Netskope Global Technical Success (GTS)
Threat Protection Policy - Any Web Traffic
Netskope Cloud Version - 129
Objective
This article covers the recent changes to the Netskope Threat Protection Policy introduced in release 129. For details, please refer to the following link: Link
Prerequisite
Netskope SWG or Next-Gen SWG license
Context
- According to Netskope best practices, Threat Protection Policies should be among the top Real-time Protection Policies. The primary goal of this policy is to block the download and upload of malware.
- In Netskope release 129, a new capability—"Any Web Traffic"—was introduced. This article provides details regarding the addition of this "Any Web Traffic" option.
Details
- The Threat Protection Policy is one of the key Real-time Protection policies and, in most cases, is configured on Day 1 of setting up Real-time Policies.
- Prior to Netskope release 129, one of the following two approaches was typically used when creating a Threat Protection Policy:
Approach 1: Select all predefined and custom URL categories individually. (See Image 1)
Approach 2: Create a custom category that includes all predefined and custom URL categories, and then reference that custom category within the Threat Protection Policy. (See Image 2)
Image 1
Image 2
- Challenge associated with the above approaches:
a. When Netskope introduced a new web category, it had to be manually added to the existing Threat Protection Policy — a step that many customers often missed.
b. Similarly, when a customer created a new custom web category, it also needed to be explicitly selected in the Threat Protection Policy, which was frequently overlooked.
- Fix
a. The option to select "Any Web Traffic" in Real-time Protection Policies has been available for some time; however, the ability to associate it with a Threat Protection Profile was introduced in Netskope Release 129.
b. With this enhancement, customers can now select "Any Web Traffic" and apply a Threat Protection Profile, effectively addressing the challenges listed above.
Configuration
- Backend Flag - Enable Threat Protection on Any Web Traffic
- The above backend flag needs to be enabled. Raise a support case to get it enabled.
- Real-time Policy configuration
Path: Netskope Tenant UI >>> Policies >>> Real-time Protection >>> New Policy >>> Threat Protection
Author Notes
- For existing Netskope customers, a request must be raised to enable the backend flag for the "Any Web Traffic" capability. For new customers, this backend flag is enabled by default.
- There is no production impact associated with enabling this backend flag.
- For existing customers, it is recommended to test any changes to the Threat Protection Policy with a small group of users first. After successful validation and monitoring, the policy can be rolled out globally.
- Netskope strongly recommends that both existing and new customers configure their Threat Protection Policy using "Any Web Traffic".
- Additionally, there are plans to extend "Any Web Traffic" support to DLP policies as well. Netskope Product Management is currently working on this enhancement.
Terms and Conditions
- All documented information undergoes testing and verification to ensure accuracy.
- In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.
Notes
- This article is authored by Netskope Global Technical Success (GTS).
- For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.
