Learn

Introduction   In my previous post I introduced the Netskope Provider for Terraform and showed you how it can be used to deploy publishers and applications inside of a Netskope tenant. While I think this capability on it's own is extremely exciting, I know we can do better. When looking at creating automation for Netskope, our goal was always to ensure a new publisher including the underlying infrastructure could be managed in the same configuration. In fact this concept is one of the primary reasons that we choose to use Terraform as our initial entry into Infrastructure as Code(IaC). In this post I will expand upon what we introduced previously by walking you through how to use the Terraform Module for automating Netskope Publishers running in Amazon EC2. This should be fun!   What is a module?   For those that are new to Terraform let me start by explaining what a module is. The definition of a module is something along the lines of 1 or more .tf configuration files i

In this article, we will cover how to silent deploy the Netskope Client on Mac devices using IDP enrollment mode with Jumpcloud MDM. Prerequisite: SAML Forward Proxy integration with Jumpcloud as an IDP must be configured prior to deploying the Netskope Client. Configuration Steps 1 - Install Netskope CertificatesDownload both certificates from the Netskope Tenant on Settings > Manage > Certificates > Signing CA:  Jumpcloud allows you to choose only one certificate per policy. Follow the steps off the link Create a Mac or iOS Install Certificate Policy  and create two certificate policies on Jumpcloud. One for the Netskope Root Certificate and one for the Netskope Intermediate Certificate: Approve System Extension and Network ExtensionCreate a new Jumpcloud policy following the steps of the link Create Mac System Extension Policy  to Approve the System Extension and use the following details on the policy:In the latest SO versions it is necessary to check the System extension

Hear from our Product Management and Product Adoption leads as they cover the latest platform updates from Release 118, 119, and 120.  Key product updates:Site, User—App Synthetic Monitoring for Web Apps and Custom Web Applications  E2E Encrypted App Inspection and AI generated insights for CCI attributes (CCI copilot) Enhanced risk profiling for 3rd party applications—Workday, Entra ID, and Google Workspace Expanded App Coverage for Box, Slack, ServiceNow, and Cisco Webex on a new NG CASB API platform Comprehensive categorization and classification insights for URLs, domains, and IPs using the URL lookup API for SWG Malware workflow for submitting false positive and allowlisting  Reset UEBA UCI score to 1000 for use-cases such as role changes and test users Leverage MIP and Box Labels for DRM Integration for Classification  Provide visibility into custom classifier performance, including insights into the training data Endpoint DLP Printer Content Control Support for AIP/MIP Sensitivi

This Azure Bicep template facilitates the automated deployment of Netskope Publisher instances in Azure environments. It's designed to streamline the deployment process for DevOps teams, enabling quick and consistent Publisher setups while following infrastructure-as-code best practices.This can be a key item on how to achieve ZTNA in PaaS environments: You can check out the files here: https://github.com/Mitsj0l/nskpub_azureSupported Functions ✨Azure Integration: Automated deployment of Netskope Publisher Marketplace VMs Integration ready for Azure Pipelines End-to-end deployment in 3-4 minutes Network Management: Support for existing networking components VNet, Subnet, and NSG integration Option to create new or use existing network components Security & Configuration: Secure parameter handling through dedicated parameter files API token and SSH key management Cloud-init based post-deployment setup Automated Publisher registration with Netskope tenant  Project Structure

Elevate your network monitoring and user experience with the advanced capabilities of P-DEM Enterprise. Thierry Notermans, Product Management Director for Proactive Digital Experience Management (P-DEM), demonstrates the innovations introduced with P-DEM Enterprise using three key use cases.  Learn how to: Monitor onramp, app performance, and user experience from sites connecting to Netskope via SD-WAN, SASE gateways or private connectivity Monitor any application, from over 80K predefined apps or any custom web-based application, including synthetic application monitoring for how apps are performing Streamline operations and deliver a cohesive, transformative monitoring experience with the integration of Real User Monitoring (RUM) and Synthetic Monitoring Get a consistent 360-degree view of digital experiences across the entire path from users to apps   

Unveiling Netskope Proactive Digital Experience Management (P-DEM) Enterprise, a groundbreaking solution that delivers unmatched end-to-end insights and user experience monitoring within SASE and SD-WAN environments. Discover how P-DEM Enterprise eliminates blind spots, provides complete transparency across your entire network, and empowers you to optimize performance at every stage. Key Takeaways:Discover groundbreaking innovations like site-specific, user-specific, and app-specific monitoring that deliver a comprehensive 360-degree view of your digital experience. Learn how advanced contextual visibility and AI/ML-driven insights accelerate troubleshooting and reduce operational costs. Explore how this solution enhances workforce productivity, reduces operational friction, and delivers significant cost savings through proactive monitoring and remediation.  

