Hear from our security engineers as they demonstrate how CE's three integration pillars of Cloud Threat Exchange (CTE), Cloud Ticket Orchestrator (CTO), and Cloud Risk Exchange (CRE) connect Netskope to the tools we already rely on, turning isolated signals into coordinated, automated action.
Learn how to:
-
Automatically ingest curated threat feeds and STIX-formatted IOCs from Feedly's AI-powered intelligence engine and any TAXII-compliant source
-
Bidirectionally share email-borne threat indicators from Mimecast and endpoint-detected IOCs from CrowdStrike Falcon
-
Propagate AWS infrastructure threat findings from GuardDuty and supply chain risk signals from GitHub directly into Netskope's threat intelligence pipeline
-
Feed Mimecast email threat signals into Netskope's User Confidence Index (UCI), dynamically adjusting cloud access policies
For more information, check out our blog post.
View past events in this series!
Check out some customer questions below, or feel free to comment and continue the discussion!
Q: Can I also use CTE to send IOCs and artifacts to other systems? E.g. XDRs?
A: We have a couple of native 3rd-party plugins for CTE. Custom plugins for CTE may be created with the assistance of the CTE developer's guide, found here.
Q: Is ProofPoint also supported, or just Mimecast?
A: Yes, we support ProofPoint. More information may be found here.
Q: Do you support integration with Zendesk?
A: At the moment, we do not have a direct integration with Zendesk. We do support using our Notifier or webhook. If you need to have a plugin created, please submit a request with your account team. Another option would be to develop a custom plugin, directions may be found here.
Q: Do you support integration with SentinelOne?
A: We do support Sentinel One, information on it may be found here.
Q: What options are available for searching for IOCs that may have changed status and, when enabled on the platform, block legitimate sites such as Azure?
A: Go to Threat Exchange and locate the threat IOCs section. Inside this section, you may search and take actions based on your requirements.
Q: Can you cover how to bidirectionally share email-borne threat indicators from Mimecast and endpoint-detected IOCs from CrowdStrike Falcon?
A: We have bidirectional sharing with CrowdStrike and others. A good example of this type of sharing may be found here.
Q: Are any other email security products supported for this integration, other than Mimecast?
A: We support quite a few 3rd-party plugins, information may be found here.
Q: Since y'all eat your own dog food, how many times have y'all had a really bad morning that you were able to prevent from impacting customers?
A: We do have some great stories! A lot of the stories will go untold, but one that I fondly remember was implementing a just released Beta which affected over 3,000 users. Since we work closely with our product managers, the fix was really quick and did not need an emergency hot fix given how "fresh" the feature was and limited deployment.
