Customer Success Webinar: Securing AI Environments with Netskope One AI Guardrails
Education, Training, Certification, and Thought Leadership
Recently active
Author: Stevan Pierce & Madhura SridharDate: March 16, 2026Modern security teams are drowning in “partial truths.”Your email gateway flags suspicious links. Your EDR finds a questionable process. Your SASE platform sees risky SaaS behavior. Your IAM solution logs a strange login pattern. Each tool is doing its job yet each is also speaking its own language, in its own console, with its own definition of “risk.”The result is a familiar and frustrating reality:Analysts jump between dashboards Teams argue over whose alert is “right” Critical context is trapped in silos And incident response lags behind the adversaryAt Netskope, we faced this exact problem in our own environment. As “Customer Zero,” our security team not only secures Netskope but also pushes our own platform to its limits, trying to solve the same challenges our customers wrestle with every day. This is where Netskope Cloud Exchange (CE) comes in.Cloud Exchange is how we connect the Netskope One platform with the tool
Proactively identify and address vulnerabilities in private AI deployments. Automate adversarial simulations to find and fix vulnerabilities, to ensure your AI is resilient and production-ready before it reaches your users. Learn more about Netskope One AI Red Teaming.
The "Missing Chapter" Problem in Product RequirementsEvery new product feature begins with a Product Requirement Document (PRD)—the blueprint of what is to be built. But for security architects, reviewing these documents often feels like looking for a needle in a haystack, or worse, looking for a needle that isn't even there yet.The challenge isn't just finding security flaws; it's identifying architectural omissions before a single line of code is written. Engineers focus on functionality, often leaving security as an "implementation detail" rather than a design constraint. This leads to the "Missing Chapter" problem: PRDs that describe what works, but not how it remains secure. Reviewing these manually is mentally taxing. It requires a Principal-level mindset to look at a high-level plan and immediately spot that the lack of defined tenancy boundaries will likely lead to data leakage.I realized we didn't just need a vulnerability scanner; we needed a design partner. We needed a virtu
Hear from our internal IT and security team as we share how we deployed Netskope Enterprise Browser within our managed endpoints here at Netskope. We will cover: Overview of high impact use cases Deployment to Windows Endpoints: Leveraging Intune with the focus on Auto Enrollment deployment internally Deployment to MacOS Endpoints: Leveraging Kandji with the focus on Auto Enrollment deployment internally Troubleshooting deployment issues and remediation examples Alternative Deployment Method: Manual user invite—Non managed device user install and enrollment For more information, check out our resources below: Deploying to Mac Fleet | Deploying to Windows Fleet | Enterprise Browser Usage Dashboard | Enterprise Browser Risk Dashboard | How to Import a Dashboard into Advanced Analytics View past events in this series! Check out some customer questions below, or feel free to comment and continue the discussion! Q: Do users need admin permission to install?A: Users do not need l
Looking for nice well presentation for netskope with video shots
Hear from our Product Management and Product Adoption leads as they cover the latest platform updates from Release 130, 131, and 132. Key product updates: DNS as a Service (DNSaaS) provides a high-performance cloud-hosted recursive DNS resolver, DNS security, and DNS content filtering for business and security risk categories DLP for FTP prevents data exfiltration over non-web FTP file transfers DLP on Demand enables new data protection integrations for Netskope technology alliance partners and on-premises support for customers NextGen Data Protection for Microsoft Co-pilot can now support policy creation, DLP, threat protection using ongoing scan, alerts, and more NG SWG allows seven new granular subcategories for Generative AI, available within URL categorization, enabling their use in Real-Time Policies Explore past webinars in this series!
