0:00 Hello everyone. 0:01 In this video we'll show you how to create a CASB policy in versus Cassie solution. 0:10 So first of all, what do we want to achieve with SASE? 0:12 So with SASE, what we want to do is to get further visibility into the user traffic and go beyond what we can already do with DPI. 0:21 So with DPI, you can recognize applications, know that one application traffic is Facebook, the other one is YouTube and you can allow or block that because B, we want to go further, we want to go further than that and see the activities inside the application. 0:38 So not just block allow or block YouTube entirely, but for example, see the activities inside YouTube and decide which one you want to allow, which one you want to block. 0:49 Or simply for monitoring if you want to keep track of what all the users doing inside the applications. 0:57 So here for example, let's look at some example with YouTube. 1:00 So right now I'm connected inside the SASE client. 1:03 So all my traffic is being monitored by the SASE gateway. 1:09 You can see that the certificate is signed by the Versa SASE. 1:14 So here this is certificate from the gateway. 1:16 So it's important to have SSL decryptions configured so that we can see inside this traffic to be able to have the visibility that we want forecast. 1:30 So further here if I try in YouTube, if I try to search for videos here you can see that the activity is being blocked. 1:40 So I receive a popup telling me no, you cannot search inside YouTube. 1:44 This is an activity that is blocked and you can see that even if I try to search, it's telling me it's blocking the request and I cannot completely do any searching. 1:55 So I have a popup and it's not working. 1:59 Now let's move to a video. 2:02 You can see that if I move to a video, I can watch the video. 2:06 There is no problem to watch a video. 2:08 However, if I go there and try to share the video and then here again it's not completing and I received a popup telling me that this is an activity that is blocked. 2:18 So that's why I cannot access this activity. 2:23 I cannot complete this. 2:26 So this is an example of versa. 2:27 CASB here is with YouTube, but it could be done with various applications. 2:34 So how do we create such profile inside the portal? 2:40 So to create CASB profile, first you need to go into the configure menu in profile. 2:46 So this is where you find all the security profiles like URL filtering, IPS and so on. 2:52 And here you have a tab for all the CASB policies. 2:56 So you can review the existing policies, you can modify them or you can create new ones. 3:02 So this is what we will do here. 3:05 So here's the first step will be to select applications. 3:08 So we can see the list of applications that are supported for CASB and here we'll select some of them for the demo. 3:20 So JML for example, I will add Dropbox, I will add YouTube next. 3:29 So here you can review the application that I selected. 3:34 You can allow or block the application entirely. 3:38 But most simply with CASB we can review the activities that can be done in those applications. 3:43 So for example in Gmail I can see that users are sending emails, that they are uploading files, sending files. 3:50 I can see that for Dropbox as well. 3:53 For example, I can see file upload downloads and maybe block those activities. 4:00 And now for YouTube, see if I click on edit I can review the different actions. 4:06 So those are all the actions that you can see with YouTube if users are watching videos, liking, putting comments and so on. 4:13 And here to recreate the same policy, I will block searching and block sharing of videos. 4:23 So I click on done, you can see that it's grayed out. 4:25 Now that it's being blocked, I click on next. 4:28 Here I can select the default action. 4:30 So do I want to allow the applications that were not selected or not? 4:35 Or so do I want to log all the traffic, all the activities? 4:38 So if an application, especially if this is for the traffic that is allowed, if traffic is allowed, do I want to monitor that or not? 4:45 So first let's say yes, here and now all I'll have to do is to create a name for my rule. 4:57 So I create my name, I can review the applications that were selected, the activities for those applications. 5:06 And now I saved this new rule. 5:08 Now all I have to do is now to apply it. 5:11 So now for that I go to configure Real Time Protection Internet Protection Manual. 5:17 So we have a specific video describing those security rules and how to create them. 5:23 So this video will teach you how to create those rules. 5:26 Here I will simply edit one. 5:29 So this rule is not matching on anything, it's just matching on all the traffic for a specific user that I use for the demo. 5:37 And in the action field, I can decide if the traffic is allowed or if it's blocked or if I apply some security profiles. 5:47 And here's the security profiles are the ones that we can create from the profiles menu. 5:52 So for example, we will find all the UL filtering profiles and so on. 5:56 Also you will find some predefined profiles available. 6:01 And here we have a menu, a tab for CASB. 6:06 So by default is disabled. 6:08 You can simply enable CASB for this rule and you can select which is the CASB profile that you want to apply for this traffic. 6:17 So here I apply this one that we just created. 6:21 You can also create a new one here. 6:23 So you don't have to create it before in the profile menu, you can create it. 6:27 You can first create the rule and create the profile in the middle of the rule as well. 6:31 It's possible. 6:34 So here I select this one. 6:36 I click next, I can just review that save and my rule is updated. 6:43 So now the last thing that I have to do is to publish to make sure remember to publish to make sure that the profile is well applied. 6:52 Remember as well to create TLS decryption profile if you want to make sure that all the traffic is well decrypted. 7:01 And now I will also show you the logs that we will generate with CASB. 7:11 So here in analytics you have the logs thread filtering and here there is a CASB tab and here you can review all the actions that were done by the users. 7:23 So for example you can see that my user during the demo we have been trying to search on YouTube. 7:29 So this was blocked by this profile in CASB. 7:34 Then we watch the video, this was allowed and then we try to share and this was blocked. 7:39 So you can review all those actions that were happening but also for all the applications you can see that my user tried to upload the file, download the file and this was allowed. 7:48 So you can monitor activities also use those logs to review your rules that you created and make sure that they are working as expected. 8:00 If you want to have a summary of that, you have also the dashboard security threats here. 8:06 There is also a CASB tab that will do a summary of those logs to show you OK, which were the top applications of CASB that were seen in a certain time period? 8:16 What was the main actions and what were the top users and top rules that were being matched? 8:24 So that's it for the Versa CASB policy creation. 8:29 I hope this was helpful and have a good testing.