Which cloud computing tool is used to discover internal use of cloud services using various mechanisms such as network monitoring?

The cloud access security broker (CASB) is the correct choice because it serves as a critical tool for organizations looking to manage and secure their use of cloud services. CASBs provide visibility into cloud activity by monitoring user access and data interactions across different cloud applications. This is accomplished through various mechanisms, including network monitoring, which allows organizations to identify and analyze internal usage of cloud services, ensuring compliance with security policies and regulations.

CASBs not only help in discovering unauthorized or unsanctioned use of cloud services (often referred to as shadow IT) but also provide capabilities such as data loss prevention, threat protection, and access control. This multifaceted approach to cloud security makes CASBs essential in managing an organization’s cloud security posture effectively.

In contrast, the other options do not provide the same level of visibility into internal cloud service usage. Data loss prevention (DLP) primarily focuses on preventing sensitive data from being lost or leaked, rather than discovering cloud service usage. Content delivery networks (CDNs) are designed to deliver content efficiently across different networks but do not have the capabilities to monitor cloud service usage. Web application firewalls (WAFs) protect web applications by filtering and monitoring HTTP traffic between a web application and the internet but do not specifically