Goal: Create a guide on how to pass Tenant Admin role from Okta to Netskope.Example: When logging in to Netskope Admin Console through Okta, different roles should be passed as per the requirement of the flow.Information coming from Partner: Administrator should be able to configure different roles for different members as per the requirement definition.Limitations: For a single Okta application, only 1 SSO can be configured in Netskope. To achieve this either we need to have multiple groups or single application with defined role.Key Concepts:Netskope Tenant - Admin should have local tenant admin account access to the Netskope tenant so that he can create custom roles / see the predefined roles during first time configuration. Workflow:This can be solved using 2 methods. Method 1 - Using Group AttributesIn this method you can create multiple groups. Just remember that the group name should be the same as the Predefined role / Custom role configured in the Netskope Tenant. Steps:1 - S
The Netskope Model Context Protocol (MCP) server was initially introduced as a self-hosted prototype, marking a significant first step in integrating Netskope’s rich security context directly into Large Language Model (LLM) workflows. This initial version demonstrated the power of the concept, enabling pioneering users to run a Docker image and establish a vital link between their LLM agents and the Netskope platform.Today, we are announcing the Netskope MCP Server Hosted Version in Technology Preview, building upon the capabilities of the initial prototype while dramatically simplifying deployment and adoption.📈 Enhanced Accessibility: Zero Infrastructure, Immediate ValueWe have moved from a "bring your own infrastructure" model to a fully managed service, eliminating the overhead of self-management. The benefits are clear:No Containers Required: We have eliminated the need for local Docker execution or complex infrastructure setup. Instant Connection: Access is provided via a direct
Hear from our internal security team as they share how we use Enterprise Browser to provide the granular visibility and control needed to secure all web activity at Netskope. We will cover: Preventing Data Loss (DLP): How to enforce real-time policies to stop data exfiltration by controlling copy/paste, screen captures, file downloads, and printing, all within the Enterprise Browser. Securing Unmanaged Devices: Strategies for safely enabling BYOD and third-party contractor access to corporate apps without requiring an installed agent or VDI. Advanced Threat Protection: Blocking phishing, malware, and malicious websites at the browser level before they can impact the endpoint or network as well as control 3rd party browser extensions. Enforcing Zero Trust Access: Integrating with your identity provider to apply adaptive access controls and ensure only authorized users access specific applications. For more information, check out our blog post. View past events in this series!
The Blank Page Problem in Security TestingEvery security assessment begins with a mountain of documentation and a crucial question: "Where would an attacker start?" For testers, translating functional specs, architectural diagrams, and API details into a concrete set of high-impact security tests is one of the most challenging and time-consuming parts of the job. It's a process that relies heavily on experience, intuition, and a meticulous, almost paranoid, mindset.The "blank page" problem is real. You can spend hours sifting through documents, trying to connect the dots between a new feature and a potential vulnerability. It’s easy to get lost in the details, miss a subtle logic flaw, or simply run out of time and fall back on a generic checklist. I realized that what we needed wasn't just another tool, but a partner—a virtual expert that could do the heavy lifting of analysis and brainstorming, allowing testers to focus on verification and exploitation. This led me to create the Abus
How to Finally Solve the BYOD, Contractor, and M&A Access DilemmaAuthor: Stevan PierceDate: November 9, 2025 The perimeter is long gone, and the "unmanaged device" is the new CISO headache. How do you grant access to contractors, BYOD users, and new M&A employees without opening a Pandora's Box of data-leakage risk?The Netskope One Enterprise Browser is an approach that isolates the application, not the device. It’s a hardened, corporate-managed browser that integrates directly into the Netskope One platform, acting as a new enforcement point for your Security Service Edge (SSE).It is a self-contained corporate workspace that:Separates Work & Personal: Creates a distinct corporate profile on any device, managed or unmanaged, separating all corporate browsing activity and data. Provides Granular DLP: Enforces in-browser controls like copy, paste, print, and screenshots—stopping data leaks at the source. Delivers Agentless ZTNA: Bakes Netskope Private Access (NPA) capabilitie
why does netskope selects the pop's in another country when GSLB is enabled
Hear from our internal security team as they demonstrate how we use the Netskope One platform to gain visibility into AI usage and enforce data protection policies that prevent risky behavior.Learn how you can:Discover which Generative AI applications are being used across your enterprise Protect sensitive data from being uploaded to both sanctioned and unsanctioned AI tools Coach employees on safe AI usage with real-time, targeted user notificationsFor more information, check out our blog post. View past events in this series! Check out some customer questions below, or feel free to comment and continue the discussion! Q: Is it possible to allow read access to Gen AI sites, but block write actions, like put and post?A: It is possible to allow for read-only access to applications/sites that are in the Gen AI category, provided we are able to see the activity using a connector or activities of browse are seen. Q: Can Netskope come up with public email domain (Gmail, Yahoo, etc.) inst
