0:01 So what are we doing for CASB? 0:02 What are some of the innovations for CASB? 0:05 So we have added support for more applications and we have added, we always supported, we always prevented users from from sharing information between between the enterprise apps instance of an app and a private instance of an app. 0:25 So the user cannot go to SharePoint, download something and then upload something into OneDrive to a private OneDrive. 0:32 So we definitely want to prevent that. 0:33 And we can do the same thing with Google applications. 0:37 But now we have added more capabilities there. 0:39 We have added something called as constraint profile. 0:42 So you can specify a class of 2 users and from users or the SoC admin can specify that that who can share information with what with whom. 0:53 So for example, you can have like the from users can be all users and two users can be for users who are acting kind of suspicious so you don't want to share information with them. 1:04 So all of that is possible using our user constraint profiles. 1:09 The other thing is we have added something called as mapping of users to user identifier. 1:17 So in many applications like Teams, when you make a Teams call, when John Doe makes a team, team scroll to Bob, the wire protocol basically has the ID of Bob, it has the user ID of Bob. 1:31 It does not have the username of Bob. 1:34 So, so it is not easy for the Versa Cloud Gateways or the SASEE gateways to enforce policies that who can share with whom. 1:45 So as a result we integrate with Microsoft Graph API's and and facilitate all of that that we facilitate this constraint policies which which depend on user IDs. 1:59 Then we have added IPS signatures and now for supporting new activities. 2:04 So if you have a predefined app which was already has but we do not support a certain activity like we do not support like for example in YouTube, something like that. 2:15 And you want to add support for that, then using this IPS signatures, you can add support for that. 2:21 But the other, the other the more useful use of the IPS signatures if you have a private app which is specific to your enterprise. 2:32 So you can write signatures for recognizing the app as well as recognizing activities within the app. 2:39 And then you can enforce all of these using our CASB policies. 2:45 So here basically are like a SoC admin. 2:48 Here he is configuring what I call as a constraint profile. 2:53 And a constraint profile can be based on user and group. 2:57 And the user and group themselves are loaned through LDAP. 3:00 So the user is telling the that that for example, any user cannot share information with suspicious the group which are suspicious the users. 3:10 OK people, perhaps they're on the way out. 3:13 They are they are demonstrating risky behaviour. 3:18 So what happens is that when the user configures. 3:21 So I'm just going to show you a few screenshots of what does this look like. 3:26 So when this is config is pushed to the Versa Concerto. 3:29 So the config looks like this. 3:32 So the the user specifies the from users and two users. 3:36 At this point we are configuring the two users. 3:40 So the two group or the two users. 3:42 So either the user groups are learned from LDAP here in this case and and then the user group basically will have a bunch of users. 3:51 But what the wire protocol might see is the user IDs. 3:55 So we still need to convert the user users to user ID, which we do using this Graph API. 4:02 So this is a constraint profile, a CASB constraint profile and that itself is referred within a CASB rule. 4:12 And the CASB rule itself looks like this. 4:14 Again, a screenshot of that. 4:17 So here's the CASB profile which is restrict file sharing and these are the rules. 4:22 And one of the rules is Box and Dropbox rule. 4:27 And the constraint is CASB to user. 4:30 And the CASB to user constraint is here is that the form user is blank, which means all users cannot share information with for example user1user1@wordsandnetworks.com or it can be user1user1@acmed.com. 4:45 And so this this once this policy is downloaded on to the versa cloud gateways, it is enforced. 4:53 So. 4:54 So this is what happens. 4:56 So now what happens is that the user has configured the CASB constrained profile, the CASB profile and he commits the config to coming to the VCGS. 5:09 So when he commits the config to the VCGS and the config is deployed on the VCGS, then the Versa Cloud Gateways reaches out to Microsoft Graph to learn about the user and user ID. 5:24 OK, so because the policies are going to be based on groups, user groups, which are humanly understandable and but the wire protocol is going to have UUUUIDS and as a result we have to learn the mapping of users to use UUID. 5:43 So now what happens is that when this person here on the left, he tries to make our teams call, then the Versa Cloud Gateway has complete mapping of the users to user ID and it also knows what groups they belong to and it can do the right enforcement and then the traffic can be allowed to go to teams or some other application. 6:07 So this is something which we have added as part of CASB along with along with the IP, IPS based signatures and a lot of other things which which we cannot cover because of limited time.