Skip to main content
  • EN

Security Posture Management

This is a discussion board on Netskope’s Security Posture Management (CSPM + SSPM) solutions that provide continuous security assessment, enforce a strong security posture, prevent configuration drift, and streamline compliance across clouds.

  • 39 Topics
  • 45 Replies
39 Topics
G
Netskope Employee
gcut
published in Security Posture Management
SSPM (SaaS Security Posture Management) template based rulesNews

In the 114 release, we are excited to introduce a new type of content for Netskope SSPM: template-based rules. These rule templates are designed to assist deploying environment-specific detections for known threats, noteworthy anomalies and address misconfigurations. Using templates makes it easier to establish a more expedient and proactive defense strategy for your SaaS ecosystem.Each template is composed  with the same Netskope Governance Language (NGL) rule logic which is also used in the hundreds of built-in detections bundled within Netskope SSPM.  Kindly refer below steps Template based rules are predefined detection rules, which contain placeholders intended to be filled by the user. By simply populating the placeholders within the rule, users can effortlessly generate rules tailored to their specific business requirements and constraints. For example, you might want to ensure every user account in a SaaS application is registered with a company provided email-address? Or creat

1820
G
Netskope Employee
M
maxNew Member
asked in Security Posture Management
Feature Request: Separate mechanism/process to permit REST API calls being made to the Netskope tenant

Administrative access to the Netskope tenant is restricted by the Allowlist, meaning administrators can only access the tenant if they are connecting from an IP address listed in the Allowlist. The Allowlist not only controls administrative access, but we have also noted that when attempts are being made to establish REST API connections or calls to the tenant these calls will fail if the IP address it is originating from is not on the Allowlist.There are instances where we want API calls from IP address ranges but at the same time we do not want administrative access to the tenant being granted to these IP addresses.Case in point. We are working with a Netskope SME to implement the Netskope Codeless Connector which sits in Microsoft Sentinel. The connector ingests Netskope logs directly into Sentinel via REST API calls. Sentinel does not have its own IP address range so it uses the Azure Public  IP Addresses to make those API calls. These calls will fail because the IP address which t

280
M
B
bntrotterNew Member
asked in Security Posture Management
Steer specific sub-domain but Allow Bypass for the remainder

Is it possible to steer specific site sub-domain traffic thru Netskope but have the remainder of the traffic bypass Netskope.I have a specific site sub-domain that my leadership wants to have blocked.  But currently the parent domain is set as a Steering Exception.

831
A
Netskope Employee
M
Netskope Employee
MridhulaNetskope Employee
published in Security Posture Management
Advanced Analytics Reports for SSPMAdvanced Analytics SSPM

About Netskope SSPM:Netskope SSPM  provides a unified pane of view to the security posture of all supported SaaS applications in your organization. Customers can use SSPM to identify & remediate security posture issues, Detect configuration drifts, Have visibility to & risk scoring of 3rd Party Apps About Netskope Advanced Analytics:Advanced Analytics allows customers to gain valuable insights which are visualized impactfully to the audience. Use it to get visibility into your environment and understand how Netskope is protecting you.Identify risk around shadow IT, data movement, insider threat, etc. Quickly drill into data, aggregate and answer questions Identify gaps in protection coverage and areas where tuning is needed Demonstrate value by highlighting how Netskope has protected the environment or visualize risk to influence stakeholders Key Benefits Monitor Security Posture: With Advanced Analytics reports for SSPM you can regularly monitor the security posture of your or

730
M
Netskope Employee
M
MelanieWhiteNew Member
asked in Security Posture Management
Netskope and iCloud Private Relay

I have difficulty downloading and installing apps from the InTune Company Portal app on my iPad mini, which of course has Netskope enabled.  There are error codes but they don’t point to InTune.  Looking through debug logs, I see mask.icloud.com and mask.apple-dns.net as well as cloudapp.azure.com.I have added the above values in an SSL Do Not Decrypt URL list without success.  I have also created a Network Location Profile using the IP address for the host fef.msua04.manage.microsoft.com.  I used that in a destination location steering config, (made sure I updated the local client before testing) but none of this has resolved the issue.Additionally - after adding mask.icloud.com and apps.apple.com (the latter did not stay)...I WAS able to install ONE app while at work.  Went home for more testing to prove the issue resolved - but everything thereafter failed...whether at home or back at work the next day.I’m at a loss and need some help finding a solution.  Thank you for any help.

