Netskope Global Technical Success (GTS)
Best Practices - Guide to Maintaining Steering Configuration
Netskope Cloud Version - 126
Objective
Establishing best practices to effectively maintain steering configurations via the Netskope Web UI.
Context
This document outlines the set of best practices to ensure that your Steering configuration is aligned as per Netskope’s best practices.
Basic Definitions
- What is a Steering configuration?
- A steering configuration defines what type of traffic will be steered towards Netskope platform for Analysis. Netskope can only inspect and take action on the traffic that has been steered using a Steering configuration located.
- A Steering configuration can be found under Settings - Security Cloud platform - Steering configuration.
- Depending on your entitlement with Netskope, you can steer the below type of Traffic using a Steering configuration -
- Cloud Apps
- Web Traffic
- All Traffic (HTTP, HTTPs + Non Web Traffic)
- DNS traffic
It is essential to ensure that appropriate traffic is steered to the Netskope platform and best practices for steering configuration are followed because misconfigurations can lead to some amount of traffic bypassing inspection, creating blind spots and exposing the organization to threats like malware, data exfiltration, or policy violation.
Best practices
- Steering Mode set as per Entitlements
- Ensure that your traffic steering is set as per Entitlements.
- Eg if you are entitled to steer “All Traffic” ensure that the steering configuration is set to steer “All Traffic”
- This will ensure that Netskope has visibility into the required traffic for inspection
- Redundant Steering configuration :
- Ensure to have a redundant steering configuration to test steering changes
- This allows administrators to test steering changes to a subset of users before rolling out the changes in production
- Exception review :
- Steering configurations come with a default set of exceptions. It is essential to review the exceptions and potentially remove any entry that does not align with the organizations policy as the exception traffic is exempted from any kind of deep inspection thereby creating security loopholes
- Therefore, periodic review of exceptions is essential to ensure that only necessary entries are added to this list
- Ensure that there are no broad categories within the exception list
- Unsanctioned Certificate pinned application
- The steering configuration comes with a pre-defined set of certificate pinned applications
- Review the list of these applications to remove the entries for unsanctioned applications or set them to “Block” instead of “Bypass”
- Setting them to Bypass will bypass the connections from the processes of these applications thereby preventing any visibility from these applications
- Adding notes to the exception entries
- The list of exceptions keep increasing over a period of time which leads to exceptions getting lost when the UI is handed over from one Admin to another
- Adding notes within the exception can better define the purpose of adding the entry helping with better exception management
- This will allow for ease of management and removal of unnecessary exceptions when the list is periodically reviewed
- Bypass Traffic Logging
- Ensure to keep the setting to Log Bypassed traffic
- This setting ensures that when certain types of traffic is bypassed at the Netskope platform, the events get recorded in the Page events when this setting is configured to “Log”. This allows some level of visibility into the traffic that gets bypassed as a result of steering exceptions. Note that only the traffic that gets bypassed at Netskope gateway (Not Netskope client) gets logged as a result of this setting
- Setting preferences for addition of certificate pinned application
- On an ongoing basis, Netskope keeps adding additional certificate pinned applications to the steering configuration
- This setting allows you an administrator to decide what happens when a new certificate pinned application is released by Netskope to be added under the exceptions
- The various set of options are discussed in this document
- The best practice is to leave the setting to “Ask me” which provides a notification to review the new predefined certificate pinned app in the Web UI and allows administrators to make a decision to act upon it.
- Below is an example of a notification that is received on the Web Ui
Terms and Conditions
- All documented information undergoes testing and verification to ensure accuracy.
- In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.
Notes
- This article is authored by Netskope Global Technical Success (GTS).
- For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.
