services that help organize its displays of cloud service activity and metrics. You can apply and flter for any of several predefned tags, and you can create your own custom tags. See Creating custom tags for more information.

The following table describes the available predefned tags and their suggested usage.

Tag Use to tag

Sanctioned Services that are sanctioned by your corporate policy

Unsanctioned Services that are not sanctioned by your corporate policy

Block@NWDevice Services that should be blocked by your corporate frewall or proxy devices

Ignore Services that are to be hidden from view. By default, services tagged “Ignore” do not appear in CloudSOC lists or tables, and also do not

appear in reports or infographics. You can toggle the visibility of these services as described in Viewing services tagged Ignore.

To tag a cloud service:

1. In CloudSOC, select Audit, and then select Services.

2. In the list of services, fnd the services you want to tag. Then, in the Actions column click Manage Tags as shown in the following.

The Assign tags panel opens as shown in the following.

3. Do one or both of the following to assign tags to the service:

● Select any of the available Sanction Status tags.

● Assign a custom tag by typing all or part of the tag name in the Custom Tags box, and clicking the tag name when it appears, as shown in the following.

4. Click Apply near the bottom of the Assign Tags panel.

Creating custom tags

Audit lets you apply tags to cloud services that help organize its displays of cloud service activity and metrics. You can use any of several predefned tags, and you can create up to 24 of your own custom tags. See Tagging cloud services for more information.

To create a custom tag for cloud services:

1. On the CloudSOC menu bar, click the Settings gear icon.

2. On the Settings page, click the Tags tab to bring it to the front.

3. Near the upper right corner of the page, click + New Tag to open the Add New Tag panel.

If the New Tag button is disabled, it probably means that you already have the maximum of 24 tags defned. In this case, you must delete existing tags in order to create new ones.

4. Give the new tag a name and select the tag color and pattern.

5. Click Save.

Viewing services tagged Ignore

Audit lets you apply a tag called “Ignore” to cloud services. By default, Audit does not show these services in its lists and tables. However, you can override the default and show these services.

To view cloud services that have been tagged Ignore:

1. In Audit, next to Service Visibility, click Confgure.

2. Move the “Show services with ignore” slider to the right to enable this view as shown in the following.

Audit includes services tagged Ignore in its tables and lists.

To return to the previous setting, move the slider to the left.

3. (Optional) To make the setting your default service view, click Make Default near the lower left corner of the panel.

For information about applying the Ignore and other tags, see Tagging cloud services.

Adding comments for services

Audit lets you enter, edit, and delete comments for each cloud service. To enter a comment or view existing comments:

● From the list of services, click the Actions column and select Comments as shown in the following.

Exporting Audit results

Audit lets you download results in a CSV-formatted .zip fle. The fle contains the results as shown in Audit, including all applicable flters.

Note: Exported CSV fles for Services do not contain Audit Service URLs or IP addresses for services that were not visited in the past 3 months (90 days).

To export Audit results:

1. On the Services, Users, or Destinations tab, apply flters as necessary to show the results you are interested in.

2. Near the upper left corner of the Results table, click Export CSV as shown in the following.

Note: If the Export button is absent, it is probably because your CloudSOC access profle does not grant you access to this function. See the CloudSOC Tech Note Using CloudSOC Access Profles for more information.

Audit ofers you the available download options as shown in the following.

3. Do one of the following:

● Click Download CSV to immediately download a fle containing up to 500 rows of URLs or up to 60,000 users.

● Click Email CSV to have CloudSOC email you a link to a CSV fle containing all of the data shown on the tab. The link remains valid for one day.

Audit emails or downloads the requested data according to the currently applied flters. Exporting ProxySG CPL block policy files from Audit

You can use Audit to create CPL fles that you can import into Blue Coat ProxySGs. This feature simplifes the process of confguring your ProxySG to block specifc cloud services.

1. In CloudSOC, select Audit, and then select Services.

2. Scroll down to the services table and mark the checkboxes for the services you want to block as shown in the following.

3. Near the upper right corner, click Actions, and then select Export CPL Block Policy as shown in the following.

Audit downloads the CPL fle to your machine. See the following article for more information about CPL fles:

https://support.symantec.com/en_US/article.TECH242225.html Evaluating cloud services

Both the Summary and Service tabs show you tables of SaaS applications that Audit discovered while analyzing your frewall and proxy logs. These tables give you a snapshot of the top SaaS services used by your users.

You can also use Audit to do in-depth analysis of a service’s strengths and weaknesses, and to evaluate them against your unique business needs. For example, the Compromised in Last 90 Days analysis process works as follows: a. The machine learning algorithm retrieves data from multiple internet sources and identifes probable data breaches of your apps. b. Any sources fagged as being likely application data breaches are sent to reviewers in the security team. c. The reviewers analyze the available information and source to determine details such as the breach date, public notifcation date, responsible party, and root cause of breach. If the analysis determines a breach, then it is fagged as a breach and included in the Cloud Threat Feed functionality.

The preceding process is performed multiple times a day.

Viewing service information

The detailed information for a service shows you how CloudSOC ranked that service for business readiness based on a wide variety of criteria.

The Service page shows you an at-a-glance view of the service and its ratings in several categories. The information on this page comes from research done by the CloudSOC SaaS research team. An attribute of “Under Review” indicates data was not available at the time of research. We are continually updating and expanding our SaaS application database.

To view details for a service that is currently in use on your network:

1. In CloudSOC, select Audit, and then select Services. 2. On the list of services near the bottom of the Services page, click the service you want to evaluate. If the list is long, use the Search box at the top of the list to flter the list. Only services containing the search term in their names remain.

NOTE: You can copy the service name by clicking the Copy to Clipboard icon, and visit the service's website by clicking the link icon. Audit opens a page to show you information about the service as shown in the following.

3. Scroll down the page to view all of the Business Readiness Rating categories. You can make the window easier to navigate by collapsing or expanding the various metrics categories. Click a category name to collapse it, and click it again to re-expand it. When you collapse a category, Audit hides the category components, but still shows you the aggregated rating for the category. The BRR Information tab for each service also shows all compromises in the last 90 days.