Generative AI is rapidly reshaping how we work. However, unsanctioned AI tools can create significant blind spots, leading to the potential loss of sensitive data. Security leaders are left with the critical challenge of discovering how to embrace the benefits of AI, without exposing the organization to risk.We are going to cover the who, what, when, where, and how when it comes to discovering the use of generative AI in your organization and how to ensure its safe use with the enterprise. Rapidly Reshaping WorkThe rapid integration of Generative AI into our daily workflows marks a pivotal moment in enterprise technology. These powerful tools are no longer niche innovations but have become standard, expected features within the products and services we rely on, promising unprecedented gains in productivity and creativity. As we embrace this transformative wave, however, we must also recognize that this new frontier comes with inherent challenges. The very nature of AI tools, with their
“Another Security Assessment report to review? I’ll need coffee… and maybe another pair of eyes.” If you’ve ever found yourself buried in long, detailed Security Assessment reports, you know the pain.Pages of findings to go through. CVSS scores that may (or may not) be consistent. Missing screenshots or vague remediation steps. And the endless back-and-forth just to make the report business-ready.Sound familiar? You’re not alone. Manual report reviews are slow, error-prone, and rely heavily on the reviewer’s bandwidth and expertise. But what if we had a smart first-pass reviewer that flagged gaps, standardized structure, consistency in findings & recommendations and freed us to focus on the real contextual risk analysis?That’s exactly what we set out to build — an LLM-powered Report Reviewer. Why Report Reviews Matter More Than EverSecurity assessments don’t end when testing is complete. The report is what travels to:Engineering teams → to guide fixes. Executives and stakeholders →
We know that managing legacy systems like MPLS and outdated VPNs can be a challenge.As we continue to build the future of SASE, we're dedicated to delivering a truly unified, single-vendor platform that makes your network more secure and agile. That's why we acquired our own SD-WAN solution in 2022, to simplify the journey for customers like you.Join Netskope CEO Sanjay Beri and CPO Parag Thakore and discover a practical way to evolve your network with SASE. You’ll learn how to simplify that process, reduce costs, and still deliver a high-performance, secure experience for your users.We'll dive into the practical steps of your SASE journey, including:Migrating from legacy networks to a unified SASE platform Simplifying branch infrastructure and securing IoT devices Delivering consistent zero-trust access everywhere
Hear from our internal security team as they discuss how to leverage User and Entity Behavior Analytics (UEBA) to gain full visibility of the risks that end-users face or perform and ways to take action based on User Confidence Index (UCI) scores. Key Topics:What is User and Entity Behavior Analytics (UEBA) How does Netskope use and implement this within our SOC (Security Operation Center) Detection/Ticket Creation from UCI (User Confidence Index) Enabling user risk scores from our other applications feeding into a user's UCI Policies within Netskope to coach users, or taking action for specific users’ depending on their UCI View past events in this series!
How the Salesloft Drift breach highlights the urgent need for visibility into SaaS-to-SaaS connections.The recent Salesloft Drift security incident has impacted hundreds of organizations and serves as a powerful reminder of a growing threat: risk from third-party SaaS-to-SaaS integrations. This attack exploited trusted connections between applications to access sensitive data, bypassing traditional security controls. The attack chain: How stolen tokens led to data exfiltrationThe incident began when a threat actor acquired OAuth and/or refresh tokens connected to Salesloft's Drift application. Drift, an AI chatbot, integrates deeply with platforms like Salesforce to log user interactions, leads, and meeting data. By using these stolen tokens, the attacker could effectively impersonate the legitimate Drift application. This allowed them to make authorized API calls to their victims' Salesforce instances, exfiltrating sensitive customer accounts and meeting information. The full extent
In case you missed the latest webinar in our Inside Netskope series—where Netskope experts show you how we protect our users, applications, and data using our own cloud-based architecture—a recording and recap of our recent session on “Managing Certificate Errors with Netskope Client” can be found below. Feel free to comment and continue the discussion! 📽 Watch on-demand 🍿 Q: Our recommendation from a Netskope implementation engineer was to keep developers in a steering configuration group that was only cloud apps, not all traffic. This doesn't seem like a feasible nor secure option. Is this recommended to most all customers?A: This is the initial approach to temporarily resolve the issue and keep things running. But as mentioned in the webinar, you will have to work with the developers and understand their traffic patterns to add the Netskope CA to tools to securely enable developers. Q: There is a script that is available on your Support site but it doesn't appear to be updated oft
