Cloud Access Security Brokers

Cloud Access Security Brokers Overview

Cloud Access Security Broker (CASB) Software is designed to allow organizations to extend their on-premise security policies to it’s interactions with a 3rd-party cloud provider's infrastructure. This software acts as a broker ensuring that network traffic between on-premises devices and the cloud provider complies with the organization's security policies.

The use of unauthorized cloud applications in large enterprises is growing as business units provision their own applications and bypass the IT organization. This practice is highly problematic in regulated industries. CASB can identify unauthorized cloud applications so that they can be brought under the security policies of the organization. This functionality provides organizations visibility into cloud service usage, ensures regulatory compliance, protects organization data, and mitigates some external threats.

CASB software most commonly uses a mix of APIs and proxy services to mediate systems and devices’ interactions with 3rd-party cloud providers. For instance, CASBs will forward proxy managed devices to control interactions to the device from the cloud provider server, and they will also reverse proxy unmanaged devices to control interactions for the unmanaged device to the cloud provider. This allows CASBs to both protect devices and systems from cloud provider vulnerabilities, as well as protecting cloud-based systems from certain device vulnerabilities and risks, particularly unmanaged devices.


Top Rated Cloud Access Security Brokers Products

TrustRadius Top Rated for 2022

These products won a Top Rated award for having excellent customer satisfaction ratings. The list is based purely on reviews; there is no paid placement, and analyst opinions do not influence the rankings. Read more about the Top Rated criteria.

Cloud Access Security Brokers Products

(1-23 of 23) Sorted by Most Reviews

The list of products below is based purely on reviews (sorted from most to least). There is no paid placement and analyst opinions do not influence their rankings. Here is our Promise to Buyers to ensure information on our site is reliable, useful, and worthy of your trust.

Avanan
Customer Verified
Top Rated

Avanan connects leading security technologies to the most widely used enterprise cloud applications, in order to improve protection of sensitive corporate data and IP. According to the vendor, Avanan's one-click deployment allows customers to deploy a new security solution in seconds.…

Key Features

  • Threat Detection (105)
    95%
    9.5
  • Management Tools (105)
    89%
    8.9
  • Cusomizability (105)
    88%
    8.8
Zscaler Internet Access

Zscaler Internet Access is delivered as a security stack as a service from the cloud, and is designed to eliminate the cost and complexity of traditional secure web gateway approaches, and provide easily scaled protection to all offices or users, regardless of location, and minimize…

Microsoft Defender for Cloud Apps

Microsoft Defender for Cloud Apps (formerly Microsoft Cloud App Security) is a multimode cloud access security broker.

McAfee MVISION Cloud

The McAfee MVISION Cloud is a cloud access security broker (CASB), formerly known as Skyhigh CASB before McAfee acquired Skyhigh in January 2018.

Cisco CloudLock

CloudLock is a cloud security option acquired by Cisco in August 2016.

Forcepoint CASB

Forcepoint CASB promises to help eliminate security and compliance blindspots by providing visibility into users' devices and cloud apps. The vendor promises the following benefits: Discover and risk-prioritize all unsanctioned cloud use (Shadow IT) to quickly and easily determine…

Broadcom CloudSOC CASB

CloudSOC CASB is a cloud access security broker developed by Elastica and now owned and supported by Broadcom, since Broadcom acquired Symantec, who acquired Elastica as part of Blue Coat in 2015.

Netskope CASB

Netskope cloud access security broker (CASB) enables the user to identify and manage the use of cloud applications, regardless of whether they are managed or unmanaged, and prevents sensitive data from being exfiltrated from your environment by risky insiders or malicious cybercriminals…

Oracle CASB Cloud Service

Oracle acquired Palerra in September 2016, a cloud security company. The Palerra platform is now offered as Oracle CASB Cloud Service.

WithSecure Cloud Protection for Salesforce

WithSecure (formerly F-Secure) Cloud Protection for Salesforce is a cloud security option protecting enterprises using Salesforce.com services.

Versa SASE

Versa SASE integrates a comprehensive set of services through VOS™ (Versa Operating System, formerly FlexVNF) delivering security, networking, SD-WAN, and analytics. Built to run in the most complex environments, Versa SASE provides the flexibility and elasticity for simple, scalable,…

Censornet Autonomous Cloud Security Platform

Censornet gives mid-market organisations the confidence and control of enterprise-grade cyber protection. Its Autonomous Security platform integrates attack intel across email, web, and cloud to ensure cyber defences react at speed. The vendor states that their AI-driven, autonomous…

Proofpoint Cloud App Security Broker (Proofpoint CASB)

Proofpoint Cloud App Security Broker (CASB) secures applications such as Microsoft Office 365, Google’s G Suite, Box, and other services, providing visibility and control over cloud apps.

