Learn

This Azure Bicep template facilitates the automated deployment of Netskope Publisher instances in Azure environments. It's designed to streamline the deployment process for DevOps teams, enabling quick and consistent Publisher setups while following infrastructure-as-code best practices.This can be a key item on how to achieve ZTNA in PaaS environments: You can check out the files here: https://github.com/Mitsj0l/nskpub_azureSupported Functions ✨Azure Integration: Automated deployment of Netskope Publisher Marketplace VMs Integration ready for Azure Pipelines End-to-end deployment in 3-4 minutes Network Management: Support for existing networking components VNet, Subnet, and NSG integration Option to create new or use existing network components Security & Configuration: Secure parameter handling through dedicated parameter files API token and SSH key management Cloud-init based post-deployment setup Automated Publisher registration with Netskope tenant  Project Structure

Elevate your network monitoring and user experience with the advanced capabilities of P-DEM Enterprise. Thierry Notermans, Product Management Director for Proactive Digital Experience Management (P-DEM), demonstrates the innovations introduced with P-DEM Enterprise using three key use cases.  Learn how to: Monitor onramp, app performance, and user experience from sites connecting to Netskope via SD-WAN, SASE gateways or private connectivity Monitor any application, from over 80K predefined apps or any custom web-based application, including synthetic application monitoring for how apps are performing Streamline operations and deliver a cohesive, transformative monitoring experience with the integration of Real User Monitoring (RUM) and Synthetic Monitoring Get a consistent 360-degree view of digital experiences across the entire path from users to apps   

Unveiling Netskope Proactive Digital Experience Management (P-DEM) Enterprise, a groundbreaking solution that delivers unmatched end-to-end insights and user experience monitoring within SASE and SD-WAN environments. Discover how P-DEM Enterprise eliminates blind spots, provides complete transparency across your entire network, and empowers you to optimize performance at every stage. Key Takeaways:Discover groundbreaking innovations like site-specific, user-specific, and app-specific monitoring that deliver a comprehensive 360-degree view of your digital experience. Learn how advanced contextual visibility and AI/ML-driven insights accelerate troubleshooting and reduce operational costs. Explore how this solution enhances workforce productivity, reduces operational friction, and delivers significant cost savings through proactive monitoring and remediation.  

 Overview Forward Proxy Authentication (FPA) ensures secure access to cloud applications by requiring SAML-based authentication via an intermediary server that allows organizations to enforce granular authentication policies. Netskope’s FPA allows integration of multiple Identity Providers (IdPs) based on criteria like access methods (IPsec, GRE, Cloud Explicit Proxy, NS Client Enrollment) and network location, enabling flexible and secure user authentication management. Organizations can maintain existing SAML setups while utilizing Netskope’s enhanced authentication features, supporting multiple concurrent IdPs to match specific conditions for robust security and control. Configuration in PingOne  Login to the PingOne Admin Console. Navigate to Applications > Application Catalog. Search the Application Catalog for Netskope Client Enrollment and click + Add Instance. Enter temporary values into the ACS URL and Entity ID fields, like https://pingone.com and https://pingone.com

This article is going to cover how to leverage PingOne for SCIM Provisioning via PingOne.  SCIM Provisioning  Netskope supports provisioning of users and user groups authenticated via Ping Identity. The Netskope SCIM app supports the following: Push New Users: New users created through Ping Identity will also be created in NetskopePush Groups: Groups created through Ping Identity will also be created in NetskopePush Profile Updates: Updates made to the users profile through Ping Identity will also be pushed to NetskopePush User Deletion: Deleting a user in Ping Identity will also delete the user in Netskope.By default a user disabled in Ping Identity will be deleted in Netskope. Configuration Steps Configuration in Netskope Login into your Netskope Admin Console. Select Settings in the lower left. Select Tools > REST API v2. Ensure REST API Status is enabledSelect New Token and enter an appropriate name. Select a token expiry duration (To ensure the security and reliability of your

Hear from our security team as they discuss how Cloud Threat Exchange is implemented within Netskope to streamline the automated integration of IOCs with a ticketing system and perform continuous monitoring.  Key topics covered:Cloud Threat Exchange Integration with multiple security tools and technologies such as Netskope, SIEM, EDR, etc. Automation of IOC ingestion from ticketing platforms such as Jira into Github repo The plugin to Ingest IOC's from Github to Cloud Exchange And real-time monitoring of these IOCs (continuous monitoring)  