4. Near the top of the page, click the Usage Details tab to view detailed information about the service, as shown in the following. This tab shows you the service users, sessions, geographic locations, and other detailed information.

5. Near the upper right corner of the page, click the Filters tab to flter the Service Details information on the available criteria, as shown in the following.

6. If you want, use the Additional Filters to flter the service users by IP address or IP subnet as shown in the following. Enter subnet addresses in CIDR block format. After entering addresses, click Apply Custom Filters.

Note: The IP Address and Subnet options are disabled if any of the data sources in the current view are logs from a SpanVA confgured for tokenization. If this happens, you can remove the SpanVA data sources from the view and flter the remaining sources by IP. Click Select Sources as shown in the following, then deselect the SpanVA sources and click Save.

7. Next to Service Visibility, click Confgure and select Denied or Allowed to flter the service users by that status, as shown in the following. See Confguring your services view for more information.

Audit gets information about denied users from your device or proxy logs. These logs do not directly show the policies in efect, but they do show when those policies block a user’s access to a service or website. To view details for any service that has been evaluated by the CloudSOC research team: 1. On the CloudSOC left side navigation bar, select Audit, and then select Find and Compare Services.

The Compare Services page opens. 2. In the Search box, enter some or all of the name of the service you want to evaluate. Audit shows services matching the name you’ve entered. NOTE: Select Filters, and then select Add Additional Filters to to narrow the results. 3. Select the service of interest from those listed.

Customizing service rankings

In addition to showing you how CloudSOC rated a service, Audit also lets you apply customized weightings to the various ranking categories for the service. This lets you evaluate and compare services against the specifc needs of your business, and not just against a set of arbitrary standards.

Audit uses an internal scoring system to assign a score to each attribute of interest for a SaaS application. Audit aggregates these sub-category scores into an overall Business Readiness Rating based on the relative importance of each category as judged by the CloudSOC research team.

Audit lets you create and adjust custom BRR profles that apply only to specifc application categories. Audit also lets you adjust the Global profle that applies to all service types for which there is not a custom profle.

For example, you can create a BRR profle for CRM apps that places greater importance on compliance attributes than you would need for a marketing app. You can create new BRR profles, or modify and apply the global BRR profle that applies to all categories for which there is not an explicit BRR profle. Once changed, the score weight preferences are applied to all your future service scoring for the specifed services.

BRR Scoring for Individual Applications

BRR scoring for individual applications is computed based on weighted averages. The following factors contribute to the BRR score: ● Overall SaaS Service ● Category ● Sub Category ● Attributes ● Answers Each service score is computed based on category score and category weight. Each category score is computed based on subcategory score and subcategory weight. Each subcategory score is computed based on answer score and question weight. Each attribute and question has a set weight for question weight. The threshold to consider a service as assessed and has a BRR is 30 attributes. Each answer has a set answer score. Common answers are as follows:

● Yes: The application supports the feature. The impact to the service BRR is positive. It

gives a low-risk rating to the application.

● No: The application does not support the feature. The impact to the service BRR is negative. It gives a high-risk rating to the app.

● NA: The application cannot support the feature, such as a marketing application that does not have HIPAA information. The impact to the service BRR is similar to "Yes."

● Unknown: The application does not detail clearly about the feature or does not publicly publish the information. The impact to the service BRR is neither positive or negative. It gives a medium-risk rating to the application.

● Under Review: The attribute has not been researched yet. There is no impact on the service BRR unless all the attributes of the same sub-category are Under Review.

Usually, a yes answer has more weight than a no answer, leading to a higher score (low risk).

For each sub-category is a scoring treatment based on all-equal or one-out-of-many. Sub-categories that have treatment set to one-out-of-many are treated as special. For these sub-categories, The scores check for one question with a positive answer and use only that answer. For example, in the following screenshot if any of the attributes are yes, then the sub-category gets a full score.

Customizing global service ratings

To customize the global BRR profle that applies to all categories for which there is not an explicit BRR profle:

1. In CloudSOC, select Audit, and then select Preferences. Audit opens to the Preferences page, with the Business Readiness Rating tab at the front as shown in the following.

2. For the Global profle, click Actions, and then select Edit Profle. 3. In the Profle Details area, set the slider for Adjust BRR based on compromises in the last 90 days. Enable this feature to reduce by 50% the BRR of any cloud service for which the CloudSOC threat lab has confrmed a security compromise in the previous 90 days.

4. Below the Profle Details area, drag the various Importance sliders sideways to adjust the weightings applied to each sub category. The available importance levels are: ○ Don’t care ○ Nice to have ○ Important ○ Must have 4. When you have adjusted all of the importance levels to suit your business needs, click Save at the top of the Edit Profle page. Tip: Don’t worry about losing the original importance settings. You can quickly restore them by clicking Restore Defaults at the top of the Business Readiness Rating tab.

Your customized rankings are applied the next time you view details for a SaaS service as described in Viewing service details.

Note: If you select Must-have for any sub-category, you might notice some SaaS services are disabled (grayed out) in Audit. These apps failed to meet your must-have criteria for one or more attributes. Grayed out services do not afect BRR score. You can also view

the list of such services by selecting “Knocked-Out” from the flter tray as shown in the following:

Creating a custom BRR profile

To create a new BRR profle that Audit applies only to specifc application categories:

1. In CloudSOC, select Audit, and then select Preferences. Audit opens to the Preferences page, with the Business Readiness Rating tab at the front as shown in the following. 2. Near the upper right corner of the Preferences page, click + New BRR Profle. 3. In the Profle Details area of the Create Profle page, give the profle a name and description, and select the types of apps that Audit applies it to, as shown in the following.

4. Use the BRR Handicap value to amplify or diminish the BRRs for all services that match the profle categories, as shown in the following. You might use this feature if you want to limit BRRs for services such as Social Networking so that they never have BRRs greater than 50. Move the slider to your desired handicap factor from -100% (always zero) to +100 (doubled) as shown in the following.

5. Adjust the Importance ratings for the various subcategories as described in Customizing global service ratings. 6. When you have fnished confguring the Importance ratings, click Save near the upper right corner of the page.

