Skip to main content

Our latest blog post shares stats that show the amount of malware delivered via cloud apps continues to increase. Cybercriminals are deliberately abusing popular cloud apps for malware delivery to exploit trust and blend in.


https://www.netskope.com/blog/cloud-and-threat-report-cloudy-with-a-chance-of-malware


 


Netskope can scan downloads for malicious content whether they originate from a cloud app or traditional web infrastructure. To ensure that your users are protected, create a "Threat Protection Profile" policy that scans all categories and all activities and blocks malicious content.  This policy covers all cloud and web activities to ensure complete protection, no matter which delivery method an attacker targeting your users chooses.   


 



Every malware alert will contain the field "traffic_type" which indicates whether the alert is from a "CloudApp" or the "Web".  You can search SkopeIT for all cloud malware alerts:


traffic_type = 'CloudApp' and (alert_type eq 'Malware')

Through Advanced Analytics you can generate reports to show the breakdown of "CloudApp" vs. "Web" malware in your environment.  95% of the malware detected in this environment has been downloaded from a Cloud App:



 


 

Just as a followup if you want to create this in "Reports" just add the query


traffic_type = 'CloudApp' and (alert_type eq 'Malware')

to an Alert widget


 


In Advanced Analytics  you can use this


 



Reply