New Cloud TAP Traffic Capture for Netskope Intelligent SSE

For remote work and hybrid working environments where we are now more dispersed the central collection point for traffic captures is within the cloud. Networking, infrastructure and operations, and security teams require traffic visibility for troubleshooting, performance monitoring, threat detection, discovery of assets, and to address compliance use cases. As security service edge (SSE) solutions shift traffic into cloud security platforms for inspection, to provide adaptive access controls based on zero trust principles alongside data and threat protection, a new blind spot emerges for this cloud traffic. 

Through collaboration texting with peers, it is common when troubleshooting to see requests to get a network traffic packet capture, or PCAP for more details. Network TAPs (test, terminal, or traffic access points) are popular on-site with physical networks to capture network traffic and on endpoints, however, what about cloud egress traffic for users and branch offices within SASE architecture using SSE cloud gateways? For visibility, a Cloud TAP is required and Netskope is providing the solution for customers within an early access program for non-production environments of 100-200 users for a single data center location.

Initial use cases include threat detection for command-and-control communications and other hard to detect evasive threats. Performance monitoring of specific SaaS applications critical for user experience and business outcomes is another popular use case. While the overall monitoring of network performance to detect any issues where traffic capture details can quickly assist for remediation provides a wider perspective. This use case list will likely expand as customers and partners analyze cloud traffic data with the new visibility Cloud TAP provides.

More specifically, the Netskope Cloud TAP solution captures traffic between a managed endpoint with Netskope Client or branch offices using IPsec or GRE tunnels and the Netskope cloud security platform. This TAP location provides user attribution details and sends the captured traffic with enriched details including app risk ratings to a cloud-based object store in AWS, Azure, or Google Cloud Platform (GCP). Also, given that most traffic today is TLS encrypted, session keys are also securely provided.

Within the customer-managed cloud environment for the object store of traffic data in the image above, Netskope provides a tool to decrypt, play, and capture PCAPs, plus share data with third-party integrated solutions including network detection and response (NDR) and network performance monitoring (NPM) solutions. Keeping the object store, tools, and third-party solution in the same cloud infrastructure also reduces fees for data movement. Today, the Cloud TAP solution works within a region and will expand to support traffic captures across regions. 

The real power shows up when you combine the visibility of Netskope Cloud TAP with the visibility and control of Netskope Intelligent SSE, with its ability to decode application API communications in real-time for next generation secure web gateway (NG-SWG) and cloud access security broker (CASB) inline policy controls. This decoding enables visibility of content and context to enable real-time user coaching for safer alternatives, collecting justifications for activity, or alerts about risks, and acts like a GPS guidance solution during business transactions. Adaptive access controls also consider the context of user, app, activity, device, data sensitivity, and other variables to make real-time policy decisions also at the time of business transactions. The result is granular traffic captures and policy controls in one platform, console, policy engine, and client.

Customer and partner feedback has been positive for this Cloud TAP innovation to Netskope Intelligent SSE. If you would like to learn more, please contact your Netskope representative.