Netskope Global Technical Success (GTS)

KB - Limitations with WhatsApp (Web Version & Native App)

Netskope Cloud Version - 122

Objective

Highlight limitations associated with WhatsApp (Web Version & Native App)

Prerequisite

Netskope Inline CASB license is required

Context

This document is intended to discuss in detail the limitations associated with WhatsApp concerning its use with Netskope

Details

WhatsApp can be accessed via a web browser or through its native application.

WhatsApp Web

• Netskope acknowledges WhatsApp web as a Cloud Application and provides a pre-defined cloud app connector.
• As of Jan 03, 2025 with Netskope’s WhatsApp predefined connector, customers can exercise control over the following activities:

• WhatsApp Web employs end-to-end encryption by default for all activities.
• At the moment, 'Post' activity detection is not available, which means no control can be applied when an end-user posts a message over WhatsApp Web.
• DLP can only be applied to the WhatsApp Web version, covering upload and download activities. Reference article - Implement DLP Controls for WhatsApp Web using Netskope RBI

WhatsApp Native Application

• The WhatsApp Windows native app utilizes a non-HTTP protocol for all activities, which means we do not support activity detection for this application.
• If the customer wishes to block complete access to the WhatsApp native application, this can be achieved through Netskope

Conclusion

WhatsApp Web

• Visibility and Control: Netskope's visibility and control over WhatsApp usage are limited. With the current product design, only upload and download activities can be monitored.
• Data Protection: Customers with Netskope Extended RBI license can apply DLP controls on DLP to Upload and Download activities. Reference article - Link
• Compliance: Ensuring compliance with regulations and industry standards becomes challenging when using Post activity on WhatsApp.
• Threat Detection: Netskope can detect threats during upload and download activities. Customers with a Netskope Extended RBI license can implement Threat Protection controls.

WhatsApp Native Application

• Visibility and Control: Netskope's visibility and control over WhatsApp usage are limited, especially in encrypted communications. This limitation hampers effective monitoring and enforcement of security policies.
• Data Protection: Due to end-to-end encryption, Netskope lacks the ability to inspect and apply data loss prevention (DLP) policies to WhatsApp communications, compromising data protection measures.
• Compliance: Ensuring compliance with regulations and industry standards becomes challenging when using WhatsApp through Netskope. The platform's limited monitoring and control capabilities may lead to compliance violations.
• Threat Detection: Netskope cannot detect and respond to security threats originating from or targeting WhatsApp usage, such as malware distribution or phishing attacks. Limited visibility and analysis capabilities contribute to this difficulty.

Terms and Conditions

• All documented information undergoes testing and verification to ensure accuracy.
• Netskope Engineering is continuously working on product enhancements. In the future, additional controls may become available to address some of the limitations mentioned earlier. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

Notes

• This article is authored by Netskope Global Technical Success (GTS).
• For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.