Solved

Best practice for tagging webpages with Sanctioned

  • 20 July 2023
  • 2 replies
  • 45 views

Badge +2

Hello,

 

I am implementing a new proposal for Real Time Policies for Netskope, to follow best practices and reduce the number of polices to the minimum possible.

 

Currently, I propose a structure similar to this (+ other specific policies of allow, block, dlp, threat protection etc..):

  1. Allow corporate App Instances
  2. Allow "Sanctioned" Apps
  3. Block not allowed Categories
  4. Allow allowed Categories

 

But there are webpages that belong to a non-permitted category, but to which access must be allowed. The problem is they are webpages and not applications, I can't apply the "Sanctioned" tag. If I create a custom app with the URL of the webpage, it also does not allow adding the "Sanctioned" tag.

 

What is the best practice recommendation to resolve the situation? I can only think of creating a new policy that is allow access to a custom URL List, but it doesn't seem like a maintainable option over time, if the URL list grows too much.

 

Thank you so much!

icon

Best answer by 0x114 21 July 2023, 00:05

View original

2 replies

Badge +6

Layering policies with a custom category allow-list is the only realistic option if the site is categorized correctly. If the site is not categorized correctly, you can request a re-categorization.

Userlevel 3
Badge +13

URL lists, separately for allowed and blocked categories are what you need here.
Also remember we have a API to programmatically update URL lists - Many customers chose to maintain lists and patch them via these API.

I don't see threat policies in your list and it's recommended that you have threat policies right on top of the stack - Within the threat stack I'd recommend you do the following - this way you block risky sites and then for the rest you scan file ul/dls..
1. Block Security Risk
2. Malware scan for ul/dl 

Reply