PA Networks' Aperture Service Shines Light Into Shadow IT

This is all about bringing "shadow IT" out into the light. Enterprises need visibility into and control over all their data.

Not feeling supremely confident about your company's data—and business data created by employees on personal devices—being stored in your public cloud service? Have no fear: Palo Alto Networks now has an app service for that.

The Santa Clara, Calif.-based data security company on Sept. 15 launched Aperture, a new security-as-a-service offering to help organizations safely enable and strengthen security for company-sanctioned SaaS applications, such as Box, Dropbox, Google Drive and Salesforce.

This is all about bringing "shadow IT" out into the light. Shadow services are adopted directly by individual users, business teams or even entire departments, and central IT at a company has little or no knowledge or control over them.

While each of those popular applications certainly has its own security, often there are gaps. Those are the ones PA Networks is seeking to close, in addition to giving enterprises more insight into how they are being used in relation to the business.

"What we're doing is addressing the fact that enterprises have a lack of visibility and control over usage of those SaaS applications by employees—and contractors," Samantha Madrid, head of network security product marketing at Palo Alto Networks, told eWEEK. "They're not able to extend existing security policies to SaaS apps."

Enter Aperture, which is based on intellectual property acquired from CirroSecure in May 2015. Aperture features granular policy controls and gives security teams visibility and control of sanctioned SaaS application usage. It also provides a detailed analysis of usage by user and device to determine if there are any data risks or compliance-related policy violations, Madrid said.

Aperture is integrated into Palo Alto Networks' WildFire cloud-based malware prevention app to identify known and unknown malware. It also plugs one of those key gaps mentioned above: It prevents a SaaS application from becoming an insertion point for advanced threats into an organization's computing environment.

Aperture, a cloud-based, device-agnostic offering that requires no agents, has little impact on the user's experience or changes to the network infrastructure, the company said. If a use violation occurs, Aperture enables quick enforcement of security policies to quarantine folders and data, the company said.

Key features of Aperture include:

--Complete visibility across all user, folder and file activity: Helps organizations transition from a position of speculation to one of knowing what is happening at any given point in time.

--Retroactive analysis and control of data and threat exposure: Provides enforcement dating back to the creation of the SaaS account itself.

--Deep content inspection and usage analytics: Quickly classifies data and determines if there are any data risks or compliance-related policy violations.

--Granular, context-aware policy control: Drives the enforcement and quarantine of folders and data as soon as a violation occurs.

--Advanced threat protection: Blocks known malware, and identifies and blocks unknown malware.

For more information, go here.

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 13 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...