cancel
Showing results for 
Search instead for 
Did you mean: 
rcanzanese
Netskope
Netskope

Our latest blog post shares stats that show the amount of malware delivered via cloud apps continues to increase. Cybercriminals are deliberately abusing popular cloud apps for malware delivery to exploit trust and blend in.

https://www.netskope.com/blog/cloud-and-threat-report-cloudy-with-a-chance-of-malware

 

Netskope can scan downloads for malicious content whether they originate from a cloud app or traditional web infrastructure. To ensure that your users are protected, create a "Threat Protection Profile" policy that scans all categories and all activities and blocks malicious content.  This policy covers all cloud and web activities to ensure complete protection, no matter which delivery method an attacker targeting your users chooses.   

 

rcanzanese_1-1619638972403.png

Every malware alert will contain the field "traffic_type" which indicates whether the alert is from a "CloudApp" or the "Web".  You can search SkopeIT for all cloud malware alerts:

traffic_type = 'CloudApp' and (alert_type eq 'Malware')

Through Advanced Analytics you can generate reports to show the breakdown of "CloudApp" vs. "Web" malware in your environment.  95% of the malware detected in this environment has been downloaded from a Cloud App:

rcanzanese_2-1619639627463.png

 

 

1 Comment
pvilarino
Netskope
Netskope

Just as a followup if you want to create this in "Reports" just add the query

traffic_type = 'CloudApp' and (alert_type eq 'Malware')

to an Alert widget

 

In Advanced Analytics  you can use this

 

cloud based malware vs web based malware.png