Users located in Risky Countries

Users located in Risky Countries
Userlevel 3
Badge +13

Despite the chagrin of employees, Return to office (RTO) is the rage these days. Employees are expected to work from their designated locations, and not expected to work from a beach in the Bahamas (say), when they had promised the employer that they would be working from the corporate office located in Miami. 


Why is this important? - Potential violation of contractual agreements, tax purposes, and of course - security and handling of sensitive information.


Now how do you determine if a user is not flouting company rules and working from unapproved locations ? Netskope can help you here, by alerting you on the source location of end-users via UEBA policies and visualizing them using an Advanced Analytics Dashboard(NAA). 



We have pre-populated standard UEBA policies that can generate alerts when users work from ‘risky countries’ - (you can append the default list in the policy and add to it countries you do not want people to work from)

Visualizing the alerts generated is simple using NAA - select the time period you want to lookup data for, and lo and behold, you get a map showcasing locations followed by details on the violating user.



Make use of IP address information (GeoIP db lookup) to cross-verify Netskope data

If a user is located in a country where they shouldn’t be present, what does the ‘device classification’ look like - Is the device considered high/medium/low risk?

What Next?

Restrict access to corporate resources using Netskope SWG.

A policy like this can be used to restrict access to an app or instance when users are located in specific source countries, while allowing others to freely access Sharepoint (say, as shown in the example below)


Attached is the dashboard xml for your usage, Feedback in the comments section, please :) 


Ajay Ramachandran

Netskope Customer Success

0 replies

Be the first to reply!