Menlo Security CASB

Cloud Access Security Broker (CASB) from Menlo Security in Mountain View aims to give organizations deep visibility and control over SaaS traffic—including sensitive data protection and read-only access.

The Jellyfish Factory, from Cogito Group

Australian company Cogito Group offers the Jellyfish integrated access control based CASB, credential management / PKI solution, and digital identity solution.

miniOrange Reverse Proxy

A reverse proxy server is helpful in protecting systems against web vulnerabilities, which adds an extra degree of security. The reverse proxy provides protection between external clients and internal services. It provides various features like Rate Limiting, IP Restriction, Load…

Censornet Cloud Application Security (CASB)

Censornet Cloud Application Security (CASB) enables businesses to discover, analyse, secure and manage user interaction with cloud applications. The CASB solution provides visibility and control, and protects mobile workforce. It is integrated with Web Security for visibility and…

ManageEngine Log360

Log360 is a unified SIEM solution with integrated DLP and CASB capabilities that detects, prioritizes, investigates, and responds to security threats.

Bitglass

Bitglass secure corporate data on mobile devices and tracks sensitive documents on the Internet. A startup founded in 2013, the company announced it had entered into a definitive agreement to be acquired by Forcepoint in October of 2021.

Palo Alto Networks SaaS Security

Prisma SaaS (formerly Aperture) from Palo Alto Networks is a CASB solution that looks directly into SaaS applications, providing full visibility into the activities of users and data while granular controls maintain policy to eliminate data exposure and threat risks.

Saviynt

Saviynt headquartered in El Segundo provides cloud access governance and protection for enterprise cloud apps.

CipherCloud

CipherCloud is a cloud security option from the company of the same name in San Jose, California.

iboss Zero Trust Edge
0 reviews

The iboss Zero Trust Edge, from iboss headquartered in Boston, aims to prevent breaches by making applications, data and services inaccessible to attackers while allowing trusted users to securely and directly connect to protected resources from anywhere.

Learn More About Cloud Access Security Brokers

What is Cloud Access Security Broker (CASB) Software?

Cloud Access Security Broker (CASB) Software is designed to allow organizations to extend their on-premise security policies to it’s interactions with a 3rd-party cloud provider's infrastructure. This software acts as a broker ensuring that network traffic between on-premises devices and the cloud provider complies with the organization's security policies.

The use of unauthorized cloud applications in large enterprises is growing as business units provision their own applications and bypass the IT organization. This practice is highly problematic in regulated industries. CASB can identify unauthorized cloud applications so that they can be brought under the security policies of the organization. This functionality provides organizations visibility into cloud service usage, ensures regulatory compliance, protects organization data, and mitigates some external threats.

CASB software most commonly uses a mix of APIs and proxy services to mediate systems and devices’ interactions with 3rd-party cloud providers. For instance, CASBs will forward proxy managed devices to control interactions to the device from the cloud provider server, and they will also reverse proxy unmanaged devices to control interactions for the unmanaged device to the cloud provider. This allows CASBs to both protect devices and systems from cloud provider vulnerabilities, as well as protecting cloud-based systems from certain device vulnerabilities and risks, particularly unmanaged devices.


CASB Solutions Comparison

When comparing cloud access security brokers, consider these factors:


  1. Granularity of Policy Controls: How granular will each CASB allow administrators to get with security policies? Common factors include device type,

  2. On-Premise and SaaS Integrations: How well does each CASB integration with the other systems the organization uses? Pay close attention to other security systems in particular, such as SIEM, firewalls, or other endpoint security systems. These systems collectively inform the organization’s broader security posture, and should be evaluated holistically.

  3. Use Case: Is the business primarily concerned with maintaining compliance, granting better visibility for other security systems like SIEMs, or protecting data itself? Most CASBs should be able to serve each use case to some extent, but may offer special functions and capabilities for certain use cases, such as meeting specific requirements for highly-regulated industries.


Start a CASB comparison here


Pricing Information

Pricing varies depending on the kinds of access being brokered and the range of services offered by the CASB. Pricing usually starts at $2/month for a functional CASB deployment and scales up to $30+/user/month for more advanced systems and offerings. Budgeting should also account for IT administration and overhead for the CASB.


Related Categories

Frequently Asked Questions

What does a CASB do?

Cloud access security brokers act as an intermediary between devices and cloud providers, as well as the systems hosted by the cloud providers. CASBs enforce security policies and protocols in accordance with on-premise systems security.

Who uses CASBs?

CASBs are most commonly used by larger organizations with a mix of on-premise and cloud-based systems.

How does CASB protect the business’s systems and data?

CASBs protect the business by controlling who has access to what cloud-based systems based on predefined policies and controls, preventing unauthorized and vulnerable access to systems.

How much do CASBs cost?

CASBs range from a couple dollars a month per user to $30/user/month, depending on how fully-featured and customizable the CASB is.