Comparing cloud services

Audit lets you compare cloud services against each other, using performance categories and metrics developed by the CloudSOC research team. These comparisons give you the information you need to select the cloud services that are best for your users and your organization.

Note: If you have confgured custom apps in the Gatelets area of the CloudSOC store, you can compare custom apps with each other. However, you cannot compare custom apps with regular apps.

The following procedure shows one of many possible ways of launching into a service comparison in CloudSOC.

1. In CloudSOC, select Audit, and then select Services. 2. On the list of services at the bottom of the Services tab, click the service you want to compare other services to. If the list is long, use the Search box at the top of the list to flter the list. Only services containing the search term in their names remain.

Audit opens a page to show you detailed information about the service. 3. At the top of the page, click Compare Services as shown in the following.

Audit opens the Compare Services page. This page shows you information about the service you chose, as well as a list of similar services that you can compare.

The default view shows only services evaluated by the CloudSOC research team. To view all services, including those not fully researched, move the slider as shown in the following.

4. On the list, select up to three services to compare with each other and to the service you initially chose. Audit shows you detailed information for all of the selected services, and shows you the ratings and rankings developed by the CloudSOC services research team.

5. Scroll down the page to view all of the ranking categories. You can make the window easier to navigate by collapsing or expanding the various metrics categories. Click a category name to collapse it, and click it again to re-expand it.

When you collapse a category, Audit hides the category components, but still shows you the aggregated ranking for the category.

Exporting service and usage details

The Audit app lets you download a .pdf version of the service details page for a cloud service.

1. In CloudSOC, select Audit, and then select Find And Compare Services.

2. Use the search box to locate the service in question, then click the link text for the service as shown in the following.

3. On the details page, click Options, and then select Export PDF as shown in the following.

CloudSOC renders the service details and also a usage summary as a .pdf fle, then emails you a link to download it.

Use of Attribute Filters in Find and Compare Services

You can search for cloud applications in the BRR database using flters. Goto Audit, and then select Find and Compare Services:

Click Filters:

Take into consideration that you are searching the complete Audit BRR database, not the cloud applications found in your frewall and proxy logs. It does not show custom gatelets either.

Requesting a BRR review

High priority services are reviewed on a daily basis. You can submit a request to the CloudSOC research team to have the team review and update the Business Readiness Rating for lower-priority SaaS services. Use this feature when you believe that the assessment on which the BRR is based might be inaccurate or outdated.

Note: You cannot request a BRR review for custom apps.

To request a BRR review:

1. In CloudSOC, select Audit, and then select ind and Compare Services.

2. Use the Search box to fnd the service of interest and open the details page for the service.

3. In the BRR Details area, click Request BRR Review.

4. On the Request BRR Review page, mark the checkboxes for the categories and attributes you are interested in, as shown in the following example.

5. Click Submit Request.

Audit opens a panel for more information as shown in the following.

6. Select a priority, enter any comments or questions you might have, and click Submit Request.

CloudSOC shows a green banner that tells you that the request has been received, as shown in the following.

CloudSOC also emails you alerts to notify you that we have received your request, and also whenever the request status changes.

Submitting a new service request

If you fnd that Audit does not list a particular SaaS service at all, you can now submit a request to have it reviewed by the CloudSOC research team and added to Audit:

1. In CloudSOC, select Audit, and then select ind and compare services, and use the search tools to try to fnd the service.

2. If Audit does not list the service, select Options, and then select Recommend Addition and fll out the form shown in the following. You must enter a valid URL in the Service URL box, otherwise Audit does not process your request.

3. Click Submit Recommendation.

CloudSOC shows a green banner that tells you that the request has been received, as shown in the following.

CloudSOC also emails you alerts to notify you that we have received your request, and also whenever the request status changes.

Tracking your service requests

When you submit the following requests to the CloudSOC Audit research team, you can track their status in Audit:

● Requests to have the BRRs for services reevaluated as described in Requesting a BRR review.

● Requests to have SaaS services reviewed by the CloudSOC research team and added to Audit as described in Submitting a new service request.

You can also remove requests that you had previously submitted.

1. In CloudSOC, select Find and Compare Services.

2. Near the upper right corner of the page, select Options, and then select Requested Services.

The Requested Services page opens to show you all of your pending service addition and BRR review requests, as shown in the following.

3. Click any entry in the table to view detailed information for the service request, as shown in the following. The Transition History area shows you the current status of the request.

To remove a request, for example if you submitted it in error:

1. In CloudSOC, select Find and Compare Services.

2. Near the upper right corner of the page, select Options, and then select Requested Services.

The Requested Services page opens to show you all of your pending service addition and BRR review requests.

3. On the Requested Services table, click Actions, and then select Remove Request as shown in the following.

4. Mark the Select All checkbox for Transition History and click Remove as shown in the following.

5. When CloudSOC prompts you to confrm, click Remove again.

Creating Custom Gatelets in Audit

You can create a custom Gatelet for any app in Audit when you see trafc for that app refected in your device logs. You can even create custom Gatelets for apps for which there is a Gatelet on the CloudSOC Store page. Since trafc for custom Gatelets is processed prior to trafc for the Store Gatelets, such Custom Gatelets let you track user activities and enforce granular policies for specifc domains used by the app.

Custom Gatelets are similar to the Custom apps you can create on the CloudSOC Store page, but they have key diferences. Custom apps let you add an app you have developed in-house to the CloudSOC PAC fle so you can monitor and manage its use, and identify its trafc in Audit. Custom Gatelets let you create a Gatelet for any app whose trafc you have discovered in your device logs with CloudSOC Audit, and for which Audit has already identifed the service by name and function.

Note: This feature only works if you are subscribed to the Custom Gatelets feature. Contact your Symantec CASB representative for details.

1. In CloudSOC, select Audit, and then select Services, then set the time frame so it encompasses trafc to the service in question, and scroll down to the list of services near the bottom of the page.

2. Click the name of the service to open its Service Details page.

3. Near the upper right corner of the page click Options, and then select Create Custom Gatelet as shown in the following.

Note: You can also open the details page for a service by selecting Audit, and then select Find and Compare Services, using the search box to fnd the service, and then clicking its name in the search results.