1800
M
Y
yunsNew Member
asked in Security Posture Management
Establish an access control system(s) : IAM Policies with Effect as Allow and Action with sts:AssumeRole for CrossAccountArn

hello,in reagrds to this CSPM findings “Establish an access control system(s) : IAM Policies with Effect as Allow and Action with sts:AssumeRole for CrossAccountArn”which is being flag for AWSControlTowerExecution, based on some research i have dont the issue is bc this roles have an excessive permissions, however this are default roles created by controltower, hence how can we work this finding out to remediate ? or is this a false positive as im being advice bc control tower has a principal in it limits who can use the role.however I wanted to bring it to the community to see if some has a better understanding of this and can help me understand if it is in fact  a FP or how can this be remediated effectible? 

200
Y
corantoba
Netskope Partner
corantobaNetskope Partner
asked in Security Posture Management
Kill client's process or service without authorization

Hello everyone, is it possible to control that a user closes the process or service associated with the Netskope client?As far as I know, I can control a user to disable the client but this leaves the user the ability to kill the client process and thus navigate outside Netskope.

12143
G
eliot
eliotNew Member III
posted in Security Posture Management
Watch the new SSPM demo video! Featuring new apps, upgraded UI, and 3rd party OAuth app security

Hey everyone!   Check out our new demo video to learn why SaaS Security Posture Management (SSPM) is a key component of CASB that is providing much needed visibility and risk assessment of all the resources hidden in your SaaS environments.     This demo features: New SaaS apps. Microsoft SharePoint, MS Exchange, MS Defender, Azure AD, Google Workspace, Confluence, and Jira. We now support 14 total SaaS apps. Industry-leading security configuration monitoring. 500+ predefined rules and 12 best practice and industry compliance policies. 3rd party OAuth app security. Continuous real-time visibility and dynamic, customer-specific risk assessment of marketplace and custom 3rd party apps.   Please reach out if you have any questions or would like more information about how SSPM + CASB work together to provide you comprehensive data protection for your SaaS apps. Happy to chat anytime!   Thanks! Eliot   -- Sr. Director, Cloud Security Product Manage

2602
B
cameronstephens
cameronstephensNew Member
asked in Security Posture Management
Can an Azure AD App Assign Specific Console Admin Roles?

Hi, I have the customer's Azure AD configured to allow admin access to the Netskope console via group membership, but all users who login have the tenant admin role by default. I know I can go in and change their individual roles manually but is there a way to create a new enterprise application that assigns the Security Admin role (or any other) by default instead? If so, can you please advise on the required config? Thanks.

1273
qyost
G
Netskope Partner
gianvikl12Netskope Partner
posted in Security Posture Management
MacOs Classification - Managed Device

Hi Netskope Community, I'm interested in obtaining further details about the processes required to differentiate between managed and unmanaged devices based on Netskope processes. My specific use case is that a device is considered "managed" when the Netskope processes specific to MacOS devices are detected. However, to proceed with the implementation, we must know the following details: 1. List of specific processes to be included. 2. The exact format in which process names for MacOS devices should appear (example: processname.format). 

1302
G
Netskope Partner
G
Netskope Partner
gianvikl12Netskope Partner
posted in Security Posture Management
iOS + Android Classification (Managed)

Hi everybody, I'm interested in obtaining further details about the processes required to differentiate between managed and unmanaged devices based on PEM certificate for iOS Device and pair value-key for Android Device.  My specific use cases involve a device being considered "managed" when the certificate or this key-value pair is found by the netskope client. However, to proceed with the implementation, we must know the following details:Configuring iOS Devices with PEM Certificate - We are trying to configure managed iOS devices with a PEM certificate. I would like to know if I need to generate this certificate ad-hoc or if it is available on our MDM (Workspace ONE) or Netskope tenant. Also, I would like detailed instructions on how to configure iOS devices using Workspace ONE and on the Netskope console based on this scenario. Configuring Android Devices with Value and Key - We have entered the value-key into the MDM of Workspace ONE for Android devices. We would like to

802
G
Netskope Partner
M
mehmetbaskanNew Member III
posted in Security Posture Management
Can we manage SFTP traffic thru Netskope

Team, I have a allowed users list for a SFTP application. Can we manage the SFTP traffic thru Netskope Proxy ? 

