New Cloud TAP Traffic Capture for Netskope One Security Service Edge (SSE)

Ensuring cloud traffic visibility in remote working environments

In today’s remote and hybrid work settings, we are now more dispersed. The main place to collect and store traffic data is in the cloud. Networking, infrastructure and operations, and security teams require traffic visibility for troubleshooting, performance monitoring, threat detection, discovery of assets, and to address compliance use cases. As security service edge (SSE) solutions move traffic to cloud security platforms, new challenges arise. These platforms offer data and threat protection. They also inspect traffic to offer adaptive access controls based on zero trust principles. However, this shift creates a new blind spot for cloud traffic.

Through collaboration texting with peers, it is common when troubleshooting to see requests to get a network traffic packet capture, or PCAP for more details. Network TAPs (test, terminal, or traffic access points) are popular on-site with physical networks to capture network traffic and on endpoints, however, what about cloud egress traffic for users and branch offices within SASE architecture using SSE cloud gateways? For visibility, a Cloud TAP is required and Netskope is providing the solution for customers within an early access program for non-production environments of 100-200 users for a single data center location.

Initial use cases include threat detection for command-and-control communications and other hard to detect evasive threats. Performance monitoring of specific SaaS applications critical for user experience and business outcomes is another popular use case. Monitoring network performance helps find issues. Quick traffic capture details can assist in fixing these problems which give a broader view of the situation. This use case list will likely expand as customers and partners analyze cloud traffic data with the new visibility Cloud TAP provides.

More specifically, the Netskope Cloud TAP solution captures traffic between a managed endpoint with Netskope Client or branch offices using IPsec or GRE tunnels and the Netskope cloud security platform. This TAP location provides user attribution details and sends the captured traffic with enriched details including app risk ratings to a cloud-based object store in AWS, Azure, or Google Cloud Platform (GCP). Also, given that most traffic today is TLS encrypted, session keys are also securely provided.

Enhancing control with Netskope Cloud TAP and Netskope One SSE integration

Within the customer-managed cloud environment for the object store of traffic data in the image above, Netskope provides a tool to decrypt, play, and capture PCAPs, plus share data with third-party integrated solutions including network detection and response (NDR) and network performance monitoring (NPM) solutions. Keeping the object store, tools, and third-party solution in the same cloud infrastructure also reduces fees for data movement. Today, the Cloud TAP solution works within a region and will expand to support traffic captures across regions. 

The real power shows up when you combine the visibility of Netskope Cloud TAP with the visibility and control of Netskope One SSE, with its ability to decode application API communications in real-time for next generation secure web gateway (NG-SWG) and cloud access security broker (CASB) inline policy controls. This decoding enables visibility of content and context to enable real-time user coaching for safer alternatives, collecting justifications for activity, or alerts about risks, and acts like a GPS guidance solution during business transactions. Adaptive access controls also consider the context of user, app, activity, device, data sensitivity, and other variables to make real-time policy decisions also at the time of business transactions. The result is granular traffic captures and policy controls in one platform, console, policy engine, and client.

Customer and partner feedback has been positive for this Cloud TAP innovation to Netskope One SSE. If you would like to learn more, please contact your Netskope representative or reach out to us here.