閉める
閉める
明日に向けたネットワーク
明日に向けたネットワーク
サポートするアプリケーションとユーザー向けに設計された、より高速で、より安全で、回復力のあるネットワークへの道を計画します。
          Netskopeを体験しませんか?
          Get Hands-on With the Netskope Platform
          Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
            SSEのリーダー。 現在、シングルベンダーSASEのリーダーです。
            SSEのリーダー。 現在、シングルベンダーSASEのリーダーです。
            Netskope、2024年Gartner®社のシングルベンダーSASEのマジック・クアドラントでリーダーの1社の位置付けと評価された理由をご確認ください。
              ダミーのためのジェネレーティブAIの保護
              ダミーのためのジェネレーティブAIの保護
              Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
                Modern data loss prevention (DLP) for Dummies eBook
                最新の情報漏えい対策(DLP)for Dummies
                Get tips and tricks for transitioning to a cloud-delivered DLP.
                  SASEダミーのための最新のSD-WAN ブック
                  Modern SD-WAN for SASE Dummies
                  遊ぶのをやめる ネットワークアーキテクチャに追いつく
                    リスクがどこにあるかを理解する
                    Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
                        レガシーVPNを完全に置き換えるための6つの最も説得力のあるユースケース
                        レガシーVPNを完全に置き換えるための6つの最も説得力のあるユースケース
                        Netskope One Private Access is the only solution that allows you to retire your VPN for good.
                          Colgate-Palmoliveは、スマートで適応性のあるデータ保護により「知的財産」を保護します
                          Colgate-Palmoliveは、スマートで適応性のあるデータ保護により「知的財産」を保護します
                            Netskope GovCloud
                            NetskopeがFedRAMPの高認証を達成
                            政府機関の変革を加速するには、Netskope GovCloud を選択してください。
                              Let's Do Great Things Together
                              Netskopeのパートナー中心の市場開拓戦略により、パートナーは企業のセキュリティを変革しながら、成長と収益性を最大化できます。
                                Netskopeソリューション
                                Netskope Cloud Exchange
                                Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.
                                  Netskopeテクニカルサポート
                                  Netskopeテクニカルサポート
                                  クラウドセキュリティ、ネットワーキング、仮想化、コンテンツ配信、ソフトウェア開発など、多様なバックグラウンドを持つ全世界にいる有資格のサポートエンジニアが、タイムリーで質の高い技術支援を行っています。
                                    Netskopeの動画
                                    Netskopeトレーニング
                                    Netskopeのトレーニングは、クラウドセキュリティのエキスパートになるためのステップアップに活用できます。Netskopeは、お客様のデジタルトランスフォーメーションの取り組みにおける安全確保、そしてクラウド、Web、プライベートアプリケーションを最大限に活用するためのお手伝いをいたします。

                                      The Key to Solving Ransomware, Insiders, and Data Theft

                                      Nov 02 2021

                                      The common theme across ransomware, insider threats, and data theft is the exfiltration of data. While threat research labs usually publish the process steps of ransomware encryption, keys, and disk clean-up, the parts about accessing the data and exfiltration are often left out. Also, one security solution does not solve the problem itself, making partner integrations vital to the success of security solution stacks. Using the perspective of access and security posture, data protection and policy controls, threat protection, and analytics we can analyze these four pertinent security issues. 

                                      First, for access and security posture we know compromised remote access accounts (SSH, RDP, VPNs) are sold in the underground to enable ransomware operations. Netskope Threat Labs (NTL) research shows that 35% of IaaS/PaaS workloads are publicly exposed when the default posture is closed and secure. Enabling Zero Trust Network Access (ZTNA) to increase remote access security, plus federating SSO/MFA to apps and cloud services greatly reduces risk exposure. Adding cloud and SaaS security posture management (CSPM, SSPM) is an easy API-based deployment to add security and configuration checks, plus compliance validation.

                                      Second, for data protection policy controls, NTL research notes a 300% increase in data exfiltration from company app instances to personal app instances in the last 30 days of employment, with 74% of this data flow specifically into personal Google Drive instances. So, your office reopening announcement may spur some of this data exfiltration activity as employees seek new jobs favoring their preferences for continued remote work. Plus, the data flows occur not just when employees are exiting. On average, a user on a managed device copies 20 company files to personal apps per month with source code being the third most popular file type exfiltrated. This makes data protection policy controls between company and personal instances of popular cloud storage apps extremely vital in your security stack. But it’s a capability most legacy allow/deny security defenses lack.

                                      Third, for threat protection, NTL research notes 68% of malware is cloud-delivered, more specifically from personal or rogue app instances of cloud storage apps. While the enterprise-grade version may include malware and ransomware defenses for company-managed apps, the reality is the great unwashed mass of free and personal instances are the primary culprit. While inline defenses for web and cloud traffic inclusive of app instances are required, missing over two-thirds of malware delivery is unacceptable. To further reduce risk exposure, use remote browser isolation (RBI) for risky websites, cloud firewall egress controls on ports and protocols to block exfiltration paths, and leverage behavior analytics to detect anomalies for logins, data activity (bulk downloads, uploads, deletes), company to personal instance data flows, and rare events.

                                      Fourth, with analytics, we can detect unknown data flows and exfiltration given our inline capabilities provide extensive app and cloud visibility and control. We can also see the use of risky apps often freely adopted by business units and users as 97% or more of apps are not IT managed and an average-sized company has more than 800 distinct apps. Reducing the duplication of cloud storage apps and understanding how company data flows into personal instances is key with analytics. This enables a closed-loop process to upgrade and mature policy controls using analytics with real-time coaching to users in alerts and recommending safer alternatives to migrate away from risky activities and apps. 

                                      As stated at the beginning, partner integration is key to success here as no one solution solves these issues alone. Netskope provides integration tools with the Cloud Exchange platform at no extra charge to customers in the following ways: 

                                      • Cloud Threat Exchange (CTE) enables automated bi-directional IOC sharing within a customer security stack, for example between Netskope and CrowdStrike for the latest ransomware intelligence. 
                                      • The Cloud Risk Exchange (CRE) enables the sharing of risk ratings between solutions, for example, Netskope user risk ratings (UCI) or CrowdStrike zero trust assessment scoring for endpoints.
                                      • The Cloud Ticket Orchestrator (CTO) automatically creates service tickets from Netskope alerts within IT service management and collaboration tools including ServiceNow, Jira, PagerDuty, and Slack to automate response workflows. 
                                      • For investigation details, the Cloud Log Shipper (CLS) exports Netskope logs to desired SIEMs and data lakes to enable security operations or XDR/MDR services.

                                      The broader perspective across access and security posture, threat and data protection, analytics, and security stack integration is what is required to address ransomware, insiders, and data theft. The narrow perspective also informs us to closely inspect personal app instances for cloud threat delivery and data exfiltration as evidence continues to build making it the high-risk zone. 

                                      Learn more in our Cloud Exchange presentation Leverage the Power of your entire Security Stack with free Cloud Exchange toolset at SASE Week with David Willis on November 2nd at 2pm for North America and European audiences. For Asia-Pacific and India regions, the presentation is on November 9th at 2pm the following week.

                                      author image
                                      Tom Clare
                                      Tom Clare is a Product Marketing Director, his focus at Netskope centers on product strategy with marketing experience in web/cloud proxies, data protection, and more.
                                      Tom Clare is a Product Marketing Director, his focus at Netskope centers on product strategy with marketing experience in web/cloud proxies, data protection, and more.

                                      Stay informed!

                                      Subscribe for the latest from the Netskope Blog