Learn

A quick walk-through of our predefined dashboards in Advanced Analytics.  

Understand who the top risky users are in your organization using Advanced Analytics with the Insider Threat Dashboard. The video will discuss how to access the dashboard, what does each visual tell, how to tune this dashboard in your environment, and our recommendations.  

Period over Period Analysis allows you to compare measures from one period to another. E.g. view the change in total alert count from the previous month to the current month. This video will show you how to configure and use the Period over Period Analysis in your dashboards.  

Pivot Rank allows you to control the sorting order of a particular field you pivoted, while Double Rank allows you to sort on two different columns. This video will show you how to better organize your data with Pivot Rank and Double Rank.  

This video will show you some advanced use cases of custom fields in Advanced Analytics. We recommend watching the previous videos on dimensions, measures, and custom fields before viewing this video.  

This video will show you how to build and use a Sankey chart in Advanced Analytics to visualize relationships among multiple subjects.  

This video will show you how to build and customize a GeoMap in Advanced Analytics data centers in use with your tenant.  

This video will show you how to construct and customize a line chart in Advanced Analytics to view how certain alerts are performing over time. 

This video will show you how to create and customize a pie chart in Advanced Analytics to view the number of applications by CCL.  

This video will show you how to build and customize a bar chart in Advanced Analytics, and how to best organize the data.  

"Dimensions" and "measures" are two fundamental elements of Advanced Analytics. While "dimensions" represent characteristics and attributes of the data, "measures" are anything you can quantify, or as the name implies, anything you can measure. This video will show you how to use dimensions and measures in Advanced Analytics dashboards.  

Pre-defined dashboards and widgets are located in Netskope Library, and cannot be edited until you save them to your own folders. This video will show you how to copy and save dashboards and widgets from the library to your personal and group folders for further customizations.  

 During the trial period, users are able to switch between the classic report platform and the Advanced Analytics platform. This video will show you how to migrate existing classic reports to you Advanced Analytics folder. 

As a company, we have deployed and continue to utilize Remote Browser Isolation to browse unknown or questionable sites based on web categories in a ‘safely allow’ posture instead of an outright block. When one of our analysts requested the purchase of a remote browser service to conduct investigations into sites that didn't fall into the web categories that we already send to RBI, we decided to develop a process to isolate any desired sites using our existing product, incurring no additional cost for the company.   The security team is often asked to investigate suspicious web sites, whether they are phishing, malvertising, or others. Netskope uses our Remote Browser Isolation solution for uncategorized, no content, parked domains, proxies and anonymizers, and known threat websites. For sites outside of those categories that require a safe way to investigate a web site we have created a solution for this.   How to set it up  Step 1 The approach we took was to create a c

Welcome to a project aimed at enhancing the ease of an analyst's experience. In this venture, I've taken automation to the forefront by simplifying how we add URLs to RBI_url list. This list is specifically meant for Remote Browser Isolation (RBI), ensuring that some questionable/suspicious sites can be accessed securely for investigation purposes.   At the heart of this effort is a Slack bot I've designed. This bot comes with the right permissions and a simple command. With this command, users can mention the URLs to be included in the RBI URL list. This whole process starts when the bot communicates with the Tines platform, where the real magic happens.   Using the Tines platform, we have simplified this process through automation by which these URLs are added to the RBI URL list seamlessly and securely. This automation eliminates the need to manually navigate to the tenant to upload URLs, streamlining and expediting the task.   Requirements: Slack app (to get urls fr

What is CSPM and Why CSPM?   CSPM stands for Cloud Security Posture Management, it is a process to monitor cloud resources that belong to an organization for any potential security misconfigurations or risks which can lead to financial or data loss. The CSPM process scans the public cloud infrastructure continuously to check for violations against a set of predefined rules. The rules are tuned/muted by each organization as per their compliance and security needs. Netskope CSPM also offers a set of comprehensive rules which can be used by customers to improve their compliance and security posture of public cloud. Netskope offers CSPM solutions for Microsoft Azure, Google Cloud Platform and Amazon Web Services at the time of writing this post. Storage scans can also help with DLP and Malware violations. This post explains in an efficient and expeditious method on how to onboard multiple Azure subscriptions into Netskope CSPM.    Making use of Azure Management Groups  

Security awareness compliance training refers to a specific training initiative created to educate employees, contractors, and other involved parties within a company regarding the significance of adhering to security measures, guidelines, and mandates. The fundamental aim of this training is to foster a mindset of security awareness and adherence across the entire organization. By doing so, it guarantees that all individuals comprehend their obligations in upholding the confidentiality of delicate data and countering security risks. However, not all users fulfill their training requirements punctually. At Netskope, over the past few years, we have persistently dispatched regular emails to users, urging them to finalize their training. Presently, we are exploring innovative and effective strategies to ensure timely completion of training by users.   Using Netskope, Okta, an LMS with an API, and a SOAR solution, we have created a solution to track users with missing security traini