4. After clicking Create Custom Gatelet, use the panel to customize the Gatelet by changing its name or description, or to add additional domains.

You can either enter the domains manually, or upload a CSV fle containing the domains.

Note the following constraints on the domains:

● Enter only the domain name. Do not include the protocol such as "http://".

● No two custom Gatelets can monitor the same domain. However, custom Gatelets can monitor the same domains as CloudSOC Gatelets.

● Custom Gatelets won't monitor the following domains:

○ youtube.com ○ facebook.com ○ google.com

5. Click Create & Activate to put the new Gatelet into efect, or click Create Without Activating if you want to activate the Gatelet later.

When you activate the Gatelet, CloudSOC adds the domains to the PAC fle immediately so that you can deploy it to machines. Creating and scheduling custom reports

In addition to the infographics and audit report you can create from the summary tab, Audit lets you create customized reports and schedule them for regular delivery to selected recipients. This feature helps you keep your stakeholders informed about the current status of your company’s cloud security. Audit also archives the last seven editions of each scheduled report, so you can easily compare the statistics over time.

To create or edit a scheduled report:

1. From the CloudSOC left-side navigation bar, select Audit, and then select Scheduled Reports. Note: If the Scheduled Reports menu choice is absent, it is probably because your CloudSOC access profle does not grant you access to this function. See the CloudSOC Tech Note Using CloudSOC Access Profles for more information. 2. On the Scheduled Reports page, click Schedule New Report to create a new report, or select an existing report to edit.

3. On the Schedule New Report panel that opens from the right, confgure the report: a. Enter a descriptive name for the report.

b. Select CloudSOC admins or end users as recipients. Reports are delivered to the email addresses confgured in their user profles.

c. Select data sources for the report, or select All to aggregate all available data sources. This process is similar to that described in Choosing data sources.

d. Select the frequency and duration of the report.

e. Select the sections you want included in the report.

f. Select whether the report shows SaaS services that were permitted, or services that were blocked by policies in your frewall or proxy.

g. Select whether the report shows enterprise or consumer oriented services. If mark checkboxes for both enterprise and consumer services, you must also select whether it shows services that are either enterprise or consumer oriented, or services that are both enterprise and consumer oriented.

4. Click Create Report to add it to the list of scheduled reports.

Audit generates the report as scheduled and emails it to the selected recipients. Typical reports are about 25 pages in length. The following example shows a typical report Table of Contents.

To view any of the last seven editions of a scheduled report:

1. In CloudSOC, select Audit, and then select Scheduled Reports.

2. Select Edit for the report in question, and click the link for the report you want to view as shown in the following.

Service attribute reference

The following table lists all of the attributes that Audit takes into consideration when it assigns a Business Readiness Rating to a cloud service. This list is current as of CloudSOC release 2.108.

Category Subcategory Attribute Access Federated Identity OAuth support Management OpenID support SAML support Brute-force Protection Protection from multiple failed logins Utilizes CAPTCHA Multi-factor Authentication Multi-factor authentication - Security Questions Multi-factor authentication via Biometrics Multi-factor authentication via Mobile App Multi-factor authentication via Others Multi-factor authentication via secondary email

Multi-factor authentication via Smartcard Multi-factor authentication via SMS Multi-factor authentication via USB Token Password Quality Rules Does not save logged in session Force change of password after some time period Provides password reset and recovery Requires minimum password length Requires strong password format Access Control Controls IP range from which login is allowed Supports device restrictions Enterprise Identity Active Directory integration Integration LDAP integration Account Protection Encrypted account credentials

Cloud app attributes, continued

Category Subcategory Attribute Administrative Admin Audit Trail Tracks all administrator activity Policies Content security policies Policy confguration and enforcement Role Based Access Control Role based access control User Audit Trail Tracks all end-user activity Business Financial Stability Type of Company Compliance Compliance Certifcations COBIT CSA STAR Self-Assessment FedRAMP High Baseline FedRAMP Low Baseline FedRAMP Moderate Baseline FISMA GAAP HIPAA ISAE-3402 ISO 27001 ISO 27017 ISO 27018 ITAR NIST SP 800-53 PCI Privacy Shield Safe Harbor SOC I type 2 SOC III SOX SSAE 16 SOC2 Type II TRUSTe

Cloud app attributes, continued

Category Subcategory Attribute Data Data at Rest Encryption Encryption keys in control of the Enterprise Encrypts data at rest Data in Motion Encryption Does not involve blockchain activities Not at risk to CloudBleed vulnerabilities Not Vulnerable to CRIME Not Vulnerable to DROWN Not Vulnerable to FREAK Not Vulnerable to Logjam Not Vulnerable to OpenSSL Heartbleed defect Not Vulnerable to Poodle SSLv3 Not Vulnerable to Poodle TLS SSL Certifcate Chain SSL certifcate not expired SSL certifcate strength SSL key strength SSL used for data in motion Supports HTTP2 Supports SSLv2 Supports SSLv3 Supports TLS Secure Renegotiation Supports TLS_FALLBACK_SCSV Supports TLSv1 Supports TLSv1_1 Supports TLSv1_2 Supports TLSv1_3 Valid SSL Certifcate Name Data Sharing Controls Controls sharing with external users Controls sharing with internal users

Cloud app attributes, continued

Category Subcategory Attribute Data (Continued) Data Handling Backup data centers Customer data not analyzed for ad targeting Customer data not analyzed for behavior mining Data not stored on mobile for ofine access Encrypted backup Ofine data encrypted or otherwise protected Provides for backup/export of customer data Requires or stores passwords of 3rd party services REST API Activity Log Retrieval Method REST API Activity Log Scope REST API for Activity Logs REST API Support Restrict opening fles in external apps on mobile HTTP Security Headers HTTP Content-Security-Policy HTTP Public Key Pinning Extension HTTP STS HTTP X-Permitted-Cross-Domain-Policies X-Content-Type-Options X-Frame-Options X-XSS-Protection Informational Type of Service Consumer oriented service Enterprise oriented service Type of Clients Desktop client Native mobile app Web based service External Integration No third party integration

Cloud app attributes, continued

Category Subcategory Attribute Service Agreements Provides DPA Provides SLA Hosting Service Data Center Locations (click View All link for details) Hosting Platform Type Provider if hosted on the public cloud Whois information (click View All link for details) Multi-tenancy Support Separation of Customer Data Disaster Recovery & Data Breach Notifcation Business Continuity

Discovery URLs URLs for the service as determined by the Profle CloudSOC research teams. (Collapsed by Allowed URLs for the service discovered in device and default) proxy logs from the currently selected Audit datasources. Blocked URLs for the service that were blocked by policies on your proxy or frewall. Embedded URLs for sites embedded in pages loaded by the service, as revealed by the device and proxy logs.

