Get your copy of Security Service Edge (SSE) for Dummies. Get the eBook

Press Release
Los Altos, Calif.
Oct. 17, 2016

Netskope Expands Threat Protection with Ransomware Detection and Recovery Capabilities

Auto-detection of unauthorized encryption and integrated workflows with app versioning enable rapid recovery from ransomware infection

Netskope, the leader in cloud security, today announced the addition of ransomware detection and recovery capabilities to Netskope Threat Protection. The proprietary method of ransomware detection is an industry first, providing the Netskope Active Platform with the ability to scan sanctioned cloud services for unauthorized encryption due to a ransomware infection and quickly remediate the effects of a ransomware attack without paying a ransom.

With cyber criminals collecting $209 million in the first three months of 2016, ransomware is on track to become a $1 billion crime this year. According to the September 2016 Netskope Cloud Report, 43.7 percent of detected types of malware are common delivery methods for ransomware, including Javascript exploits and droppers and Microsoft Office macros.

Many users can unknowingly spread ransomware through the sync and share mechanisms present in the cloud storage services they use. As most cloud services have many connected endpoints which users rely on to sync, share and collaborate on content, the spread of ransomware throughout an organization in a short period of time becomes very easy, creating a dangerous attack fan-out effect. Leading enterprise cloud storage services have integrated versioning capabilities to facilitate collaboration and protect data. Netskope Threat Protection uses these versioning capabilities in its ransomware recovery capabilities by incorporating an integrated workflow to recover files to earlier, unaffected versions.

“The cloud provides great opportunities for increased productivity through collaboration and sharing, but organizations need to consider myriad risks as they move to the cloud. In the case of ransomware, the versioning capabilities in some cloud services can provide powerful protection when coupled with our new ransomware detection and recovery capabilities,” said Sanjay Beri, founder and CEO, Netskope. “This underscores our belief that the ongoing shift to the cloud will continue to accelerate as more organizations realize the benefits of the cloud without compromising security.”

The Netskope Threat Protection ransomware detection and recovery capabilities examine files that are stored in (or have been synchronized with) sanctioned cloud services, such as Office 365, Box or Dropbox. Using proprietary machine learning to monitor file operations and advanced data transformation algorithms to detect unauthorized file encryption across more than 70 dimensions, Netskope Threat Protection can quickly detect new ransomware outbreaks that spread into sanctioned cloud services.

Netskope provides deep cloud context to help identify the source of the ransomware infection, and, through integrations with endpoint detection and response solutions can trigger the isolation and remediation of affected endpoints. After the active ransomware infection is contained, Netskope provides an integrated workflow that makes use of the versioning capabilities in cloud storage services to quickly restore encrypted files to earlier, unaffected versions, which are subsequently synchronized with any other affected endpoints.

The ransomware detection and recovery capabilities for Netskope Threat Protection will be open for early availability at the end of 2016 and generally available in the first quarter of 2017. For more information visit

About Netskope

Netskope is the leader in cloud security. Using patented technology, Netskope’s cloud-scale security platform provides context-aware governance of all cloud usage in the enterprise in real-time, whether accessed from the corporate network, remote, or from a mobile device. This means that security professionals can understand risky activities, protect sensitive data, stop online threats, and respond to incidents in a way that fits how people work today. With granular security policies, the most advanced cloud DLP, and unmatched breadth of workflows, Netskope is trusted by the largest companies in the world. Netskope — cloud with confidence. To learn more, visit our website.