 Overview Forward Proxy Authentication (FPA) ensures secure access to cloud applications by requiring SAML-based authentication via an intermediary server that allows organizations to enforce granular authentication policies. Netskope’s FPA allows integration of multiple Identity Providers (IdPs) based on criteria like access methods (IPsec, GRE, Cloud Explicit Proxy, NS Client Enrollment) and network location, enabling flexible and secure user authentication management. Organizations can maintain existing SAML setups while utilizing Netskope’s enhanced authentication features, supporting multiple concurrent IdPs to match specific conditions for robust security and control. Configuration in PingOne  Login to the PingOne Admin Console. Navigate to Applications > Application Catalog. Search the Application Catalog for Netskope Client Enrollment and click + Add Instance. Enter temporary values into the ACS URL and Entity ID fields, like https://pingone.com and https://pingone.com

This article is going to cover how to leverage PingOne for SCIM Provisioning via PingOne.  SCIM Provisioning  Netskope supports provisioning of users and user groups authenticated via Ping Identity. The Netskope SCIM app supports the following: Push New Users: New users created through Ping Identity will also be created in NetskopePush Groups: Groups created through Ping Identity will also be created in NetskopePush Profile Updates: Updates made to the users profile through Ping Identity will also be pushed to NetskopePush User Deletion: Deleting a user in Ping Identity will also delete the user in Netskope.By default a user disabled in Ping Identity will be deleted in Netskope. Configuration Steps Configuration in Netskope Login into your Netskope Admin Console. Select Settings in the lower left. Select Tools > REST API v2. Ensure REST API Status is enabledSelect New Token and enter an appropriate name. Select a token expiry duration (To ensure the security and reliability of your

Hear from our security team as they discuss how Cloud Threat Exchange is implemented within Netskope to streamline the automated integration of IOCs with a ticketing system and perform continuous monitoring.  Key topics covered:Cloud Threat Exchange Integration with multiple security tools and technologies such as Netskope, SIEM, EDR, etc. Automation of IOC ingestion from ticketing platforms such as Jira into Github repo The plugin to Ingest IOC's from Github to Cloud Exchange And real-time monitoring of these IOCs (continuous monitoring)  

Recently I stumbled upon an interesting campaign carried out by a threat actor dubbed Dark Pink and characterized by the exploitation of a legitimate cloud service, GitHub, to host the malicious payload. GitHub is a well-known service, categorized as "Development Tools" and "Technology" within the Next Gen SWG, and for which a dedicated connector allows to enforce granular security policies in terms of adaptive access control, DLP and threat protection.    However, it is common for threat actors to abuse even less-known cloud services for malicious purposes such as malware distribution, command and control and data exfiltration, and the above campaign is no exception. As a matter of fact in the above mentioned case, the attackers exploited an additional less-known cloud service, textbin[.]net, to deliver the malicious payload.   Netskope customers are protected out-of-the-box from the malicious exploitation of textbin[.]net as this service is already classified as "Secur

Check out the demo to get a sneak peek into the advanced capabilities launched with the Kadiska integration at the core of our Proactive DEM!  Proactive Digital Experience Management (Proactive DEM) Enterprise offers a powerful site-centric view that when combined with user monitoring, helps pinpoint the source of user experience issues—whether at a specific site, connecting to the Netskope NewEdge POP, or the ISP. This ensures full performance visibility, empowering organizations to achieve unparalleled visibility, optimize performance, and elevate user experience across their network infrastructure.   

We want to restrict user to upload any code to GitHub. They can only download the code from it.  

