Closed-loop cloud incident management across SaaS, IaaS, and web

Respond quickly and thoroughly to cloud and web policy violations

Netskope Incident Management

Cloud access security brokers (CASBs) can deliver important new insights about your cloud and web use, but you and your team may be concerned about how to handle these new alerts on top of the high volume of alerts you already receive from your existing security solutions.

Netskope offers the most comprehensive incident management functionality in a CASB and web security platform to help your security team respond quickly and thoroughly to cloud policy violations. Closed-loop administrative and remediation workflows facilitate the end-to-end incident management process. Detailed forensics provide your security analysts with a comprehensive view of each incident to drive informed decisions, and event-by-event incident history interlaces all activities for a given incident to help your team track progress and confirm and report on incident resolution. Coupled with customizable role-based access controls, your team can tailor the Netskope platform to your specific incident response process and the needs of your team.

Principales fonctions

Closed-loop workflows

Manage your end-to-end incident management process from incident creation through resolution with closed-loop workflows. Administrative workflows help your team manage incidents by assigning owners, escalating, adding notations, and more. Flexible remediation workflows provide your analysts with options to interact with users and quickly protect sensitive data.

  • Admin workflow: assign owners, update status, manage severity, escalate, and add tags/notations
  • Remediation workflow: notify users, protect sensitive data, make exceptions, manage false positives
Incident details

Netskope gives you a comprehensive view of each incident, including the policy triggered, any actions taken and the sensitive data in context. Netskope also gives you a range of additional information including identity, service or website, activity, and data, giving you full context to help drive well-informed decisions.

  • Specific data that triggered violation is highlighted along with the policy trigger and a count of violations
  • Additional context includes user, device, location, service or website, and activity
Audit trails

Event-by-event incident history interlaces all activities for a given incident, including user activities, automated policy triggers and actions, and actions taken by admins and analysts. With a detailed timeline for each incident, your team can track progress, and confirm and report on a successful resolution.

Customized roles

Using customizable role-based access control, Netskope gives you the ability to define custom administrator and analyst roles to tailor Netskope incident management capabilities to your personnel and processes.

  • Define custom roles by organizational scope, including group, location, service or website, and more
  • Options to limit access to admin functions and obfuscate sensitive data

Les plus grandes entreprises lui font confiance

Principaux scénarios d'utilisation

Assign analyst

When a violation occurs, quickly route the incident to an analyst to review the quarantined content with full context. After the analyst takes the appropriate action, mark the incident as resolved with complete audit trail available for later review.


Use role-based access control to define administrators for the key sanctioned services used by your organization. Give service admins the ability to view policy violations associated with their designated service to assist with incident response and participate in the development and tuning of policies for your key sanctioned services.

Internal audit

Define auditor roles with a read-only view of incidents. Auditors can use filters to review incidents by time period, severity, incident status, and more. Auditors can also drill down into incident detail, with sensitive data obfuscated if needed, and review the complete history of an incident to confirm resolution.

Netskope’s new and intuitive user experience – blog

Learn more about Netskope's new and intuitive user experience that allows security professionals to quickly drill-down to the most relevant data or pivot across the most common views for fast investigations with a single click. In Incidents, administrators can investigate incidents of all types, including DLP, anomalies, compromised credentials, and malware.

En savoir plus

Netskope DLP — data sheet

Learn how Netskope’s single policy engine can protect you data across SaaS, IaaS, and web, whether accessed from users on premises, mobile, or remote and from a browser, mobile app, or sync client

En savoir plus

Vous voulez voir Netskope en action ?

Demander une démo