The default built-in security rules make sure that your corporate cloud service is monitored and protected the moment you start using Coronet SecureCloud.
The default rules cover the following security use cases:
- Access control
- Detect and prevent abnormal login patterns including login attempts from risky countries, impossible travel, login attempts into inactive accounts, and repeating failed login attempts.
- Detect and report vulnerable devices that might access corporate cloud services and create a potential attack vector.
- Detect and prevent users access to corporate cloud services from high-risk areas.
- Detect and prevent users access to corporate cloud services from high-risk networks with potential attackers.
- Service control
- Detect and prevent abnormal user activity while connected to corporate cloud services, including abnormal download patterns and activity on dormant accounts
- Detect and prevent the spread of ransomware in corporate file storage services
- Detect and prevent sharing of sensitive files to people outside corporate domain
Visibility Mode built-in rules monitor and report device, network and service vulnerabilities and risks, while Protection Mode built-in rules also notify your users about potential risks and apply risk mitigation actions (see the Visibility Mode and Protection Mode guide for more information on these modes).
In Protection Mode, you can modify the active rules and adapt them to your specific corporate needs by adding your own rules and/or disabling the built-in protection rules (see Setting up customized security rules).
You can see the details of each rule by going to CONFIGURE → Rules in the console’s menu.
You can disable any built-in rule by going to the rule’s definition, clicking the three-dots icon (⋮) and selecting Disable.