4953
kvarshney
asujanani
Netskope Employee
asujananiNetskope Employee
posted in Security Posture Management
Detecting Super-Admin OAuth Tokens in Google Workspace with Netskope SSPM

Netskope SaaS Security Posture Management (SSPM) is a powerful, highly customizable platform which brings the security configuration and asset management of your entire SaaS portfolio under one umbrella. In our series of articles within the Netskope Community Site, we showcase some powerful capabilities and use cases to take your posture management to the next level.   In this article, we show you how you can use NGL to traverse the graph structure we use for modeling supported SaaS platforms to address advanced use cases for security, compliance and monitoring within your environments. The article is intended for a Google Workspace security administrator who has already onboarded their tenant to the platform and has an elementary understanding of how the Netskope SSPM platform works. For more information on how to get started with using SSPM with Google Workspace, you can view our earlier article on Securing Google Workspace.   Consider a User within Google Workspace, who is

1410
asujanani
Netskope Employee
Dansfer4676
Netskope Partner
Dansfer4676Netskope Partner
posted in Security Posture Management
SSPM Supported Profiles

Hello team,We need to develop a custom template for a customer in order to monitor some specific settings in their configuration.Does Netskope allow the inclusion of custom SaaS Security Posture profiles?

441
A
Netskope Employee
AlanMak
Netskope Employee
AlanMakNetskope Employee
posted in Security Posture Management
SSPM : Monitoring Salesforce Delegated Group settings with SSPM

During the development of Netskope Next Generation SaaS Security Posture Management (SSPM )  capabilities, one key decision was made to replicate the data models and resource relationships of the monitored systems as closely as possible with our graph-based engine. This choice has yielded a significant advantage, allowing us to swiftly adapt to changes and new features within the target systems represented in our model whenever the need arises.   An illustrative case is the management of Salesforce Delegated Group policies through SSPM. Delegated administration is a feature that permits Salesforce administrators to grant specific users (and user groups in the future) in designated roles the authority to manage users even profiles on their behalf. The Salesforce Spring ‘23 update introduced the ability to access Delegated Group Information via their API. This update allowed Netskope SSPM to add support for these resources, as managing delegated group policies pr

730
AlanMak
Netskope Employee
asujanani
Netskope Employee
asujananiNetskope Employee
posted in Security Posture Management
SSPM: Securing Google Workspace

Similar to our earlier showcasing of Microsoft365, AzureAD and Salesforce, we have decided to dive deep into the Google ecosystem for enterprise SaaS. We have recently added Google Workspace components to our SSPM (SaaS Security Posture Management) solution.    Following suit with our other app-suites, customers that are on our SSPM platform will have access to filter and view their Google Workspace assets from the Inventory view, as well as out-of-the-box predefined rules, control mapping into a variety of compliance standards and domain categories, and the ability to execute custom queries and rules for continuous monitoring using Netskope Governance Language (NGL). Using the Google Workspace Admin-SDK as a source of truth, we pull all available information related to the following components:: - Domains - Roles and Privileges - RoleAssignments  - Third-party application tokens - Users ... with more on the way.   How do you find these attributes and components? We

1350
asujanani
Netskope Employee
P
PearsonJNew Member III
asked in Security Posture Management
Essential 8 - Restrict Web Access for Admin Accounts

Good Afternoon folks We're pretty new to Netskope, so please excuse me if this is the wrong place for this question or if it's a particularly basic question, and we're going through the Eseential 8 security process at the moment. To that end, we're looking to prevent Admin accounts from being able to access the internet when logged into machines with Netskope installed. Is this something that Netskope is capable of? I'm assuming it's a policy that we can roll out to a created group of users? Thanks very much

1994
S
W
WinderSNew Member
asked in Security Posture Management
Cloud Exchange Bad Gateway error

Hi Im having similar issues as others are when launching CE UI portal.https://community.netskope.com/t5/Additional-Discussions/Cloud-Exchange-not-staying-up-Bad-Gateway/m-p/2139I ran the ./setup but no luck. Changed the UID and GUID of the following folders to 1001 and ran the ./setup, but it keeps reverting back to 999https://community.netskope.com/t5/Additional-Discussions/Cloud-Exchange-Docker-containers-failing-to-start-upon-reboot/m-p/1271 Any ideas please?THanks Winder, 

4414
W
ekorhonen
Netskope Employee
ekorhonenNetskope Employee
posted in Security Posture Management
Securing Workday Accounts with Netskope Governance Language (NGL)

Managing security group configurations and maintaining tight control over organization relationships are critical factors in safeguarding Workday deployments from potential security breaches. Organizations need a comprehensive solution that not only enables them to manage user access efficiently but also empowers them to identify and address security compromising anomalies in their configuration. Among her many other talents, the Netskope SaaS Security Posture Management (SSPM) can help system administrators streamline security group management and detect policy violations within Workday deployments. With this article, we'll present a few practical recipes you can deploy with Netskope SSPM to monitor and harden your Workday deployment.   Unlike other solutions on the market, Netskope's approach is based on building an up-to-date model of the target systems as accurately as possible. We provide our administrators complete visibility to this model and the tools to navigate and

