Cloud Discovery

Kaspersky Security Center Cloud Console allows you to monitor the use of cloud services on managed devices running Windows and to block access to cloud services that you consider unwanted. Cloud Discovery tracks user attempts to gain access to these services through both browsers and desktop applications. It also tracks user attempts to gain access to cloud services over unencrypted connections (for example, using the HTTP protocol). This feature helps you to detect and halt the use of cloud services by shadow IT.

The Cloud Discovery feature is only available if you have purchased a Kaspersky Next license. For details, refer to Licenses and the minimum number of devices for each license.

You can enable the Cloud Discovery feature and select the security policies or profiles for which you want to enable the feature. You can also enable or disable the feature separately in each security policy or profile. You can block access to cloud services that you do not want users to access.

To be able to block access to unwanted cloud services, make sure that the following prerequisites are met:

• You use Kaspersky Endpoint Security 11.2 for Windows or later. Earlier versions of the security application only allow you to monitor the use of cloud services.
• You have purchased a Kaspersky Next license, which provides the ability to block access to unwanted cloud services. For details, refer to Kaspersky Next Help.

The Cloud Discovery widget and the Cloud Discovery reports display information about successful and blocked attempts to gain access to cloud services. The widget also displays the risk level of each cloud service. Kaspersky Security Center Cloud Console gets information about the use of cloud services from all of the managed devices that are protected only by the security policies or profiles that have the feature enabled.

Enabling Cloud Discovery by using the widget

The Cloud Discovery feature allows you to get information about the use of cloud services from all of the managed devices that are protected only by the security policies that have the feature enabled. You can enable or disable Cloud Discovery for the Kaspersky Endpoint Security for Windows policy only.

There are two ways to enable the Cloud Discovery feature:

• By using the Cloud Discovery widget.
• In the properties of the Kaspersky Endpoint Security for Windows policy.

  For details on how to enable the Cloud Discovery feature in the Kaspersky Endpoint Security for Windows policy properties, refer to the Cloud Discovery section of Kaspersky Endpoint Security for Windows Help.

Note that you can disable the Cloud Discovery feature in the Kaspersky Endpoint Security for Windows policy parameters only.

To enable Cloud Discovery, you must have the Write right in the General features: Basic functionality functional area.

To enable the Cloud Discovery feature by using the Cloud Discovery widget:

1. Go to Kaspersky Security Center Cloud Console.
2. In the main menu, go to Monitoring & reporting → Dashboard.
3. On the Cloud Discovery widget, click the Enable button.
4. In the Enable Cloud Discovery window that opens, select the security policies for which you want to enable the feature, and then click the Enable button.

   The following policy settings will be enabled automatically: Inject script into web traffic to interact with web pages, Web Session monitor, and Encrypted connections scan.

The Cloud Discovery feature is enabled and the widget is added to the dashboard.

Adding the Cloud Discovery widget to the dashboard

You can add the Cloud Discovery widget to the dashboard to monitor the use of cloud services on managed devices.

To add the Cloud Discovery widget to the dashboard, you must have the Write right in the General features: Basic functionality functional area.

To add the Cloud Discovery widget to the dashboard:

1. Go to Kaspersky Security Center Cloud Console.
2. In the main menu, go to Monitoring & reporting → Dashboard.
3. Click the Add or restore web widget button.
4. In the list of available widgets, click the chevron icon () next to the Other category.
5. Select the Cloud Discovery widget, and then click the Add button.

   If the Cloud Discovery feature is disabled, follow the instructions in the Enabling Cloud Discovery by using the widget section.

The selected widget is added at the end of the dashboard.

Viewing information about the use of cloud services

You can view the Cloud Discovery widget that shows information about attempts to gain access to cloud services. The widget also displays the risk level of each cloud service. Kaspersky Security Center Cloud Console gets information about the use of cloud services from all of the managed devices that are protected only by the security policies that have the feature enabled.

Before viewing, make sure that:

• The Cloud Discovery widget is added to the dashboard.
• The Cloud Discovery feature is enabled.
• You have the Read right in the General features: Basic functionality functional area.

To view the Cloud Discovery widget:

1. Go to Kaspersky Security Center Cloud Console.
2. In the main menu, go to Monitoring & reporting → Dashboard.

   The Cloud Discovery widget is displayed on the dashboard.

3. On the left side of the Cloud Discovery widget, select a category of cloud services.

   The table on the right side of the widget displays up to five services from the selected category, to which users most often try to gain access. Both successful and blocked attempts are counted.

4. On the right side of the widget, select a specific service.

   The table below displays up to ten devices that most often attempt to gain access to the service. In this table, you can generate two types of reports: report on successful access attempts and report on blocked access attempts.

   In addition, in this table you can block access to the cloud service for a specific device.

The widget displays the requested information.

From the displayed widget, you can do the following:

• Proceed to the Monitoring & reporting → Reports section, to view the Cloud Discovery reports.
• Block or allow access to the selected cloud service.

The Cloud Discovery feature is only available if you have purchased a Kaspersky Next license. For details, refer to Licenses and the minimum number of devices for each license.

Risk level of a cloud service

For each cloud service, Cloud Discovery provides you with a risk level. The risk level helps you determine which services do not fit the security requirements of your organization. For example, you may want to take the risk level into account when deciding whether to block access to a certain service.

The risk level is an estimated index and does not say anything about the quality of a cloud service or about the service manufacturer. The risk level is simply a recommendation from Kaspersky experts.

Risk levels of cloud services are displayed in the Cloud Discovery widget and in the list of all monitored cloud services.

Blocking access to unwanted cloud services

You can block access to cloud services that you do not want users to access. You can also allow access to cloud services that were previously blocked.

Among other considerations, you may want to take the risk level into account when deciding whether to block access to a certain service.

You can block or allow access to cloud services for a security policy or profile.

There are two ways to block access to unwanted cloud services:

• By using the Cloud Discovery widget.

  In this case, you can block access to the services one by one.

• In the properties of the Kaspersky Endpoint Security for Windows policy.

  In this case, you can block access to the services one by one or block an entire category at once.

  For details on how to enable the Cloud Discovery feature in the Kaspersky Endpoint Security for Windows policy properties, refer to the Cloud Discovery section of Kaspersky Endpoint Security for Windows Help.

To block or allow access to a cloud service by using the widget:

1. Open the Cloud Discovery widget, and then select the required cloud service.
2. In the Top 10 devices that use the service pane, find the security policy or profile for which you want to block or allow the service.
3. On the required line, in the Access status in policy or profile column, do any of the following:
   • To block the service, select Blocked in the drop-down list.
   • To allow the service, select Allowed in the drop-down list.
4. Click the Save button.

Access to the selected service is blocked or allowed for the security policy or profile.