In today's dynamic digital landscape, organizations are increasingly leveraging a diverse array of Software-as-a-Service (SaaS) applications. While publicly available SaaS apps offer immense benefits, many organizations also rely on custom-built or specialized in-house applications. This presents a unique challenge: how to effectively monitor the security posture of these custom SaaS apps alongside your standard, out-of-the-box solutions? Netskope Security Posture Management (SSPM) has the answer! We're thrilled to announce our new Bring Your Own App (BYOA) feature, designed to extend SSPM's comprehensive monitoring capabilities to your custom SaaS applications. What is Bring Your Own App (BYOA)?BYOA allows you to seamlessly integrate any custom SaaS app, whether it's publicly available or developed internally, into Netskope SSPM. This means you can now define configuration attributes to be monitored, create custom rules, and enjoy continuous monitoring and reporting for all your uniqu
Hear from our Product Management and Product Adoption leads as they cover the latest platform updates from Release 127, 128, and 129. Key product updates: Copilot for CCI (SkopeAI) gets smarter with new enhancements for expanded insights across multiple applications directly from Cloud Apps pages Netskope One DSPM data visibility and risk assessment for OneDrive, SharePoint, Google Drive, Box, and Oracle Cloud Infrastructure NextGen API Protection Jira Support for ongoing and retroactive DLP and threat scans for Jira NextGen API Protection SharePoint enhancement to detect files in SharePoint that are exposed to Copilot, helping to prevent sensitive data overexposure Enterprise Browser now supports screenshot, screen sharing, and watermarking Browser Protection Policies Cloud TAP now supports AWS IAM Roles Anywhere to securely store tapped data into S3 buckets Netskope Client Secure Enrollment capabilities Netskope Client Debug Mode makes log collection frictionless for e
Certificates have become the backbone of communicating securely over the internet. When the Netskope Client intercepts the traffic to perform DLP & TSS, certain applications might have adverse effects because of how the application certificates are handled. Hear from our internal security team as they cover: The basics about application certificates and their working How the Netskope Client handles application certificates How to configure the Netskope Client to work with certificate pinned applications How to resolve certain certificate issues by bypassing them For more information, check out our blog post. View past events in this series!
In case you missed the latest webinar in our Inside Netskope series—where Netskope experts show you how we protect our users, applications, and data using our own cloud-based architecture—a recording and recap of our recent session on “Netskope Data Loss Prevention for Sentiment Analysis” can be found below. Feel free to comment and continue the discussion! 📽 Watch on-demand 🍿 Q: If we are creating keywords in English, will the dictionary be captured in all regional languages?A: No, I think it would just be for the keywords which are specified within the framework. So as far as regional languages, we'll have to check internally if we are supporting those. Q: When creating and deploying a DLP policy for AI, can you provide some tips on how to identify false positives in the Alerts?A: It involves extensive analysis of the incidence and forensic data because this is something that is a challenge for us as well whenever we implement a new DLP framework or a policy. So, we take a step by
Hear from our internal security team as they explain how Netskope DLP can be applied for sentiment analysis of user queries in Generative AI web applications. Learn how to: Compile positive and negative words into CSV files, creating dictionaries and DLP rules for these words in the Netskope tenant console Create Realtime policies to perform sentiment analysis on Gen AI categories Identify the intent and thought of users when using Gen AI with policies that check for the overall sentiment of users, whether it is positive or negative Extend this application of DLP profiles to other use cases like detecting social media trolling or abusive messages For more information, check out our blog post. View past events in this series!
Why Certificates and What is Cert-Pinning?In the internet age, it has become mandatory for all organisations and services which are hosted on the internet to rely on certificate based authentication and authorisation in order to protect the confidentiality and integrity of their data accessible and traversing over the internet. Certificates help prove your identity over the internet when communicating with parties/services which you have not interacted with before. As organisations and service providers started heavily relying on certificates for their security needs, they wanted to be sure that there was no chance of data leakage through techniques such as man-in-the-middle attacks. This led to the rise of adoption of the concepts like trusted certificate stores and certificate pinning.Certificate pinning is a security method which protects the service providers against man-in-the-middle attacks. The server/host is associated with a specific certificate or public key and the applicati
Already have an account? Login
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.