Recently I stumbled upon an interesting campaign carried out by a threat actor dubbed Dark Pink and characterized by the exploitation of a legitimate cloud service, GitHub, to host the malicious payload. GitHub is a well-known service, categorized as "Development Tools" and "Technology" within the Next Gen SWG, and for which a dedicated connector allows to enforce granular security policies in terms of adaptive access control, DLP and threat protection.    However, it is common for threat actors to abuse even less-known cloud services for malicious purposes such as malware distribution, command and control and data exfiltration, and the above campaign is no exception. As a matter of fact in the above mentioned case, the attackers exploited an additional less-known cloud service, textbin[.]net, to deliver the malicious payload.   Netskope customers are protected out-of-the-box from the malicious exploitation of textbin[.]net as this service is already classified as "Secur

Check out the demo to get a sneak peek into the advanced capabilities launched with the Kadiska integration at the core of our Proactive DEM!  Proactive Digital Experience Management (Proactive DEM) Enterprise offers a powerful site-centric view that when combined with user monitoring, helps pinpoint the source of user experience issues—whether at a specific site, connecting to the Netskope NewEdge POP, or the ISP. This ensures full performance visibility, empowering organizations to achieve unparalleled visibility, optimize performance, and elevate user experience across their network infrastructure.   

We want to restrict user to upload any code to GitHub. They can only download the code from it.  

Background Q. How do you enforce Netskope Client adherence without impacting SAML flows after authentication?A. Netskope Client Enforcement. Netskope Client Enforcement is used to “enforce” the compliance of having a Netskope client enabled and connected to a tenant for accessing SaaS applications using Identity Providers (IdP) such as Okta. This includes IdP or Service Provider initiated connections, i.e. logging into Okta to access a SaaS application or logging into the SaaS application directly. Netskope Client Enforcement should be differentiated from other methods of steering real-time traffic to the Netskope tenant for the processing of policies; policies such as Next-Generation Software Web Gateway (NG-SWG), Data Loss Prevention (DLP), Netskope Private Access (NPA), User Enhanced Behavior Analytics (UEBA), Cloud FireWall (CFW), and so on, all of which are designed to protect an organization. Netskope Client Enforcement also enables end users to protect corporate resources th

This article is going to cover how to leverage Onelogin for Netskope Client Authentication via SAML, as well as how to use SCIM Provisioning with Onelogin. SCIM Provisioning Netskope supports provisioning of users and user groups authenticated via OneLogin. The Netskope SCIM app supports the following:Push New Users: New users created through Onelogin will also be created in Netskope Push Groups: Groups created through Onelogin will also be created in Netskope Push Profile Updates: Updates made to the users profile through Onelogin will also be pushed to Netskope Push User Deletion: Deleting a user in Onelogin will also delete the user in Netskope Push User Suspension: By default a user suspended in Onelogin will be deleted in Netskope, If the provisioning configuration in the Netskope Onelogin App is set to Suspend. If you would like suspended users to continue to exist in Netskope, set the provisioning configuration in the Netskope Onelogin app to Do Nothing.  Netskope Configuratio

I just passed my Netskope NSK101 exam; however, I don't know where to download my certificate or which page I need to link my partner account with Pearson VUE to obtain my certificate. Can someone please help me with this issue?

Hear from our Product Management and Product Adoption leads as they cover the latest platform updates from Release 115, 116, and 117.  Key product updates:Local Broker for On-Premises ZTNA - How to enforce policies locally instead of routing traffic through Netskope Cloud Device Classification (DC) - Additional device classification labels/profiles that can be associated with real-time policies Remote Browser Isolation (RBI) - Added 42 more web categories in extended RBI to support isolation of more user traffic. Configuration options are expanded with fallback action configuration and browser source criteria Data Protection - Enhanced protection by adding Bluetooth support for Windows Endpoint DLP and improving unicode support and image text OCR classification Threat Protection - Now scans cloud emails with API connectors to add an additional layer of protection against phishing  Secure Web Gateway - Enhanced policy management and filtering and introduced an API for URL category looku

