Enabling Design-Driven, Real-Time Insights At Scale

“If you want total security, go to prison. There you’re fed, clothed, given medical care and so on. The only thing lacking… is freedom.”

This quote from Dwight Eisenhower isn’t in reference to cybersecurity, but if you are a CISO you probably know a similar quote about how modern security tools make it seem like you need to trade off usability, flexibility, and scalability for “total security.” In an industry full of narrowly focused products, vendors seem to often assume: a) high level of technical expertise from security teams, b) well-defined security processes and similarly organized teams, and c) security takes precedence over user/business needs at all enterprises.

These flawed assumptions result in convoluted products that require specialized training, are cumbersome to manage, and force enterprises to forego simplicity and scalability for protection. While many consumer and enterprise products have moved to offer an ‘Apple-like’ experience for users, security products seem to lag behind.

Today, we announced the release of new advanced analytics and visualization capabilities for the Netskope Active Platform to address these challenges and disrupt the notion that user experience needs to suffer in order to achieve security.  When we set off on this journey, we could not imagine that we would touch everyone across the entire company from sales, marketing, support,  customer success, product management and engineering.  

Our goal was to understand a day in the life of our customers – whether they are a Chief Information Security officer or a Security Forensics analyst. We approached this with a design-driven process led by our user research and experience team. This entailed full immersion in understanding our customers’ day-to-day tasks and challenges via on-site visits, as well as in-depth interviews with dozens of Netskope customers. Our team internalized the demands faced by security teams as they work to keep up with the pace of enterprise cloud adoption, stay ahead of evolving threats, and deal with the vast amounts of data that they had to parse through to meet their business security goals.

As part of this process, and in parallel with our immersive customer work, our backend engineering team also explored how to scale our analytics stacks, as the rapid adoption of the cloud has demanded that Netskope scale from processing the multiple billions of transactions we do today toward hundreds of billions of transactions.

We zeroed in on an approach that integrates multiple big data analytics engines, one engine that is optimized for fast ingestion of data and another that is optimized for fast sorting and grouping of data. This enables us to aggregate data from multiple billions of cloud transactions across millions of on-premises and remote users, and thousands of sanctioned and unsanctioned cloud applications in use at our customers. It also lets administrators perform ad-hoc, real-time queries that group, filter, and drill-down on data across the entire enterprise’s cloud activities.

The new and intuitive user experience allows security professionals to quickly drill-down to the most relevant data or pivot across the most common views for fast investigations with a single click. Each user can build a customized view of information tailor-made to their needs and role by selecting or customizing from an extensive widget library, allowing them to focus on the areas that matter most to them.

Users can drill-down from any summary data in dashboards or incidents to the underlying events with the granular detail required to provide the necessary context to investigate an incident. Specific filters allow for detailed investigations on applications, user identity, cloud service, activity, how the file is shared, location, and more. Clicking into the details maintains filters and context to allow for continued data analysis.

The new Incidents section allows administrators to investigate incidents of all types, including DLP, anomalies, compromised credentials, and malware.

Netskope provides a decisive verdict on any malware, allowing security analysts to make quick decisions and avoid alert fatigue. Analysts also have access to deep forensics to support on-demand investigations through detailed static & dynamic analysis of suspicious entities, decomposed file components, and by flagging malicious indicators and behaviors.

Compliance officers get actionable insights on DLP violations with the new incident management framework. Multiple events from Data Loss Prevention – including those that resulted from fingerprint based matches across structured and unstructured data can get rolled up into a single incident that triggers policy-based remediation and notification.  Administrators can drill even deeper into DLP violations and incidents, detailing exposures and policies associated with specific incidents in a single click.

We’re very excited about where this journey has led us but even more excited by what we see over the horizon. Infusing a design-led process throughout the company has not only brought all the Netskope teams together but more importantly, allowing us to see the world through the lens of our customers has brought focus on solving the problems in a way that delights our customers. As we have started rolling this new experience to our entire customer base over the next few weeks, it’s been gratifying to see the reactions of our initial customers as we’ve helped them simplify their day-to-day workflows.