0:02 So what is API based data protection? 0:04 What are the new things which we are doing in API data protection and what is it first of all? 0:09 So API based data protection again it complements inline VCG. 0:15 So certain things a versa cloud gateway cannot do because of reasons such as certificate pinning. 0:22 So at that time, the file will get uploaded to G Drive or SharePoint and you still want to inspect them. 0:32 And so that's what APIDP comes into picture. 0:35 And So what we have done here is we have added support for more actions for SMTP proxy for O365G Suite and more applications and additional visibility and serviceability. 0:52 So let me first go over what is, first of all, APIDP. 0:56 So what happens is that here's a picture of of some endpoints which have either the Warsaw client or they may not have. 1:06 And now somebody is trying to upload a document, let's say to Office 365 or SharePoint. 1:14 So what happens is that it goes through a set of services on the Warsaw Cloud Gateway. 1:20 So this is a symbol representing one or more Warsaw Cloud gateways at a pop site. 1:25 And so now, so it goes through a set of services and when it looks at decryption policies, it may be that the Warsaw Cloud Gateway cannot decrypt, it cannot do like breaker inspect as a man in the middle because of certificate pinning. 1:44 Then this particular document will get uploaded to SharePoint OK. 1:51 And when now SharePoint calls versa OK, the versa at one security cloud. 1:58 So we we will versa registers what we call as web hooks with with SharePoint and G drive and Salesforce and other SAS application and IAS as well. 2:10 And so when there is an activity then we versa get called. 2:15 The versa at one security gets called and now the world side one security would do offline CASB for that. 2:24 It would first of all get the document from SharePoint or G drive and then it would do offline CASB that he should John Doe be first of all uploading this document. 2:34 Is he sharing this document? 2:35 Is he making he? 2:37 Does he have a shared link which is world which is readable to anybody and there is no expiry or easy sharing with somebody internal to internal within the company whom to whom you should not be sharing. 2:50 So all of this enforcement happens in the offline CASB and then we would also do full blown DLP on it and then it would go through like static file filtering. 3:04 So using ERR rules. 3:07 The next one is it goes through like a multi AV engine for which I showed you at the beginning of the presentation like the report which we generate. 3:16 Then it also does AIML and and sandboxing if necessary. 3:22 And then then it would stop or negate the work negate like if the user has uploaded something, it can delete the file based on whatever the admin is configured for the API based data protection rules. 3:39 So let me just show you like so now. 3:42 So we have added a lot more application. 3:45 So again, this is a screenshot of our API based data protection policy rules. 3:53 And these are we both have SAS event based as something called a schedule based. 3:58 So event based means what that when when the user uploads something to G drive, box or SharePoint, we get called. 4:06 And schedule based means one is that when somebody signs up for what's SASE service, we need to grandfather, we need to scrub all the existing context on content on box or SharePoint or G drive and scrub it for for the for DLP as well as malware. 4:27 So we do that and then we periodically also scan them because our models are changing and the rules are also changing. 4:35 The admin configured rules are also changing. 4:37 So we periodically also scan that. 4:39 So these are some of the apps which we support. 4:41 And then and what's our support is all what's as a, as a, as one of the highest number of SAS support for APIDP. 4:51 So this is how do we do, how do we protect some bad content being shared in Google? 4:59 I mean Gmail or office. 5:04 So first of all, the user has to go the the admin of the Gmail or office Office 365 has to go and say that the emails have to be scrubbed by Versa. 5:18 And so this is the Versa SMTP proxy which is part of the Versa at one security cloud. 5:26 So what happens is now let's say that a user is some e-mail gets sent, OK? 5:35 So the somebody from outside or somebody from inside, OK, so this is the e-mail. 5:41 This service is basically for Acme Corporation and somebody from a different company sends an e-mail to Acme Corporation employee. 5:50 Now office or Gmail would forward based on the e-mail dispatch rules, it would forward this e-mail to versa and then the Versa has a full blown SMTP proxy and which acts like a mail transfer agent. 6:06 So it does now full scrutiny. 6:09 So it'll run through, it'll look at either the headers of the SMTP proxy or the body or the attachment and it'll scrub it for, for any sensitive information or malware. 6:24 And so it'll it'll do all of that. 6:26 And if everything looks good, then it'll forward the e-mail back to Gmail Office 365 with the note that hey, this is or this, this particular e-mail has already been inspected. 6:39 So you can now forward it to the actual intended recipient. 6:45 Or if there is something sensitive, then we can drop the e-mail and notify the sender. 6:54 And if there are any policy violations. 6:57 So here. 7:00 So as I said, for every e-mail, whether it is the, the e-mail header or the document or the attachments which are part of the gym, which are part of the e-mail, we will look at them. 7:12 We'll look at the content of them. 7:14 You know, if there are FQDNS within them, we'll go and check out, you know, if those FQDNS, they were high risk rating or they are, they are safe. 7:23 And if they were, if they were high risk rating, then we will modify those as well. 7:28 And we'll modify them and redact them. 7:30 So the user will get an idea of what FQDN, what it was, but it the user will not be able to click on it. 7:36 And secondly, the second choice is that we can replace it by our RBI. 7:43 So it can be made to go, the FQDN can be made to go through our remote browser isolation cloud. 7:51 So what happens is that when the e-mail gets delivered by Gmail or Office to the actual user and when they click on it, it will go through the Versa RBI and that can again stop it. 8:03 So we have various options in terms of reduction. 8:10 So this is for the SMTP proxy and then this is what some of the proxy proxy configuration relating to here for Microsoft is. 8:24 So here what we are telling is that the Versa Cloud Gateway should after it has processed the file, it should forward the e-mail to this particular FQDN and the same thing we do for G Gmail as well. 8:42 And this one again we have added a lot of visibility on the SAS resources G Drive box or SharePoint. 8:52 So here, for example, this for this box instance, what are the various folders? 8:58 And if you look at one particular folder here like CASB demo, then when was it created? 9:04 So there was API DP infra has all of this visibility that whether there are any shared links and if there are public and whether basically whether this particular share, whether there's any collaboration going on for this particular folder as well. 9:23 So in short, tons of visibility for all all resources on SharePoint, G Drive, Box, Dropbox, all of that.