Service category reference

The following list shows all of the categories we use to characterize services when you open service details or compare services together, as shown in the following. This list is current as of July 2020.

Service Category Are services that...

360 Degree Feedback Facilitate direct feedback from an employee's subordinates, colleagues, customers, supervisors, and other stakeholders. Accounting Facilitate measurement, processing, and communication of fnancial information Advertising Facilitate the process of developing and implementing advertising strategies such as ad placement, frequency, etc. Afliate Marketing Facilitate performance-based marketing in which a business rewards one or more afliates for each visitor or customer brought by the afliate's marketing eforts. Analytics Facilitate the discovery and communication of meaningful patterns in data. Especially valuable in areas rich with recorded information. Analytics relies on the simultaneous application of statistics, programming and operations research to quantify performance. Analytics often favors data visualization to communicate insight. API Management Publish, promote and oversee application programming interfaces Platform (APIs) in a secure, scalable environment. API Provider Expose data and capabilities through a programmatic consumable service or an API. Application Performance Monitor and manage the performance and availability of software Management (APM) applications. APM strives to detect and diagnose application performance problems to maintain an expected level of service.

Application Streaming Run applications directly from a virtual machine on a central server that is completely separate from the local system. Application Testing Test software applications for functionality and performance. Appointment & Manage scheduling appointments and bookings. Scheduling Asset Management Track inventory, deployment, operation, maintenance, upgrading, and disposal of company assets in a systematic manner. Authentication Verify the user identities. Backup Ofer online backup, archive, disaster recovery, and data backup services. Big Data Process large complex data sets. Billing & Invoicing Provide billing and invoicing services. Blogging Platform Facilitate development, publishing, and maintenance of blogs. Brand Management Facilitate brand positioning in marketing, promotions, and packaging. It also coordinates communication with global teams and suppliers, and coordinates loyalty programs for customers. Budgeting Help to plan and allocate resources. Bug Tracking Track reported bugs in software development projects. Business Automation Facilitate the automation of business processes by integrating applications, restructuring labor resources, and using software applications throughout the organization. Business Intelligence Ofer tools for the transformation of raw data into meaningful and useful business analysis information. Business Inventory Track inventory levels, orders, sales and deliveries. It may also create Management work orders, bills of materials, and other production-related documents. Business Metrics Measure quantifable components of a company's performance, such as return on investment (ROI), employee and customer turnover rates, revenues, earnings, and so on. Business Plan Generate and manage business plans. Business Process Improve corporate performance by managing and optimizing a Management company's business processes. Calendar Provide time-management and scheduling services Calibration Management Monitor and manage equipment calibration

Call Recording Record telephone conversations over PSTN (public switched telephone network) or VoIP (voice over IP) in digital audio fle formats. Call recording is distinct from call logging and tracking, which record details about the call but not the conversation. The software may include both recording and logging functionality. Record information about incoming telephone calls, allowing the tracking of phone calls to be associated with performance-based advertising, and supplying additional analytic information about the Call Tracking calls. Camp Management Facilitate management of campers, rations, operations, and so on. Campaign Management Build and launch advertising and promotional campaigns. Captcha Service Generate and manage captchas that determine that data and operations originate from actual users instead of robots. Career Management Provide tools for planning and managing career goals. Channel Management Direct marketing activity by involving and motivating parties in the distribution channel. Child Care Manage child care facilities, manage children lists, attendance, reminders, web communications to parents, and immunizations. Cloud Hosting Provide web hosting, application hosting and virtual private servers. They also provide methods of confguring servers in a fexible way to allow for the most afordable, scalable, and reliable infrastructure. Cloud Management Provide for the management of public, private and hybrid cloud environments. Code Hosting Store large amounts of source code either publicly or privately, and help developers submit patches of code in an organized fashion. Cloud hosting usually supports version control, bug tracking, release management, mailing lists, and wiki-based documentation. Collaboration Facilitate collaboration to realize shared goals. Competitive Intelligence Help you defne, gather, analyze, and distribute intelligence about products, customers, competitors. The intelligence is used to support executives and managers making strategic decisions. Compliance Provide tools to ensure that organizations abide by both industry regulations and government legislation. Computerized Manage computer databases of information about an organization's maintenance maintenance operations. This is also known as computerized management system maintenance management information system (CMMIS). (CMMS)

Consultation Services Provide tools for legal consultancy. Contact Data Provide tools that help you check data for accuracy and consistencies Verifcation after data migration. Contact Management Enable users to easily store and fnd contact information, such as names, addresses and telephone numbers. They are typically contact-centric databases that provide a fully integrated approach to tracking of all information and communication activities linked to contacts. Content Delivery Deliver webpages and other web content to users based on the Network (CDN) geographic locations of users and servers and the origin of the webpage, with the goals of high availability and high performance. The delivery network also provides protection from large surges in trafc. Content Discovery Allow users to explore new topics or information without having to search for them. Content Distribution Facilitate the publishing and distribution of content on a medium. Content Management Manage the creation, organization, editing, maintenance, and System (CMS) publishing of content. Such systems typically help manage workfow in a collaborative environment. Contract Management Manage contracts made with customers, vendors, partners, or employees. Credit Management Manage the controlling and collection of payments from customers. Tools CRM (Customer Manage a company's interactions with current and future customers. It Relationship often involves using technology to organize, automate and Management) synchronize sales, marketing, customer service, and technical support. Customer Engagement Manage engagement of customers with one another, and with the (CE) company or brand. Customer Support Manage the control and collection of payments from customers. Data Center Manage the data center, its technical and IT issues, and IT policies and Management strategies. Data Migration Facilitate the process of transferring data between storage types, formats, or computer systems. Data Processing Facilitate the collection and manipulation of data to produce meaningful information. Database As A Service Provide a fexible, scalable, on-demand database platform oriented toward self-service and easy management.

