Netskope + Crowdstrike

The CrowdStrike Falcon Endpoint Protection Platform binds seamlessly with Netskope’s cloud-native threat protection engine and shares detected IOCs to bolster Netskope’s already-robust malware detection.

Together CrowdStrike and Netskope’s enhanced capability provides joint customers with increased real-time, actionable threat forensics and enhanced malware protection on both endpoint and in the cloud. Netskope can enrich CrowdStrike by sharing data on new cloud-enabled threats discovered within apps, cloud services, and from websites visited by endpoints. In return, CrowdStrike can leverage this data to provide Netskope with details of endpoints which may already be compromised by the threat.

Netskope is able to detect and remediate threats, such as malware, being submitted or residing within cloud services. To close the loop for newly discovered cloud threats, Netskope integrates with CrowdStrike to drive discovery and prevention across an organization’s endpoints. When new malware is discovered in the cloud, Netskope is able to pass the malicious file hash to CrowdStrike and based on this file hash CrowdStrike can alert on affected endpoints and/or prevent the malicious file from executing.

A key benefit of cloud services is the ability to access them from anywhere and from any device. However, unfettered access to unsanctioned cloud services (Shadow IT) is often a vector for malware or more advanced threats to enter an organization. To address this, Netskope provides device classification capabilities that enable the identification of processes running on devices accessing cloud services. Netskope is able to evaluate if the CrowdStrike agent processes are running on Windows and macOS endpoints and apply adaptive access control policies based on the result. For example, Netskope can allow uploads to cloud services only from endpoint devices that are secured by CrowdStrike.