OverviewThis article encompasses a detailed step by step guide for configuring and deploying Netskopes Borderless SD WAN in Azure and achieving High Availability and Load Sharing with the Azure Route Server.  Use CaseThe use case for this scenario is having always-on connectivity for your Azure Workloads to Netskopes Next GEN Secure Web Gateway for workstation internet access.  With this use case, workstations deployed within a single VNET or across multiple VNETs can have secure connectivity to the Netskope platform. BGP is utilized to provide resiliency, symmetry and load sharing across Netskope Borderless WAN Gateways in the Azure cloud. ArchitectureIn the above architecture I have 2 Network Virtual Appliances that are the Netskope SASE Gateways. Each Gateway VM is performing an EBGP peering relationship with the Azure Route Server. The Netskope Gateways are each advertising a default route that will later be used to perform ECMP and High Availability for the workloads inside your V

OverviewThis article encompasses a detailed step by step guide for configuring and deploying Netskopes Borderless SD WAN in Azure and achieving High Availability and Load Sharing with the Azure Route Server.  Use CaseThe use case for this scenario is having always-on connectivity for your Azure Workloads to Netskopes Next GEN Secure Web Gateway for workstation internet access.  With this use case, workstations deployed within a single VNET or across multiple VNETs can have secure connectivity to the Netskope platform. BGP is utilized to provide resiliency, symmetry and load sharing across Netskope Borderless WAN Gateways in the Azure cloud. ArchitectureIn the above architecture I have 2 Network Virtual Appliances that are the Netskope SASE Gateways. Each Gateway VM is performing an EBGP peering relationship with the Azure Route Server. The Netskope Gateways are each advertising a default route that will later be used to perform ECMP and High Availability for the workloads inside your V

I just passed my Netskope NSK101 exam; however, I don't know where to download my certificate or which page I need to link my partner account with Pearson VUE to obtain my certificate. Can someone please help me with this issue?

Hear from our security engineers on how they use different Netskope products to holistically secure SaaS apps to improve the security coverage and posture of an organization. Layered Protection for SaaS apps [Salesforce, Github, Workday] at Netskope:Client Enforcement - Access to Salesforce allowed only when connecting with a Netskope client that is registered with the production Netskope tenant Realtime and API protection policies for confidential data [PII, PCI, passwords, API security keys] Security Posture Management - Compliance standards and rules are checked against the configurations of Salesforce, so that any vulnerabilities and threats are remediated by Salesforce admins Endpoint DLP Protection - File origin policy to block movement of data downloaded from Salesforce to unsanctioned external storage devices User Behavior Analytics - Bulk downloads, failed logins, access from risky countries, suspicious download, and delete are some of the alerts we monitor and investigate Che

GitHub is a web-based platform that provides hosting for software development projects utilizing the Git version control system. It serves as a collaborative platform for developers to work together on code, track changes, manage projects, and host their code repositories. GitHub allows developers to create and maintain repositories, which are containers for code and related resources. These repositories can be either public, allowing anyone to view and contribute to the code, or private, restricting access to a selected group of individuals or organizations.   There are some security challenges that we as the Customer Zero team are trying to address for Github. The premise behind the security posture is considering sensitive data movement, malicious repositories, code injection and leakage, ensuring appropriate access controls and permissions. We are currently monitoring and securing access to Github internally with a breadth of products that are developed and maintained by the d

Borderless WAN Hub Deployment & Configuration [Note] : The below setup is suitable with Meraki/Juniper Infrastructure BWAN Orchestrator tenant creation requires request to be opened with respective account representative (this document contains reference images from the test tenant portal)  Step1: BWAN Hub Deployment [with Model: NSG-1500] This device needs two ports configured on a Network - GE1 and GE2  GE1 port will be uplink to Meraki/Direct ISP and Wired connectivity Public IP: The public IP of the WAN interface must be explicitly configured in the Hub. This is the IP to which the Client will initiate the tunnel.  GE2 port will be Wireless connectivity GE1 - Port Configuration 1. Login to BWAN Orchestrator Portal  Login to BWAN Orchestrator Portal GE2 port will be Wireless connectivity GE1 - Port Configuration GE1 - Port Configuration : Activation Steps1. Login to BWAN Orchestrator Portal  2. Go to Dashboard > Manage and click (+)plus: sign to create Gateways 3. Select the