2130
ekorhonen
Netskope Employee
J
Netskope Partner
jromanoNetskope Partner
posted in Security Posture Management
CSPM - Query for AWS Instances

Dear community, I am needing to query by API the instances configured for AWS cloud in CSPM. In the official documentation I find queries for creation, deletion or modification but no list of IaaS instances in API Protection. Try to solve it with these links:https://docs.netskope.com/en/manage-multiple-aws-accounts.htmlhttps://docs.netskope.com/en/list-app-instances-354239.htmlhttps://docs.netskope.com/en/rest-api-v1-overview.htmlRegards

536
J
Netskope Partner
ekorhonen
Netskope Employee
ekorhonenNetskope Employee
posted in Security Posture Management
Getting started with Netskope Governance Language (NGL) with Salesforce

Netskope’s new graph-powered SaaS Security Posture Management (SSPM) engine can help security analysts investigate root causes and identify repeating patterns for all kinds of security misconfigurations. To help one get started with the SSPM and the powerful queries made available by the Netskope Governance Language (NGL), we’ve collated this post to show you some easy sample investigations you can perform in Salesforce environments.   Netskope Governance Language (NGL) is a rule description language created by Netskope to allow for the most granular and specific expression of security policies. With NGL, enterprises can create policies that go beyond the traditional configuration value checks to express complex rule logic that take into account the unique needs of their business infrastructure. In this article, we'll show you how to use this language with some handy queries, rules and workflows you can easily copy and modify to the needs of your own organization. For more informa

2390
M
Netskope Employee
J
jstocksNew Member
posted in Security Posture Management
Automated remediation in Azure

In this article we show how to set up an automatic remediation workflow in Azure, leveraging the APIs available in Netskope’s Cloud Security Posture Management. We’ll show how a security rule can be automatically remediated in Azure, and we’ll show how that remediation can happen  either based on a time trigger or a HTTP trigger.   This workflow can be used for many types of violation, in this article we will be considering the use case where we want to remedy a violation where an Azure key Vault does not have purge protection enabled.   The source code is available at https://github.com/netskopeoss/CSPM-Azure-AutoRemediation Setting Up   Netskope SPM detects violations for key vaults where purge protection is disabled as a part of the rule: Ensure KeyVault is recoverable. In this solution there are two Azure function apps involved. The first is a FetcherForKeyVaultRecoverableHTTP used for getting a list of violating resources from Netskope SPM. The second is a

940
ekorhonen
Netskope Employee
ekorhonen
Netskope Employee
ekorhonenNetskope Employee
posted in Security Posture Management
Getting started with Netskope Governance Language (NGL) with Azure AD

Netskope’s new graph-powered SaaS Security Posture Management (SSPM) engine can help security analysts investigate root causes and identify repeating patterns for all kinds of security misconfigurations. To help one get started with the SSPM and the powerful queries made available by the Netskope Governance Language (NGL), we’ve collated this post to show you some easy sample investigations you can perform with Azure AD / Microsoft 365 environments. To get to the Next Gen SSPM features and NGL from the Netskope main view, one needs to navigate to “API-enabled Protection -> Security Posture (Next Gen) -> Inventory” and click the icon on the right side of the filters toolbar. This opens up the NGL query tool which we will be using for the rest of the article.   The most basic use case for NGL would be to simply list resources by their type. Since NGL is a pattern matching language designed to identify which resources comply with a given criteria, we need to formulate our quer

1620
ekorhonen
Netskope Employee
M
mehmetbaskanNew Member III
asked in Security Posture Management
Netskope Status

Hi Guys,Does anyone know a site to check on Netskope Proxy status in Real Time ?

86413
qyost
N
nkingNew Member III
posted in Security Posture Management
CSPM Auto remediation for GCP

In this article we’ll demonstrate how you can implement automatic remediation for security posture violation findings discovered by Netskope Cloud Security Posture Management (CSPM).   Netskope CSPM continuously assesses public cloud deployments to mitigate risk, detect threats, scan and protect sensitive data and monitor for regulatory compliance. Netskope simplifies the discovery of security misconfigurations across your clouds. Netskope Auto-Remediation framework for GCP enables you to automatically mitigate the risk associated with these misconfigurations in your GCP cloud environment.   Netskope CSPM security assessment results for such security benchmark standards as NIST, CIS, PCI DSS, as well as for your custom rules are available via the View Security Assessment Violations Netskope API.   Netskope auto-Remediation solution for GCP deploys the set of GCP Cloud functions that query the above Netskope API on the scheduled intervals and mitigates supported violation

1160
N

Badge Winners

Show all badges

Not finding what you're looking for?

Don't be shy and let us know about your challenge.

Ask your question here!
Terms & ConditionsCookie settings