Hello Folks, 

Below you can find a recap of the topics discussed during the September Advanced Analytics office hours and those sent in that we were not able to cover in the session. Feel free to comment and continue the discussion, as well as attend our future sessions that can be found from the Community Events Calendar!

Q: We recently onboarded Netskope in our organization and need to understand the recommended best practice on analytics, especially how to improve our security posture using Advanced Analytics.

A: There are 3 different “health check” dashboards in our community. All of them are great starting points for you to explore your environment, identify security gaps, and enhance your security posture.

CASB Health Check Dashboard

The purpose of this dashboard is to help you maximize the ROI of your Netskope investment and to ensure you are using Netskope products to their full potential. With a focus on CASB, the dashboard covers multiple topics such as NewEdge Network, Traffic Steering, SSL Inspection, Application Risk Management, Malware Protection, and DLP, which answers the question “how Netskope is protecting your environment.” Recommendations / call to actions / best practices are provided in each section, which helps you better understand how to mitigate the security concerns identified & enhance your security posture correspondingly. 

A typical use case with this dashboard is “to highlight change and demonstrate value.” For example, if you enhanced your threat protection by tuning your malware block policies and now want to see if the policies were working effectively in the past few months, the Inline Malware Blocks section of this dashboard will be a great option. It shows how the “blocked malware count” was changing over time, which highlights the value of the enhancement you have made to threat protection. 

NG-SWG Health Check Dashboard

This dashboard shares the same purpose and use cases with the CASB Health Check Dashboard above, but focuses on NG-SWG. 

Security Health Check (Self-Service) Dashboard

This is an all-in-one dashboard which allows you to perform self-service health checks and to identify security concerns / issues in your environment. The dashboard answers 2 questions: 1) How Netskope is protecting your environment; 2) What Netskope is protecting your environment from. 

Compared to the previous CASB and NG-SWG Health Check Dashboards that focus on showcasing business values, this dashboard focuses on quickly locating security concerns / issues in your environment. 

More topics such as Device & Client Management, Alerts, and Policies are covered in this dashboard, which provides a high-level overview of your entire environment. 

“User investigation” tables are also included, which helps you source all the risky traffic in your environment. 

A typical use case with this dashboard is “threat hunting / troubleshooting.” If you observe some unexpected / anomalous data (e.g. an extremely high number of DLP alerts triggered in the past 7 days) and want to understand why this is happening, this dashboard is a great option. You can also leverage this dashboard to perform regular health checks to your environment.

Q: Can Advanced Analytics help us monitor bandwidth usage in our environment?

A: Yes. The Transaction Events data collection can help. Our latest Bandwidth Consumption Dashboard shows you how to monitor bandwidth usage in your environment using the Transaction Events data collection based on 3 trend use cases:

• Uncover malicious/suspicious sites with high bandwidth usage
• Monitor bandwidth usage by geolocation; avoid overusing your license in particular regions
• Monitor bandwidth usage by office locations; consider upgrading/adding internet circuits

Looking to better investigate bandwidth issues? Digital Experience Management (DEM) can help. Learn more about Netskope One DEM.

Q: How to utilize data for monthly metrics and reporting?

A: To view metrics on a monthly basis, we recommend setting the time filter of your dashboard to “is in the last 1 complete month,” which is aligned with your reporting cadence.

The “Schedule delivery” allows you to deliver a copy of the dashboard to your recipient on a daily/weekly/monthly basis. More details can be found here.

If the recipient does not have access to Advanced Analytics, the “Share with Executives” feature can grant them temporary access to the dashboard. More details can be found here.

Q: We are deploying Netskope Enterprise Browser. Can Advanced Analytics help us monitor EB usage? 

A: Absolutely. Our latest Enterprise Browser Usage Monitoring Dashboard is here to help. The dashboard allows you to drill into Enterprise Browser usage from two aspects: operations and security. Use this dashboard to understand:

• How your users are being onboarded to Enterprise Browser
• How heavily your users are using Enterprise Browser
• If there is any risky app usage and data movement with Enterprise Browser

Need help with Enterprise Browser deployment? Check our deployment guides here:

• Windows
• Mac

Q: How can I combine multiple source IP’s and make them an IP subnet?

A: You can use custom dimensions to manually group multiple source IP’s to a single IP subnet. Details instructions can be found here.

Q: Threat Hunting with Advanced Analytics.

A: If you are looking to uncover cloud threats such as malware & malicious sites detected in your environment, the Threat Protection Dashboard is a great starting point. If you are interested in insider threats such as risky user behaviors & sensitive data movement, the Insider Threat Dashboard is a great option. Both dashboards can be found in Netskope Library.

Q: Can we export the data in a CSV format?

A: Yes. The “Download data” feature allows you to export the data in multiple formats such as CSV, TXT, & PNG.

By expanding the “Advanced data options” list in the download menu, you can choose to download current results, all results, or custom results.

Q: What is the best way to monitor user access to particular sites and how long they stayed there?

A: The Time Spent on YouTube Dashboard is a great starting point. The dashboard leverages Page Events to calculate the “total connection duration,” which reflects “how much time” has been spent on YouTube. The dashboard also comes with a “User” filter that allows you to drill into YouTube usage by particular users.

To view time spent on other applications/sites, you can update the “Application” filter in the widgets.

Resources shared in the session

Netskope Community - Advanced Analytics: https://community.netskope.com/p/advanced-analytics 

Training Resources Post: https://community.netskope.com/dashboard-gallery-38/advanced-analytics-training-resources-5713?tid=5713&fid=38 

CASB Health Check Dashboard V2.7:

https://community.netskope.com/dashboard-gallery-38/casb-health-check-dashboard-6075 

NG-SWG Health Check Dashboard V2.8:

https://community.netskope.com/dashboard-gallery-38/ng-swg-health-check-dashboard-6104

Security Health Check (Self-Service) Dashboard V2:

https://community.netskope.com/dashboard-gallery-38/security-health-check-self-service-dashboard-6360

Bandwidth Consumption Dashboard:

https://community.netskope.com/dashboard-gallery-38/monitor-bandwidth-consumption-with-advanced-analytics-7643 

Enterprise Browser Usage Monitoring Dashboard:

https://community.netskope.com/dashboard-gallery-38/enterprise-browser-usage-monitoring-dashboard-7529 

Group User IPs into Subnets:

https://community.netskope.com/discussions-37/group-user-ips-into-subnets-with-naa-custom-dimension-5689?tid=5689&fid=37