Decision Support Analyze business data and present it in order to make business System (DSS) decisions more easily. Demand Side Platform Manage multiple advertising exchange and data exchange accounts (DSP) when buying digital advertising inventory. Development Provide tools for developing sites and applications. Device Detection Identify the types of mobile devices or other devices visiting a web site or other service. Digital Asset Facilitate the collection, annotation, cataloging, storage, retrieval and Management (DAM) distribution of digital assets. Typically these assets are digital photographs, animations, videos and music. Digital Certifcates Manage electronic credentials used to certify the online identities of individuals, organizations, and computers. Digital Rights Manage and control the use of digital content and devices, and the Management (DRM) intellectual property they embody, after purchase. Digital Signage Facilitate the distribution and playback of digital content such as TV programs, advertising, and menus on networks of displays. Digital Signature Manage mathematical schemes for ensuring the authenticity of digital messages or documents. DNS Provide DNS services. Document Management Track and store documents, usually with versioning and history tracking tools. Domain Hosting Provide domain hosting services. Domain Registrar Provide domain registration services. E-learning Facilitate online education services. Ecards Serve digital greeting cards, typically accessed by the recipient using a hyperlink in an email message. Ecommerce Specifcally designed for retailers and merchants to create an online store. Electronic Data Provide standards for exchanging data using electronic means. Interchange (EDI) Electronic Medical Provide systematic access to databases with health information about Records individual patients or patient populations. Email Provide email services. Email Hosting Provide advanced email hosting services such as email domain management and email authentication.

Embedded Run on other applications, usually used for getting insights through embedded code. Employee Monitoring Monitor the desktop and online activities of employees. Encryption Service Provide encryption and decryption services on a pay-as-you-go basis. Energy Provide fuel management services, serving the oil and gas industry, energy management, and so on. Entertainment Provide music or voice streaming over the internet. Environmental, Health Provide tools for managing health and safety. and Safety ERP Collect, store, manage and interpret data from business activities such as product planning, cost, manufacturing or service delivery, marketing and sales, and inventory management. Event Management Manage registration, facility booking, participants, event organization and the allocation of exhibition foor space and resources. Expense Estimation Provide cost estimates for any activity or project. Expense Management Process, pay and audit company expenses. Facility Management Manage the security, maintenance, testing, and inspections for a facility, and manage space allocation and changes. Farm Management Monitor and manage crops, costs, revenue, weather forecasts, and other factors of farm operation. Feedback Management Manage the deployment of surveys and other feedback tools to customers, employees, vendors, and partners, and track, audit, and analyze responses. File Sharing Make computer fles available to other users of a network. File Transfer Facilitate the transmission of fles over a computer network like the internet. Financial Reporting Manage fnancial reporting for an enterprise, including preparing fnancial statements for public companies, SEC reporting, and so on. Fleet Management Facilitate the monitoring and management of vehicle feets, including fnancing, maintenance, telematics (tracking and diagnostics), as well as driver management, speed management, fuel management and health and safety management. Food Delivery Place orders with local restaurants and food cooperatives. Fraud Prevention Help prevent fraud, including staf fraud, and help with the identifcation and investigation of fnancial and related crime. Funding Provide startup funding.

Gamifcation Platform Use game thinking and game mechanics in non-game contexts to engage users in solving problems. Geographic Information Capture, store, manipulate, analyze, manage, and present all types of Systems (GIS) spatial or geographical data. Healthcare Facilitate leadership, management, and administration of public health Management systems, health care systems, hospitals, and hospital networks. Human Capital Manage human resources functions, recruiting and training, talent Management (HCM) management, and performance analysis and review. Idea Management Help brainstorm and develop ideas. Identity Management Manage authentication, authorization, and privileges within or across (IdM) system and enterprise boundaries with the goal of increasing security and productivity while decreasing cost, downtime and repetitive tasks. Infrastructure as a Support operations, including storage, hardware, servers, and Service (IaaS) networking components. The service provider owns the equipment and is responsible for housing, running and maintaining it, typically pay on a per-use basis. Instant Messaging Provide instant messaging. Insurance Create and manage insurance policies, and manage claims. Integration Platform as a Enable development, implementation, and governance of integration Service (IPaaS) fows connecting combinations of on-premises and cloud-based processes, services, applications and data within an individual organization or across multiple organizations. Internet Radio Provide internet radio. IT Monitoring Monitor information technology services. IT Operations Facilitate the provisioning and management of IT operations IT Service Management Monitor and manage the quality levels of your IT operations. (ITSM) Jobs Provide directories of jobs, job posting, and jobs applications. Knowledge Base (KB) Store, manage, and publish complex structured and unstructured information. Lead Management Generate potential business clients, generally operated through a variety of marketing campaigns or programs. Learning Management Facilitate the administration, documentation, tracking, reporting and delivery of e-learning education. Location Tracking Track the location of users, employees, people, and items.

Loyalty and Campaign Provide tracking and reporting for marketing eforts. Management Maintenance Analyze and manage maintenance and repair operations in the most Management cost-efective manner. Managed Hosting Provide hardware and software setup and confguration, maintenance, hardware replacement, technical support, patching, updating and monitoring. Also available, usually at additional cost, are advanced services like vulnerability scans, DDoS attack mitigation, data backups, load balancing, frewalls, intrusion detection and so on. Marketing Provide systematic planning, implementation and control of a mix of business activities intended to bring together buyers and sellers. Marketing Asset Maximizing the return of marketing media assets and contents across Management media channels to deliver timely, customized and localized messaging in support of the brand, corporate identity, or product positioning. Marketing Automation Specify criteria and outcomes for tasks and processes that are then interpreted, stored and executed by software. Marketing Data Collect, clean, normalize, format, and seamlessly integrate marketing Management performance data. Medical Practice Capture patient demographics, schedule appointments, maintain lists Management of insurance payors, perform billing tasks, and generate reports. Membership Facilitate payment processing, scheduling, member management, Management email and marketing tools Messaging Provide generic messaging services. Mind Mapping Create diagrams to visually organise information. Mobile Device Administer mobile devices, such as smartphones, tablets and laptops Management (MDM) when linked to a corporate network. Monitoring Track and store documents, including version control and history tracking. May also refer to services for monitoring email delivery. Network & Systems Support network transport connectivity, including the optimization of resource allocations by considering network and computing resources as a unifed whole. Network Monitoring Monitor computer networks constantly for slow or failing components and notify the network administrator using email, SMS or other alarms in case of outages. Note Taking Record information captured from another source. Notifcations Provide notifcation alerts that appear on the desktop when receiving a new email message, meeting request, or task request.

