We measure and test things that are important in our lives, from credit scores to blood pressure. For cybersecurity, testing threat protection defenses is an expected benchmark. Netskope recently completed a set of anti-malware tests with AV-TEST, an independent anti-malware testing lab based in Germany with one of the world’s largest databases of malware samples. Every second, AV-TEST discovers four to five new malware variants. This sums up to around 10 million new malware every month, or more than 1.35 billion malware objects in total which are included in AV-TEST’s database.
In May 2022, AV-TEST performed a test of the Netskope Intelligent Security Service Edge (SSE) threat protection offering, focused on blocking malicious URLs with and without portable executable (PE) files and phishing websites, as well as false positive avoidance. The test evaluates protection at ”time zero,” as well as on differences in the detection found hours later. The full test report can be viewed here.
Netskope Intelligent SSE threat protection was configured with standard and advanced threat defense licenses; security risk categories were blocked, however, uncategorized websites and potentially risky sites including newly registered domains (NRDs) and newly observed domains (NODs) were allowed. Netskope Cloud Firewall was licensed and active in the testing to allow egress web traffic on ports 80/443 for TLS inspection and to block non-web traffic. Remote browser isolation (RBI), patient zero sandboxing to hold files until analyzed as clean, Cloud Threat Exchange for indicator of compromise (IOC) sharing, and user/entity behavior analytics (UEBA) detections and policies were all inactive for this test.
Netskope has been rapidly enhancing threat protection defenses by providing sandboxing in both standard and advanced threat protection, plus inline machine learning (ML) based detection of new malware in PE files to protect from patient zero events. Netskope also continually tunes ML models for detection of phishing URLs, malicious Office documents, and PDFs complemented by multi-stage sandboxing for more than 30 file types with MITRE ATT&CK sandbox reporting. A new sandbox API for file submissions, a RetroHunt API by file hash, and patient zero alerts on newly detected malware provide new ways for SOC teams to integrate their investigation and remediation workflows.
Customers can further enhance threat protection with Netskope Remote Browser Isolation (RBI) of risky and uncategorized websites where no code executes on endpoints, and Netskope Cloud Firewall with egress policy controls across ports and protocols by user, group, and OU with exceptions for FQDNs and wildcards. Security posture for high-risk users (low User Confidence Index or UCI) and destinations (low Cloud Confidence Index or CCI) can also be leveraged in adaptive access policies for enhanced patient zero protection. UCI has been instrumental in detecting malicious insiders, compromised devices, and data exfiltration while CCI covers more than 39,000 app and cloud service risk ratings.
Netskope Cloud Exchange (CE) is free of charge and provides customers with powerful integration tools to leverage investments across their security posture.
Netskope Cloud Threat Exchange (CTE) automates bidirectional IOC sharing between customer security defenses. CTE can make near real-time checks for new IOCs from multiple sources and share the threat intelligence with multiple solutions. As a gateway inspecting web and cloud user traffic in real-time, detection time is less than 10ms for a performant user experience and CTE enables customers to manage timely IOC updates between defenses and their preferred threat intel sources.
Netskope Cloud Risk Exchange (CRE) enables zero trust principles by ingesting and normalizing multiple vendor risk scores including Netskope User Confidence Index (UCI). CRE further provides the ability to invoke investigations for significant changes in user or device risk scoring.
Like your credit score or blood pressure, it takes a continuous effort to improve and maintain desired scores. To provide customers greater confidence in the threat-stopping power of the Netskope NewEdge network, a new industry-first “malware catch-rate” service level agreement (SLA) will be rolled out. This will become part of Netskope’s standard Support and Service Level Terms, and will complement Netskope’s existing industry-best SLAs for uptime/availability and latency (aka speed of security traffic processing).
Learn more by requesting a demo or to run a real-time breach and attack simulation.
