Cloud Threat Exchange (and DLP) - maybe we should rename it...

  • 30 April 2021
  • 0 replies

Badge +5

Though we built the Cloud Threat Exchange module of Cloud Exchange originally to facilitate the automated sharing between plugged-in security stack components of customer-specific threat indicators of compromise, including malURL, IP addresses involved in attacks, and malware filehashes, the tool is being used to meet other needs. 

The Github plug-in we built within CTE scans designated GitHub repositories for the files each contains, and extracts the filehashes of the code and documentation. It then pushes this information into Netskope, specifically into the custom file list created by the admin and invoked within the Netskope CTE plugin configured to work the the customer tenant and that file. This information about files that are both *safe* and *proprietary* can then be used by the Netskope tenant and its exact data match (EDM) DLP function to prevent the uncontrolled sharing of these files in real-time.

The same plug-in can be repurposed to look at code repos with Gitlab or Atlasssian's Bitbucket code management products, as well as other cloud services scans where EDM makes sense. This converts the data found at rest into policy enforcement for data in motion.


So is Cloud Threat Exchange the best name for the module? Let us know. Maybe its time for a Cloud DL Exchange

0 replies

Be the first to reply!