Which feature of a Cloud Access Security Broker (CASB) solution helps scan for malware and restrict rogue or non-compliant device access?

The feature that scans for malware and restricts access from rogue or non-compliant devices is the Antivirus functionality within a Cloud Access Security Broker (CASB) solution. This feature is crucial for maintaining security as it continuously monitors data and traffic within cloud environments, detecting malicious software that could compromise sensitive information or the integrity of systems.

Antivirus capabilities in a CASB can automatically scan files for known malware signatures and apply threat intelligence to identify potential risks in real time. When a device is deemed non-compliant or if there is suspicion of malware, the CASB can take action by blocking access to resources. This ensures that only secure and compliant devices can interact with the organization's cloud services, thereby minimizing the risk of security breaches and protecting data integrity.

On the other hand, options such as configuration management focus on maintaining system settings and ensuring compliance with security policies but do not directly address malware detection or device access restrictions. Single Sign-On facilitates user authentication but does not directly mitigate malware risks. Data exfiltration mitigation is concerned with preventing unauthorized data transfer but does not address the scanning for malware aspect or the initial access control against rogue devices.