Netskope Global Technical Success (GTS)

General Q/A Attached to: Managing Access to Traffic Destined for High-Risk Countries

Netskope Cloud Version - 120

Objective

Managing Access to Traffic Destined for High-Risk Countries: Q&A Guide

Note - Request you to read parent article first Link

Prerequisite

Netskope CASB Inline/SWG license is required

Context

We'll discuss the Q/A attached to ‘Managing Access to Traffic Destined for High-Risk Countries’

Q/A Section

• Question 1: How does Netskope identify the country where a web destination is hosted?

Answer: Netskope identifies the country where a web destination is hosted using Geo-IP mapping. This method maps the IP address of the destination to its physical location, based on databases that associate IP ranges with specific countries. These databases are regularly updated and maintained to reflect changes in IP address allocations

• Question 2: Does Netskope use any third-party tools for Geo-IP mapping?

Answer: Netskope leverages multiple third-party feeds for Geo-IP mapping, including services like MaxMind, IP2Location, NetAcuity, and Netstar. These feeds are updated regularly to ensure accurate location identification.

• Question 3: Does Netskope provide a list of High-Risk countries that should be included in the High-Risk Real-Time Protection Policy, with all traffic to those countries blocked?

Answer: Netskope does not provide a specific, pre-defined list of High-Risk countries that should be included in High-Risk Real-Time Protection Policy. Instead, Netskope allows organizations to define their own High-Risk countries based on their business requirements and compliance needs.

A customer in Africa may identify different High-Risk countries compared to a customer in the APAC region. Each country has its own regulations concerning high-risk countries. For example, the U.S. government enforces the International Traffic in Arms Regulations (ITAR), while Australia adheres to the Export Control Act of 1982.

• Question 4: What about the default Risky Countries policy listed under Behavior Analytics (UBA)?

Answer:

Path: Netskope Tenant UI >>> Policies

This is a default policy that includes over 25 countries. Any traffic directed to these countries will trigger a User Behavior Analytics (UBA) informational alert. It is recommended that customers review this default policy and modify it according to their specific business requirements and compliance needs.

Customers seeking real-time protection policies to restrict traffic to High-Risk countries should consult this list. For the initial days or weeks, it is advisable to set the policy action to 'Alert.' This allows Netskope administrators to review alerts and determine whether traffic related to any sanctioned applications is being directed to High-Risk countries, enabling them to plan subsequent actions accordingly.

• Question 5: What should a customer do if the Geo-IP mapping is incorrect?

Answer: Any Geo-IP mismatches should be reported to Netskope Customer Support.

• Question 6: Can a customer map an IP address to a country directly from the Netskope Tenant UI?

Answer: Customer cannot perform any such action from the Netskope Tenant UI.

• Question 7: Does Netskope provide information about the country where a web destination is hosted?

Answer: Yes, this information is accessible under the Skope IT

Path: Netskope Tenant UI >>> Skope IT

Terms and Conditions

• All documented information undergoes testing and verification to ensure accuracy.
• In the future, should any changes to Netskope best practices come to our attention, we will promptly update the documentation to reflect them.

Notes

• This article is authored by Netskope Global Technical Success (GTS).
• For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.