Online Banking Enable customers to conduct fnancial transactions with banks and similar institutions. Online Bookings Facilitate payment processing, listing and booking management of fights, hotels, restaurants, and so on. Online Database Serve databases accessible from a network, including from the internet. The databases can be specifc or generic but are not publicly editable and are secured from any changes by the user. Online Diagramming Create fow charts, business charts, and so on online without the need to download a software application. Online Fax Facilitate the sending and receiving of faxes. Online Forms Provide tools to create and manage forms. Online Maps Provide interactive, dynamic, online maps. Online Meetings Provide tools to set up online live meeting sessions. Online Presentations Facilitate presentations with slides and similar visual and audio tools. Online Printing Facilitate printing of documents, brochures, business cards, and so on. Online Productivity Suite Facilitate global collaboration and virtual teamwork. Online Services Provide online services such as emailing doctors, viewing test results, requesting prescription renewals, bookings, car rentals, and so on. Online Shopping Facilitate buying and selling online. Online Store Allow consumers to directly buy goods or services from a seller over the internet. Alternative names are: etailer, e-shop, e-store, internet shop, web-shop, web-store, online store, online storefront and virtual store. Online Trading Facilitate the placing buy and sell orders for fnancial securities and currencies with the use of a brokerage's internet-based proprietary trading platforms. Online Transcoding Provide data transcoding services including video, audio and documentation. Order Management Provide tools for managing orders and order processing. Password Management Allow individuals to organize and encrypt personal passwords using a single login. This often involves the use of an encryption key. Payment Service Ofer online services for accepting electronic payments using a variety Provider (PSP) of payment methods. Payroll & Benefts Manage and distribute employee earnings and fringe benefts by Administration hours or percentage, and compensation management.

Performance Appraisal Manage employee performance evaluations, appraisals, performance plans, and career development plans. Performance Facilitate business performance management, including business Management processes, planning, and forecasting. Personal Finance Allow individuals to manage their personal investments and fnances, including retirement. Photo Sharing Enable users to share photos with others, either publicly or privately. Platform as a Service Rent hardware, operating systems, storage and network capacity over (PaaS) the internet. The service delivery model allows the customer to rent virtualized servers and associated services for running existing applications or developing and testing new ones. Podcasting Facilitate the development and distribution of episodic audio, video, radio, PDF, or ePub fles subscribed to and downloaded through web syndication or streamed online to a computer or mobile device. Point of Sale Facilitate retail transactions. Portal Ofer a broad array of resources and services, such as e-mail, forums, search engines, and online shopping malls. Portfolio Management Facilitate the centralized management of one or more portfolios, including identifying, prioritizing, authorizing, managing, and controlling projects, programs and other related work to achieve specifc strategic business objectives. Predictive Analytics Ofer statistical tools and techniques for modeling, machine learning, and data mining to analyze current historical facts to make predictions about future events. Procurement Facilitate the acquisition of goods and services from other Management organizations or frms. It provides a complete procurement process and procurement procedures that explain step-by-step, how to purchase from suppliers. Project Management Plan, organize, motivate, and control resources, procedures and protocols to achieve specifc goals in scientifc or daily problems. Proposal Management Facilitate repeatable processes and techniques for team collaboration to improve proposal quality. Managing a proposal involves defning the process, planning the content, and coordinating reviews, as well as assigning staf and coordinating their activity. Publishing Make businesses brands and companies a presence on media.

Quality Management Facilitate quality planning, quality control, quality assurance and quality improvement. Quality management is focused not only on product and service quality, but also the means to achieve it. Quoting Issue, track, and manage quoting data. Real Estate Help manage and monitor rentals, leasing, buying and selling, and other real estate matters. Record Management Facilitate the systematic control over the creation, distribution, use, maintenance, and disposition of recorded information maintained as evidence of business activities and transactions. Recruitment Facilitate the end-to-end hiring process, including advertising jobs on websites and job boards, importing and parsing resumes, creating custom reports, and communicating with candidates. Referral Provide tools for promoting products and services to new customers through referrals. Remote Access Facilitate connection to a data-processing system from a remote location, for example through a virtual private network (VPN). Rentals Ofer rental services. Reputation Management Facilitate management and infuence of the reputation of an individual or enterprise. Requirements Facilitate the process of documenting, analyzing, tracing, prioritizing Management and ratifying requirements, controlling change and communicating to relevant stakeholders. Research Facilitate the exploration of issues, understanding of phenomenon, and answering of questions by analyzing and understanding unstructured data. Reservation Manage bookings for hotels, motels, and other properties. Management System Retail Management Manage business operations, including proft and loss, facilities, safety and security, and banking. Review & Feedback Facilitate user feedback, including reviews, comments, and ratings for products and services. Risk Management Identify, plan for, manage, and mitigate risks and constraints. RSS Facilitate the syndication and distribution of RSS web feeds for blog entries, news headlines, audio, video, and so on. Sales Automation Automate business tasks such as inventory control, sales processing, and tracking customer interactions, as well as analyzing sales forecasts and performance.