Background Q. How do you enforce Netskope Client adherence without impacting SAML flows after authentication?A. Netskope Client Enforcement. Netskope Client Enforcement is used to “enforce” the compliance of having a Netskope client enabled and connected to a tenant for accessing SaaS applications using Identity Providers (IdP) such as Okta. This includes IdP or Service Provider initiated connections, i.e. logging into Okta to access a SaaS application or logging into the SaaS application directly. Netskope Client Enforcement should be differentiated from other methods of steering real-time traffic to the Netskope tenant for the processing of policies; policies such as Next-Generation Software Web Gateway (NG-SWG), Data Loss Prevention (DLP), Netskope Private Access (NPA), User Enhanced Behavior Analytics (UEBA), Cloud FireWall (CFW), and so on, all of which are designed to protect an organization. Netskope Client Enforcement also enables end users to protect corporate resources th

This article is going to cover how to leverage Onelogin for Netskope Client Authentication via SAML, as well as how to use SCIM Provisioning with Onelogin. SCIM Provisioning Netskope supports provisioning of users and user groups authenticated via OneLogin. The Netskope SCIM app supports the following:Push New Users: New users created through Onelogin will also be created in Netskope Push Groups: Groups created through Onelogin will also be created in Netskope Push Profile Updates: Updates made to the users profile through Onelogin will also be pushed to Netskope Push User Deletion: Deleting a user in Onelogin will also delete the user in Netskope Push User Suspension: By default a user suspended in Onelogin will be deleted in Netskope, If the provisioning configuration in the Netskope Onelogin App is set to Suspend. If you would like suspended users to continue to exist in Netskope, set the provisioning configuration in the Netskope Onelogin app to Do Nothing.  Netskope Configuratio

I just passed my Netskope NSK101 exam; however, I don't know where to download my certificate or which page I need to link my partner account with Pearson VUE to obtain my certificate. Can someone please help me with this issue?

Hear from our Product Management and Product Adoption leads as they cover the latest platform updates from Release 115, 116, and 117.  Key product updates:Local Broker for On-Premises ZTNA - How to enforce policies locally instead of routing traffic through Netskope Cloud Device Classification (DC) - Additional device classification labels/profiles that can be associated with real-time policies Remote Browser Isolation (RBI) - Added 42 more web categories in extended RBI to support isolation of more user traffic. Configuration options are expanded with fallback action configuration and browser source criteria Data Protection - Enhanced protection by adding Bluetooth support for Windows Endpoint DLP and improving unicode support and image text OCR classification Threat Protection - Now scans cloud emails with API connectors to add an additional layer of protection against phishing  Secure Web Gateway - Enhanced policy management and filtering and introduced an API for URL category looku

OverviewThis article encompasses a detailed step by step guide for configuring and deploying Netskopes Borderless SD WAN in Azure and achieving High Availability and Load Sharing with the Azure Route Server.  Use CaseThe use case for this scenario is having always-on connectivity for your Azure Workloads to Netskopes Next GEN Secure Web Gateway for workstation internet access.  With this use case, workstations deployed within a single VNET or across multiple VNETs can have secure connectivity to the Netskope platform. BGP is utilized to provide resiliency, symmetry and load sharing across Netskope Borderless WAN Gateways in the Azure cloud. ArchitectureIn the above architecture I have 2 Network Virtual Appliances that are the Netskope SASE Gateways. Each Gateway VM is performing an EBGP peering relationship with the Azure Route Server. The Netskope Gateways are each advertising a default route that will later be used to perform ECMP and High Availability for the workloads inside your V

OverviewThis article encompasses a detailed step by step guide for configuring and deploying Netskopes Borderless SD WAN in Azure and achieving High Availability and Load Sharing with the Azure Route Server.  Use CaseThe use case for this scenario is having always-on connectivity for your Azure Workloads to Netskopes Next GEN Secure Web Gateway for workstation internet access.  With this use case, workstations deployed within a single VNET or across multiple VNETs can have secure connectivity to the Netskope platform. BGP is utilized to provide resiliency, symmetry and load sharing across Netskope Borderless WAN Gateways in the Azure cloud. ArchitectureIn the above architecture I have 2 Network Virtual Appliances that are the Netskope SASE Gateways. Each Gateway VM is performing an EBGP peering relationship with the Azure Route Server. The Netskope Gateways are each advertising a default route that will later be used to perform ECMP and High Availability for the workloads inside your V

I just passed my Netskope NSK101 exam; however, I don't know where to download my certificate or which page I need to link my partner account with Pearson VUE to obtain my certificate. Can someone please help me with this issue?