In case you missed the latest webinar in our Inside Netskope series—where Netskope experts show you how we protect our users, applications, and data using our own cloud-based architecture—a recording and recap of our recent session on “Tracking Client Bypasses with Netskope Endpoint SD-WAN” can be found below. Feel free to comment and continue the discussion!
Watch on-demand 
Q: We are in the process of implementing BWAN functionality in OCC. I would love to understand how we can get rid of bypasses, specifically for cert pinned apps such as Zoom
A: Well, there's a couple different things. One, in order to see those bypasses we would have to steer it one way, shape, form, or another. So you're either steering it with the NG SWG traditional Client, steering it with the BWAN client, or you're not steering it at all. If you don't steer it at all, you don't get that visibility or that functionality. So it's really who, what, when, where, and how on being able to monitor as well as use that traffic.
Q: What are the cybersecurity capabilities of this product? How do they complement the SWG/CASB/Endpoint DLP capabilities?
A: One of the nice things about this solution is that as we become Netskope one—our latest endeavor on a one solution, one platform—is that we are integrating everything. So within that demo, I actually had a separate tenant, if you will. So, you log in to the Netskope tenant > click on a URL or click on a tile and icon > and then it throws up another screen or another browser tab to log in to your BWAN tenant. Part of the Netskope one tenant is now we are taking that into one UI, so that we have a single pane of glass to be able to monitor all of the above.
We also have additional security features, firewall features, and IPS features within there. We're slowly but surely integrating all of the above so that it's no longer "how does it complement", but where do I go in the single pane of glass for answers.
Q: How to bypass Android and IOS simulators and observe the traffic flow?
A: One of the things that you can do with Android and iOS simulators when they're installed in a local OS is make sure you bypass those processes or executables on the actual endpoint itself. When you're setting up your BWAN tenant, you'll have the different AppX rules, and you'll notice that I had two in the demo—one was for Zoom and the other one was for the Internet. So any specific application that you wanna go in and prioritize and set transactional flows on would be one. Then, the next one would be your generic bucket for Internet traffic, and that's how you would observe those traffic flows for Android and iOS simulators. Remember, bypass at the Client and steer with BWAN.
Q: How would I inspect traffic in the BWAN portal on a particular interface (ex. ge4)?
A: I think what you're asking is digging into the specific statistics for an actual hub gateway. I believe you can do that directly inside the monitoring gateway section by clicking on that specific ge4 interface.
Q: For those of us who don't care to go packet-deep like this, could Netskope use this functionality to make our smaller business admin lives easier?
A: There's definitely potential there! We like to get into the weeds of things but if you don't need to go that deep, being able to find those applications and steer that traffic to make things easier for the user experience—connecting up to applications that they don't have to think about—the Client just comes on and they have access which makes the admin's lives easier too.
View past events in this series!
Some responses above contain roadmap items. These are intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Netskope’s products remains at the sole discretion of Netskope.