Trust Nothing, Scan Every Thing

ScanCloud APIs and Kits makes it easy for developers to more securely process unknown entities such as URLs, files, emails with confidence and secure their applications from being exploited by malicious actors.

Contents

Typical Architecture

ScanCloud believes that a tools like ScanCloud Internet Entities Info Kit will cater to two key problem statements

Credibility of an Application

Users of cloud based applications and platforms are increasinging asking for security credibility of such applications.

If an application is in the business of handling internet entities such as URLs, Emails, uploads/downloaded files etc, then the application is expected to ensure that it does not accept or share malware, phishing URLs or guides users to malicious sites.

An application will lose credibility very quickly if it is found to be compromising security of customer IT assets and it will loose credibility fairly quickly if it is not able to show how it is mitigating such risks.

Zero Trust Security

Zero trust security means that no one is trusted by default. So no users or machines or application interactions should be automatically trusted.

Zero Trust Users

Humans are likely the weakest link in Security strategy. Trust no users, whether in or outside the organization’s network. Limit, monitor and validate any user interactions with your application. If the application has file upload/download functionality, it is imperative to block malicious actors in the boundary to ensure your infrastructure remains secure. Attackers may want to exploit the File upload functionality and upload malicious files or Application users/customers/subscribers may unknowingly upload the malware to your infrastructure.

Zero Trust Applications:

Due to supply chain attack trends like Solarwinds, A large number of interactions between cloud applications going forward are expected to be happening in a zero trust environment ie., applications not trusting the interactions from other applications or zero trust between applications.. Post solarwinds, most applications will operate on Verify then trust model of exchanging information with the other applications. One area of defence is to ensure the entities are scanned in the boundary between the applications. However, such applications may not have their own database of security information to decide whether to trust the interaction with the third party or not.

Hence there is a need for reliable third party Security scanning API/Kit that helps them make such decisions with ease.

Usage workflow

ScanCloud Entity Security Information Kit is a collection of language based libraries and tools that can be used by a multitude of developers to integrate from within their applications.

  1. Integrate the ScanCloud Kit into the application

ScanCloud Kit can be integrated with an application. ScanCloud Kits are available in various programming languages such as Python, JavaScript and in REST API format.

These Kit function calls are made as a subsequent step as and when an “entity of interest” is being processed, Some of the examples could be

  1. Upload/Download of certain types of files
  2. Submission of URLs that are displayed publicly or processed for certain steps
  3. Email attachments (Upload or download)

ScanCloud documentation provides for multiple types of integration that might be available for these integrations to happen.

  1. Configure the service parameters of ScanCloud Kit

For privacy and security, developers can register in ScanCloud.com, login with registered username to create an API key to use as a service parameter with your integration code. This will create a new instance of the scan client with your private API key specific to the application.

  1. Call/Response

As the application containing the ScanCloud Kit makes a call through the ScanCloud API, inside an expected SLA, the SDK will try to provide a response to the required information about this entity. This information can be used to make the determination for the appropriate course of action by the application

Numerous Call/Response examples are provided along with the ScanCloud Kit for the ease of integration and usage

  1. Application processing of response

Once the security information is received about an entity by the application, the application will take a decision on the flow to choose. It may choose to go forward on the normal course despite the adverse security information, as it may deem it to be not enough.  ScanCloud Kit will provide such guidance for usage.

  1. Managing and Monitoring plugin Integration

ScanCloud believes in vendor neutrality and provides an option to choose from several mainstream security SAAS providers(For ex: Crowdstrike, urlscan.io, cloudmervice. etc.,) from ScanCloud Console - The integrations/plugins are managed via a central console with an option to switch to different security SAAS providers, monitor activity, generate reports and do retrospective threat analysis.