Netskope Global Technical Success (GTS)

Implement Threat Protection Controls for WhatsApp Web using Netskope RBI

Netskope Cloud Version - 122

Objective

Implement Threat Protection Controls for WhatsApp Web using Netskope RBI

Prerequisite

• Netskope CASB Inline
• Netskope RBI (Remote Browser Isolation)
• Backend Flag - ‘E2E Encrypted Apps: Inspection Through RBI’ needs to be enabled on your Netskope Tenant

Context

This document aims to provide a comprehensive guide on implementing Threat Protection controls for WhatsApp Web using Netskope RBI

Do You Know?

WhatsApp can be accessed via a web browser or through its native application:

WhatsApp Web

• Netskope acknowledges WhatsApp web as a Cloud Application and provides a pre-defined cloud app connector.
• As of Jan 15, 2025 with Netskope’s WhatsApp predefined connector, customers can exercise control over the following activities:

Image i

• WhatsApp Web employs end-to-end encryption by default for all activities.
• At the moment, 'Post' activity detection is not available, which means no DLP & Threat Protection control can be applied when a customer posts a message over WhatsApp Web.

WhatsApp Native Application

• The WhatsApp Windows native app utilizes a non-HTTP protocol for all activities, which means we do not support activity detection for this application.

Details

• Step 1: Create a RBI Template

Path: Netskope Tenant UI >>> Policies >>> Templates >>> RBI >>> New Template

Image ii

• Step 2: Create a Real-time Protection Policy (Threat Policy)

Path: Netskope Tenant UI >>> Policies >>> New Policy

a. For this lab recreation, I am creating the policy shown in Image iii. As per Netskope's recommendation, if you already have a Global Threat Protection policy applied to the web category Chat, IM & Other Communication, this additional policy may not be necessary.

b. The snapshot of the policy I’m referring to is included at the end of this article under Author Notes.

Image iii

• Step 3: Add another Real-time Protection Policy (RBI Policy)

Path: Netskope Tenant UI >>> Policies >>> New Policy

a. Browser supports ‘Action: Isolate’

Chrome, Firefox, Edge, Opera, Safari, Yandex

Image iv

• Policy Order

Image v

Verification

• Access WhatsApp Web - https://web.whatsapp.com
• The Netskope logo will be displayed while loading https://web.whatsapp.com, indicating that RBI is in action.

Image vi

• For this lab recreation, I downloaded a test malware file from EICAR's official site and shared it with myself using the WhatsApp Native Client. However, when attempting to download the same file via the WhatsApp Web version, the Netskope Threat Engine detected the malware and successfully blocked the download.

EICAR test malware file attached

Image vii

• Let’s review the transactions 

Path: Netskope Tenant UI >>> Skope IT >>> Application Events 

Image viii

Image ix

Image x

Author Notes

• Threat Protection can only be applied to the WhatsApp Web version, covering upload and download activities. 'Post' activity detection is not available. 
• End-to-end traffic encryption can only be decrypted through Netskope RBI (Remote Browser Isolation). While other platforms also use end-to-end encryption, Threat Protection is exclusively available for WhatsApp Web due to current product design.
• Please note that there is a separate SKU for Netskope RBI. For more information about the SKU, please contact your Netskope Accounts Team.
• For DLP controls on WhatsApp, kindly review - Link
• Sample: Netskope Threat Protection Global Policy - Link

Terms and Conditions

• All documented information undergoes testing and verification to ensure accuracy.
• Netskope Engineering is continuously working on product enhancements. In the future, additional controls may become available to address some of the limitations mentioned earlier. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

Notes

• This article is authored by Netskope Global Technical Success (GTS).
• For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.