When it comes to cloud security, sharing information across tools and infrastructure is critical to cover key threat vectors and use cases. The Netskope Active Platform was designed from the ground up to facilitate sharing deeply contextual cloud usage details with 3rd party systems, such as SIEM and EDR, using an open, REST API-based approach.
I am happy to announce that Netskope continues to promote information sharing and is partnering with Cisco to provide deep cloud context to the Cisco Platform Exchange grid (pxGrid). You can learn more about pxGrid here but, essentially, pxGrid enables multivendor, cross-platform network system collaboration across IT infrastructure such as security monitoring and detection systems, network policy platforms, asset and configuration management, identity and access management platforms, and virtually any other IT operations platform.
The Netskope Active platform will share deep contextual cloud usage details covering all cloud app usage sources including sanctioned and unsanctioned and whether access is from a browser, mobile app, or sync client. Netskope makes that rich data available to pxGrid so enterprises can get the visibility they need to put a plan in place to prevent sensitive data leakage, protect against threats, and safely enable the cloud. Here is a look at the Netskope Active Platform and the deep cloud context Netskope brings to pxGrid:
Netskope discovers both unsanctioned and sanctioned cloud apps and assesses the enterprise-readiness of each one using 50+ criteria. Netskope also differentiates between corporate and personal instances of an app such as corporate OneDrive vs. a user’s personal OneDrive.
Netskope decodes granular activity-level details at the API level. This results in visibility into 50+ activities such as share, edit, save, view, post, upload, and many more.
Core data characteristics such as name, size, type, and owner are decoded by Netskope. Details for both content and metadata are extracted and DLP profile information is also covered as part of data-level visibility.
Netskope also captures detailed information about user credentials, group and OU connected to cloud usage. This also includes details about both the “from” and “to” user involved in cloud activities and reporting on user credentials that have been compromised in a past data breach.
Netskope provides details about the device that is involved in cloud activities. This includes the browser, OS, and whether the device is unmanaged or managed.
Netskope provides details about both the network and geolocation involved in the cloud activity.
With the deep cloud usage context that Netskope provides to pxGrid, here is an example of some of the use cases that are enabled with this integration.
- Get visibility into data exfiltration activities taking place from sanctioned apps like Office 365 to unsanctioned apps like Dropbox
- See sharing activities taking place of sensitive data like PHI to users outside of my company
- Alert on any downloads from sanctioned apps to mobile
- See all sensitive content in sanctioned apps regardless of when it was uploaded
- Detect malware in sanctioned apps
It is also worth noting the customers that have deployed the Netskope Active Platform have the ability to leverage this cloud usage context to perform real-time policy enforcement and threat protection with actions and workflows that include quarantine, legal hold, encrypt, block, and user coaching.
You can learn more about Netskope at www.netskope.com and about Cisco pxGrid at https://developer.cisco.com/site/pxgrid/discover/overview/