Skip to main content

Hi everyone,

 

I'm looking to consult with others who may have experience integrating CDR (Content Disarm and Reconstruction) solutions with Netskope, specifically for securing web file downloads.

 

The goal is:

 

When a user attempts to download a file from the internet through Netskope,

 

The file is either blocked or redirected,

 

Then automatically sent to a CDR engine (e.g., OPSWAT MetaDefender) for sanitization,

 

And only afterward made available to the user in a safe version.

 

 

Has anyone implemented this kind of workflow?

Any insights, architecture suggestions, or practical challenges would be greatly appreciated.

 

Thanks in advance!

Netskope has a service delivery, enabled by flag, that dis-allows file downloads until it is run through their sandbox.  

 

A couple of thoughts:

  1. This isn’t a sanitation service.   Either it is malicious according to the threat level you programmed in to Netskope (High, Medium, Low confidence) or it isn’t malicious. They aren’t stripping macros out of Excel files.
  2. There isn’t notification to the user. They click on a link, and Netskope sents it in the back grou it to the Sandbox.   If it is not viewed as a threat, then eventually the person clicks on the link and downloads it.  I put in an software enhancemetn request - before the IDEAS proram-to notify the user at the very least to wait to click again.  I also suggested placing the  resultant file into storage - theirs, our coporate blog like DLP and emailing a link to pick it up when the analysis is done when notified by email. Either way, a time limit on storage.
  3. The Netskope sandbox, utilized in their “Patient Zero” service delivery, promises analysis within 10 minutes but we are seeing it done in 2-3 minutes on average.

Reply