Multiple users have reported issues with the stability of Zoom, as well as the performance of the application itself. Common complaints or issues relating to audio dropping, audio quality, and screen redraws or slowness painting the screen. Due to these issues, as seen traversing a proxy, it is recommended that Zoom traffic be bypassed and go directly to the destination, at least for real-time traffic.  We do recommend using our Next Generation API Data Protection for Zoom. With its current release, audit events, standard user behavior analytics alerts in Skope IT, and DLP alerts may be seen in the tenant. Future improvements to API data protection includes, threat protection, inventory and dashboard remediation actions, and retroscan. Instructions The following instruction set allows you to bypass Zoom traffic using the Netskope Client’s  real-time traffic steering method. Go to https://support.zoom.us/hc/en-us/articles/201362683-Zoom-network-firewall-or-proxy-server-setti

Steer It And You Can See It   It goes without saying that if you cannot see data exfiltration then you cannot stop it from happening.  CASB applications need to be steered in order to be seen, including SSL certificate pinned applications, destination locations, applications (CFW and CASB custom applications), and a few other bypass exceptions.   For reference SSL certificate pinning is when a desktop or mobile application validates if the proposed server certificates match the hardcoded ones in the application. It's a security technique used to prevent man-in-the-middle attacks (MITM).   We recognize some vendor ssl certificate pinned applications by default which need to be bypassed, Amazon Drive for example.  So, in order for end users to use the application without errors resulting, we need to bypass the application traffic and allow it to go directly to the destination.  In order for that to occur, we define the application and the hosts or domains to

Netskope Endpoint Data Loss Prevention (Endpoint DLP) provides data protection at the endpoint by utilizing Netskope cloud DLP capabilities. You can use Endpoint DLP to monitor and govern USB storage devices connected to your endpoint. Endpoint DLP is an optional add-on capability to the Netskope Client and does not require deploying and managing a separate client or agent on the endpoint.   With Endpoint DLP, you can create Device Control and Content Control policies. Device Control policies enable granular control over which devices are allowed and which users can access them. Whereas, Content Control policies enable the full use of  Netskope DLP profiles and rules to inspect and control data movement between an endpoint and a USB mass storage device. To avoid user interaction during deployment, please ensure that full disk access is enabled for all Mac OS systems for which the endpoint DLP service would be deployed.    Within the Customer Zero team, we have

There are many things that characterize good security hygiene. One obvious aspect is clearly defined trust boundaries and secure connectivity requirements. Allowing an unmanaged and untrusted device to be directly plugged into a trusted network would significantly violate one of the core tenets of the Zero Trust principle.   The truth is, enabling secure connectivity on mobile devices cannot be done in an ad-hoc manner, it must follow a best practice approach in order to be successful. While many internet security and remote access solutions offer a self-service workflow (e.g., go to the App/Play Store, download the client, authenticate, and connect), this can lead to potential risks. Sensitive data could end up on an untrusted and unmanaged device, which could get lost, stolen, or be used for unauthorized access and data exfiltration. This poses a real risk for both internal and SAAS applications, and it raises doubts about the effectiveness of the data protection perimeter. &nbs

In this session, you’ll hear about key use cases to implement protections that stop threats, protect data and identify sources of risk. Our Product Management and Product Adoption Leads will cover the latest platform updates from Release 103, 104, and 105. Key product updates:Generative AI Web Filtering Category ChatGPT App Connector Now Available Efficacy improvements in the DLP ML models New Inline Phishing ML model Printer Device Control for Endpoint DLP UEBA - Rest API integration for UCI scores Advanced Analytics - New SSL Inspection Dashboard Next Gen SSPM & CCI (V2) Next Gen API for Jira & Confluence  

Overview This is a short write-up on different approaches and nuances of Netskope Android client (NSClient) deployments, as it differs from, for example, the deployment of the Netskope iOS Client.This post will cover a rather easy and common deployment of steering and protecting certain app traffic to Netskope. This is similar to how iOS enables per-app VPN deployment. If you are interested is the high-level overview of our mobile capabilities, you might want to check out the following blog post:  Netskope's capabilities on mobile platforms - The Netskope Community The mentioned functionalities and configuration of the Netskope Android client are described in the documentation center: https://docs.netskope.com/en/netskope-client-supported-os-and-platform.html.   When you start deploying the NSClient with a Mobile Device Management (MDM) solution such as VMware Workspace and Microsoft Intune, the NSClient will be installed under the work profile. This is a neat feature in And

Netskope Private Access and Cloud Exchange running in Azure Overview Using Netskope’s Private Access (NPA) can help secure workloads in Azure like deploying Netskope’s Cloud Exchange there. In this solutions guide NPA is used to front end a Cloud Exchange server that doesn’t have direct inbound internet access.    Requirements Netskope tenant with a NPA license Azure account Setup Steps Netskope  Configure a Netskope Publisher in your Tenant   Azure Deploy Virtual Machine Netskope Publisher   Cloud Exchange Setting up Cloud Exchange in Azure Deploy Virtual Machine Ubuntu Server Add Access to Cloud Exchange via NPA Setup Cloud Exchange on Ubuntu Server   Verify Netskope Tenant sees your publisher Check your client for the NPA tunnel Try to access cloud exchange on your private IP Configure a Netskope Publisher in your Tenant Go to your Netskope Tenant > Settings > Security Cloud Platform > Publishers Click New Publisher