Sales Commission Facilitate the management of commissions and other sales incentives. Sales Management Facilitate the practical application of sales techniques and the management of a frm's sales operations. Sales Performance Facilitate the practice of monitoring and guiding personnel to improve Management (SPM) their ability to sell products or services. School Management Automate academic administration from admission to graduation, maintain academic records, facilitate collaboration, allow schools to collect fees, conduct exams and print report cards. Screen Sharing Let users share desktop content from computers, such as web browsers, documents, spreadsheets, and so on, in real-time over the internet. Search Engine Search for and identify items in a database that correspond to keywords or characters specifed by the user, and used for fnding related sites on the internet. Search Engine Manage the visibility of a website or a web page in a search engine's Optimization natural or unpaid ("organic") search results. Security Manage online security, email security, website security, and other security-related concerns. Sell Side Platform (SSP) Enable publishers to manage their advertising impression inventory and maximize revenue from digital media. Server Hosting Provide application hosting services. Service Dispatch Manage services such as installations and repairs, and also Software communicate efectively with customers and workers. Shipping & Mailing Facilitate shipping and order tracking. SMS Gateway Send SMS transmissions to or from a telecommunications network. Social Media Analytics Facilitate the practice of gathering data from blogs and social media websites, and analyzing that data to make business decisions. Social Media Manage outbound and incoming online interactions and other Management business marketing activities. Social Media Marketing Facilitate content creation that attracts attention and encourages readers to share it across their social networks. Social Media Monitoring Monitor trends and topics on social media platforms. Social Network Enable users to interact socially by communicating with each other by posting information, comments, messages, images, and so on. Social Sharing Use social media outlets and communities to generate publicity to Optimization increase the awareness of your product, brand or event.

Spam Protection Help secure networks, servers, websites, and users from spam. Sports Management Provide tools to manage sports activities in schools, colleges, universities, and so on. Storage Provide storage and access to fles online. Supply Chain Manage all the activities that must take place to get the right product Management (SCM) into the right consumer’s hands in the right quantity and at the right time; from raw materials extraction to consumer purchase. Supply Management Facilitate methods and processes of modern corporate or institutional buying. Surveys Assess thoughts, opinions, and feelings by survey respondents. Sustainability Incorporate social, economic and environmental factors into business Management decisions. Talent Management Manage human capital requirements for an organization and plan to meet those needs. Also manages goals, tasks, performance reviews, compensation and benefts. Tax Management Facilitate the management and automation of the payment of taxes Telecommunication Provide telecommunication services. Time Tracking Track and manage the time spent on tasks. Training Implement online training that suits individual learning needs. Travel & Transportation Serve travel needs for enterprises and individuals for airlines, airports, hotels, passenger rail, travel agencies, global distribution and vehicle rentals. May also include package express, warehousing, cargo airlines, freight rail, ocean shipping, trucking, port operations and third-party logistics. URL Shortening Service Create and manage user-friendly URLs. Vehicle Tracking Locate, track, and manage feet vehicles. Vendor Management Enable organizations to control costs, drive service excellence and mitigate risks to gain increased value from their vendors throughout the transaction life cycle. Video Authoring Create engaging video presentations to share with employees, partners, prospects and customers. Video Hosting Allow individuals to upload video content to share or place on a website. Video Sharing Facilitate the uploading and sharing of videos with individuals or groups.

Video Streaming Provide data transfer to allow steady and continuous video display and processing by a client. Virtual Private Network Use public telecommunication infrastructure, such as the internet, to (VPN) provide remote ofces or individual users with secure access to their organization's network. Voice Messaging Provide online voice messaging services. Voice over IP (VoIP) Provide telephone services over internet connections. Vulnerability Provide vulnerability alert generation, analysis, and mitigation services. Management Platform This may also include audits, reporting, and real-time dashboards. Warehouse Manage supply chains to control the movement and storage of Management (WMS) materials within warehouses, and process the associated transactions, including shipping, receiving, stocking and picking. Website Monitoring Test and verify that end users can interact with a website or web application as expected. Website Tag Helps clients launch and manage third-party code snippets while Management improving page load times. Workfow Management Facilitate the set-up, performance and monitoring of a defned WfMS) sequence of tasks. Workforce Management Manage employees and other staf, including forecasting incoming calls volume, agents stafng calculations, shifts structure optimization, agents scheduling and rostering, and break scheduling.

Revision history

Date Version Description 4 April 2015 - 1.0-1.14 Initial release, various minor changes 17 October 2016 5 January 2017 2.0 Add flter confgurations, new services selections 11 January 2017 2.1 Address BRR profle features 3 February 2017 2.2 Add recommended service URL validation 17 March 2017 2.3 Fix reference to renamed Tech Note 22 May 2017 2.4 Add fltering service details by user IP address or subnet 9 August 2017 2.5 Add security compromises feature 7 September 2017 2.6 Add notes about reports and access profles 29 September 2017 2.7 Add IP fltering conditions, address new user and services fltering UI and partially researched services

7 November 2017 2.8 Add BRR handicap feature, new CSV export function 11 January 2018 2.9 Address new flter attribute tools, new CSV export options 6 April 2018 3.0 Address flter multi-select 17 May 2018 3.1 Update screenshots, address service last reviewed date 27 June 2018 4.0 Address service and usage details export 23 October 2018 5.0 Add app attributes section 27 November 2018 5.1 Add notes about custom apps functions 27 November 2018 6.0 Address Audit score trend graph, export policy to CPL fles 17 January 2019 7.0 Add service category reference 31 January 2019 8.0 Address discovery profle URLs, service visibility update 14 February 2019 9.0 Address Custom Gatelets 21 February 2019 10.0 Address new service request tracking features 1 May 2019 11.0 Address CloudSOC UI update 19 June 2019 11.1 Changed “attribute flters” to “additional flters”. Updated screenshots to new UI.

11 July 2019 11.2 Added “Use of Attribute Filters in Find and Compare Services” section. Added “Search Cloud Applications by Service, Category, Tag, Risk, User, Country, and Platform” section. 21 May 2020 12.0 Updated the categories. 27 May 2020 13.0 Enhanced the BRR information. 07 July 2020 14.0 Removed Threat sections, and updated images. 17 July 2020 14.1 Added information about session count. 14 April 2021 14.2 Added text about exporting Audit Service URLs. 26 April 2021 14.2 Added text about exporting IP addresses.