Hello Folks,
Below you can find a recap of the topics discussed during the September Advanced Analytics office hours and those sent in that we were not able to cover in the session. Feel free to comment and continue the discussion, as well as attend our future sessions that can be found from the Community Events Calendar!
Q: How to know more about the security posture of our organization using Advanced Analytics?
A: There are 3 different “health check” dashboards in our community. All of them are great starting points for you to explore your environment and enhance your security posture.
The purpose of this dashboard is to help you maximize the ROI of your Netskope investment and to ensure you are using Netskope products to their full potential. With a focus on CASB, the dashboard covers multiple topics such as NewEdge Network, Traffic Steering, SSL Inspection, Application Risk Management, Malware Protection, and DLP, which answers the question “how Netskope is protecting your environment.” Recommendations / call to actions / best practices are provided in each section, which helps you better understand how to mitigate the security concerns & issues identified in the dashboard.
A typical use case with this dashboard is “to highlight change and demonstrate value.” For example, if you enhanced your threat protection by tuning your malware block policies and now want to see if the policies were working effectively in the past few months, the Inline Malware Blocks section of this dashboard will be a great option. It shows how the “blocked malware count” was changing over time, which highlights the value of the enhancement you have made to threat protection.
This dashboard shares the same purpose and use cases with the CASB Health Check Dashboard above, but focuses on NG-SWG.
Security Health Check (Self-Service) Dashboard
This is an all-in-one dashboard which allows you to perform self-service health checks and to identify security concerns / issues in your environment. The dashboard answers 2 questions: 1) How Netskope is protecting your environment; 2) What Netskope is protecting your environment from.
Compared to the previous CASB and NG-SWG Health Check Dashboards that focus on showcasing business values, this dashboard focuses on quickly locating security concerns / issues in your environment.
More topics such as Device & Client Management, Alerts, and Policies are covered in this dashboard, which provides a high-level overview of your entire environment.
“User investigation” tables are also included, which helps you source all the risky traffic in your environment.
A typical use case with this dashboard is “threat hunting / troubleshooting.” If you observe some unexpected / anomalous data (e.g. an extremely high number of DLP alerts triggered in the past 7 days) and want to understand why this is happening, this dashboard is a great option. You can also leverage this dashboard to perform regular health checks to your environment.
Q: How to create a high-level report that shows things like people uploading data to AI platforms?
A: The AI Usage Dashboard in Netskope Library is a great starting point. It helps you monitor and gauge AI usage in your organization by answering questions such as:
- How many users are using AI in the organization?
- What are the top AI apps/sites in use?
- What activities are being detected in AI apps?
- How is AI use being controlled?
The Activity in AI Apps widget provides detailed visibility into user activities with AI apps, which highlights sensitive activities such as “post” and “upload.”
A detailed walk-through of the dashboard can be found here.
Q: Looking for tips and tricks on how to generally report on application usage and find patterns of particular users.
A: The Application Category Dashboard is a good starting point. This dashboard provides detailed visibility into application usage by different categories in your environment, including:
- Top used applications in each category, both managed and unmanaged
- Risky application usage and data movement
- Application instance awareness
- Policies and alerts triggered by applications in each category.
By adding the User filter, this dashboard will help you identify application usage “patterns” of particular users.
Q: What are the best practices for investigating DLP & UEBA related incidents with Advanced Analytics?
A: To investigate DLP incidents, the latest DLP Incidents Status Monitoring Dashboard is a great starting point. The dashboard provides granular visibility into the DLP incidents in your environment, including incident status, incident resolution time, and policy details. Use this dashboard to investigate DLP incidents and monitor the incident response progress in your organization.
Currently, we don’t have a pre-defined dashboard specifically for UEBA incidents, but the User Behavior Analytics (UBA) Dashboard in Netskope Library and the Advanced UEBA Dashboard are two great alternative solutions which can help you investigate UEBA alerts.
If you focus on Standard UEBA only, the User Behavior Analytics (UBA) Dashboard is a good starting point. The dashboard helps you monitor anomalous user behaviors in your environment by providing high-level overviews of the UBA alerts triggered and detailed visibility into each type of UBA alerts.
If you focus more on Advanced UEBA, the Advanced UEBA Dashboard is a great option. This dashboard provides detailed visibility into the alerts generated by Advanced UEBA (machine learning based) policies, which helps you perform user investigation & alert validation on this topic. With the dashboard, you can better understand why these alerts are triggered and if your policies are working effectively.
Q: What can be done when a report is loading for a long time?
A: If data loading takes too long, consider reducing the data volume, narrowing down the results with dashboard-level filters (such as time range, user group, or category), reducing the row limit, or limiting the number of widgets (recommendation is fewer than 15). If you experience issues or errors with loading particular widgets ("trouble loading data"), please reach out to your Netskope account representative for assistance.
For more details about improving dashboard performance, please view this article.
Links shared in the session:
Netskope Community - Advanced Analytics: https://community.netskope.com/p/advanced-analytics
Training Resources Post: https://community.netskope.com/dashboard-gallery-38/advanced-analytics-training-resources-5713?tid=5713&fid=38
CASB Health Check Dashboard:
NG-SWG Health Check Dashboard:
https://community.netskope.com/dashboard-gallery-38/updated-ng-swg-health-check-dashboard-6104
Security Health Check (Self-Service) Dashboard:
AI Usage Dashboard Demo:
Application Category Dashboard:
https://community.netskope.com/dashboard-gallery-38/updated-application-category-dashboard-6082
Application Risk Management Dashboard:
https://community.netskope.com/dashboard-gallery-38/application-risk-management-6132
Updated DLP Incident Monitoring Dashboard:
https://community.netskope.com/dashboard-gallery-38/dlp-incidents-monitoring-5737
Advanced UEBA Dashboard:
https://community.netskope.com/dashboard-gallery-38/advanced-ueba-dashboard-6944