November 2024 Office Hours Recap

Hello Folks,

Below you can find a recap of the topics discussed during the September Advanced Analytics office hours and those sent in that we were not able to cover in the session. Feel free to comment and continue the discussion, as well as attend our future sessions that can be found from the Community Events Calendar!

“Getting started” questions

How to best use Advanced Analytics?
How to draw actionable insights from Advanced Analytics?
How can we leverage Advanced Analytics to drive valuable, data-driven decisions?
How to use Advanced Analytics to monitor and enhance our security posture?

A: There are 3 different “health check” dashboards in our community. All of them are great starting points for you to explore Advanced Analytics, draw actionable insights, and enhance your security posture.

CASB Health Check Dashboard

The purpose of this dashboard is to help you maximize the ROI of your Netskope investment and to ensure you are using Netskope products to their full potential. With a focus on CASB, the dashboard covers multiple topics such as NewEdge Network, Traffic Steering, SSL Inspection, Application Risk Management, Malware Protection, and DLP, which answers the question “how Netskope is protecting your environment.” Recommendations / call to actions / best practices are provided in each section, which helps you better understand how to mitigate the security concerns & issues identified in the dashboard.

AD_4nXe5r5qDep3f9Zo_G5dhL94MbbCNXw0upsRdvl9rGea9UxjUogKplusLbR_7v-aZEgTUK5zsMd9GzgXmr6iy8jhKHF-IOGTNCLkm199t0rou-1On6DE9ZP7DyLTn-99jiSDSAk6z44UdY1F74Wad165Gswc?key=NJAoyVjdbgiAYFc2ujtw0g

A typical use case with this dashboard is “executive / leadership reporting.” If you need a dashboard to justify the ROI of your Netskope investment or to highlight the value of your team’s achievements to your leadership, this is a great option. The dashboard is also a good starting point if you are new to Advanced Analytics.

NG-SWG Health Check Dashboard

This dashboard shares the same purpose and use cases with the CASB Health Check Dashboard above, but focuses on NG-SWG.

Security Health Check (Self-Service) Dashboard

This is an all-in-one dashboard which allows you to perform self-service health checks and to identify security concerns / issues in your environment. The dashboard answers 2 questions: 1) How Netskope is protecting your environment; 2) What Netskope is protecting your environment from.

Compared to the previous CASB and NG-SWG Health Check Dashboards that focus on showcasing business values, this dashboard focuses on quickly locating security concerns / issues in your environment.

More topics such as Device & Client Management, Alerts, and Policies are covered in this dashboard, which provides a high-level overview of your entire environment.

AD_4nXeZh6gv1Ir4loFaytZFeu1FR3BiXcsmv7YKUiSyMMfBNw0vj07EaDO5phk2kDtEBxrvFbCHqPe2mI89czTRmZe8kqF2kgcf-iQNX0Rrj7Wqn-y3I-oCErF_UuPCHoj7OhCN2QTalPewWGf0euS-ebQOIEM?key=NJAoyVjdbgiAYFc2ujtw0g

“User investigation” tables are also included, which helps you source all the risky traffic in your environment.

AD_4nXfD_6DrLrGwrdWVm35ekITEZqDK4WO7UPG9CZ8UY0fxi3wNQVOpSDmEzEw16N8qRXqQrHlhpa0JA1WdE1mFsRRL7NMsWa42bM2skldc6t76nki55suEYoBI9Hfl1Ly7E-lWimdFETA-MArllxVipjCzjoK8?key=NJAoyVjdbgiAYFc2ujtw0g

A typical use case with this dashboard is “threat hunting / troubleshooting.” If you observe some unexpected / anomalous data (e.g. an extremely high number of DLP alerts triggered in the past 7 days) and want to understand why this is happening, this dashboard is a great option. You can also leverage this dashboard to perform regular health checks to your environment.

Q: How to use Advanced Analytics to address DLP use cases?

A: There are 2 dashboards that can be used to address DLP use cases. To measure your policy effectiveness, we recommend starting with the DLP Policies Dashboard in Netskope Library. The dashboard provides visibility into DLP policies triggered, alerts generated, users triggering these alerts, and actions taken by the policies. If you are looking to monitor and assess your incident response program, the DLP Incidents Monitoring Dashboard from the library can help.

Q: How to leverage Advanced Analytics to gauge AI usage related to document uploads and sensitive data?

A: The AI Usage Dashboard in Netskope Library is a great starting point. It helps you better view and gauge AI Usage in your organization by answering questions such as:

How many users are using AI in the organization?
What are the top AI apps/sites in use?
What activities are being detected in AI apps?
How is AI use being controlled?

A detailed walk-through of the dashboard can be found here.

Q: Can Advanced Analytics provide behavior insights and help with user group analytics?

A: Yes. There are 2 great dashboards for behavior analytics. If you focus on Standard UEBA only, the User Behavior Analytics (UBA) Dashboard in Netskope Library is a good starting point. The dashboard helps you monitor anomalous user behaviors in your environment by providing high-level overviews of the UBA alerts triggered and detailed visibility into each type of UBA alerts.

AD_4nXcHSW_3YtooTg4FtLaN4Iz8bnsAvhzZCBNJ1wWXDfEsSgDVethj10hyDRxCGYuQIofKMJcwM1TlV5UK4cUvo8BEbNVMFWqveUgoJOeWvMovfX0Z8-KtLm6zXzEwtjYGJz3_SxGsfrfZ3Kx9sYcGoCmi_1EB?key=NJAoyVjdbgiAYFc2ujtw0g

If you focus more on Advanced UEBA, the Advanced UEBA Dashboard in Netskope Community is a great option. This dashboard provides detailed visibility into the alerts generated by Advanced UEBA (machine learning based) policies, which helps you perform user investigation & alert validation on this topic. With the dashboard, you can better understand why these alerts are triggered and if your policies are working effectively.

AD_4nXeL5Ju6roQygJNvV2eOuTWHABHcWNTgMuSu3G6FnL8mvJQHMpRSmoZDtUSGiThRo6U13jKMa8gbL68WdoA4iW_ztJA8myLtuY1Uhg761h3nk0TrjNqjjKiP6_IxlWigs2qmyGkf43TarSLAxAJ8zdtei0SS?key=NJAoyVjdbgiAYFc2ujtw0g

Both dashboards can be customized with the “User Group” filter, which helps you perform investigations based on particular user groups.

AD_4nXcxw4Xj0nsYKbS0XKVpBAtkQk2_9s7C1cirfg8avqMRobFeJ9NVjpNe_IN9_VhobSUfUh_TSpw1tILQaZ9IEP_xJ1NM-J7HVZJ3GkaHsXOOAHKT0Z_ySH_xcq1-EYsOhxBiPH65pA?key=NJAoyVjdbgiAYFc2ujtw0g

Q: How to utilize Advanced Analytics to create and schedule weekly/monthly automatic reports?

A: The “Schedule delivery” feature allows you to schedule a report to be delivered with different recurrences.

AD_4nXfCglqwKL5obWX95ne3OzVhgZGv8_zt5FqfXyZbL9UgNYKRSf0GMhjLw6nL0Ag0J0HFwprpI37CsT0w8j_0PMgqwvby2_Telh52EkswKLD-AwKtX85aVYWf7gdf4gjlLffPiryP?key=NJAoyVjdbgiAYFc2ujtw0g

AD_4nXfoZxxO_7xCtQVcZWd5ZphOZraDfCneZ-zpF96tETYLat1sGtuBv_A4RzC2j7oUuhj2iVtHMGQWRCRAyII_KDx44QUe2vFAd7KnqyQPLQIMAlTDZxzPTXzthTKz_WkjwHGVEeCKVA?key=NJAoyVjdbgiAYFc2ujtw0g

Q: How can I create a single report based on different data collections for a specific user?

A: Absolutely! When adding a new widget to a dashboard, you will be prompted to select a data collection. Depending on your use cases, you can add multiple widgets based on different data collections in a single dashboard.

AD_4nXfo548xEMfJbZI1XFVGSDfEIS8LzPCrSyxNiAingQDmLSEsIUhx4fc6gLwT0nUNVSNK-hL3hpUbQMrkSe3L3IdPSdgU-lx9VtFIF-skCkOhhyGNd_68FHvjgd6NljnzrPnMzUBxcQ?key=NJAoyVjdbgiAYFc2ujtw0g

Different data collections tell different stories. If you are interested in app usage in my organization, you can start with “Application Events.” If you are interested in DLP alerts, you can choose “Alerts.” If you are looking for insights into devices & Netskope Client, “Devices” will be the best option.

AD_4nXcb0Q3upc7P-Rqz-Xl_hqBufA_m6Ara1lFOA7ZPgOBn99E1l-HDmz-M4ZCyihlB8wjEzpSQ6rHdldP6-BdKC_43Ge50eeoYC71DzDRXR_dXKlMz5cuVIOweRbCE7dJI-Z9dFUTnTA?key=NJAoyVjdbgiAYFc2ujtw0g