Back 
Leading cloud security company unveils new capabilities and integrations with industry-leading tools to offer defense-in-depth solution targeted at cloud threats
Netskope, the leading cloud access security broker, today announced the availability of Netskope Active Threat Protection, a first-of-its-kind threat protection solution for the cloud access security broker (CASB) industry. With a comprehensive vantage point over cloud app usage, Netskope Active Threat Protection combines threat intelligence, static and dynamic analysis, and machine-learning based anomaly detection to enable real-time detection, prioritized analysis, and remediation of threats that may originate from — or be further propagated by — cloud apps. These new Netskope capabilities integrate with industry-leading tools to create a defense-in-depth solution that reduces the time required for cloud threat detection and forensic analysis from hours to minutes.
With 4.1% of enterprises’ sanctioned cloud apps laced with malware and total cloud app usage — including unsanctioned or “shadow IT” apps — extending into the thousands per enterprise, organizations have been largely unprotected by traditional perimeter security providers. The increasing complexity of the threat landscape and frequency of attacks has also led to an unprecedented shortage of skills and cognitive overload for IT security professionals.
Netskope Active Threat Protection addresses the lack of cloud visibility with a 360-degree view into sanctioned and unsanctioned cloud app usage, even if the user is accessing the app remotely or from a mobile device. This vantage point over the cloud vector goes beyond other CASB solutions that fail to see all app usage and data movement. Netskope Active Threat Protection goes even further by understanding the context of the usage, such as who is uploading, downloading and sharing data — information that may prove critical when thwarting an attack or limiting its blast radius.
To help IT address the complexity of the threat landscape and skills shortage, Netskope Active Threat Protection is designed to prioritize potential threat dangers during scanning without sacrificing the comprehensiveness of the scans performed. This is done at high-speed and in real-time before surfacing forensic analysis in a single Netskope dashboard or via a customer’s security information and event management (SIEM) solution. To expedite or automate remediation efforts, Netskope Active Threat Protection comes with a granular policy enforcement engine and can trigger workflows such as quarantining, or a customer can integrate with their existing remediation toolset.
Key features of Netskope Active Threat Protection include:
- 360-degree Cloud Vantage Point: Netskope Active Threat Protection offers a 360-degree view into sanctioned and unsanctioned apps, distilled into users, activity and context, all in one central dashboard.
- Prioritized Threat Protection: Industry-first prioritized threat protection provides deep contextual-based insights from threat intelligence, static and dynamic analysis and anomaly detection, to detect, analyze, and quarantine the latest viruses, advanced persistent threats (APTs), spyware, adware, worms, ransomware, and other malware.
- Remediation Built for the Cloud: Netskope Active Threat Protection leverages the Netskope policy enforcement capabilities along with cloud-specific integrations with endpoint detection and response (EDR), sandbox and SIEM vendors so that the time required for forensics is reduced from hours to minutes.
Netskope Active Threat Protection also integrates with leading IT security vendors to provide best-of-breed capabilities and extend existing enterprise investments:
- Threat Intelligence Feed Aggregation and Sharing: Netskope Active Threat Protection automatically aggregates and normalizes threat intelligence feeds to increase threat detection. In addition, as a participant in the FireEye Cyber Security Coalition, Netskope integrates with the FireEye platform to share intelligence. Finally, Netskope Active Threat Protection communicates using STIX/TAXII or OpenIOC standards to exchange threat context and detection information and Netskope customers can easily leverage existing threat intelligence aggregations that they have built over time.
- Zero-day Threat Intelligence: Zero-day intelligence feeds from FireEye ensure Netskope Active Threat Protection detects and protects against the latest threats.
- Sandboxing: Netskope Active Threat Protection provides certified integrations with FireEye and Cyphort. Additional sandboxing providers can be leveraged through pre-built integrations.
- Endpoint Intelligence and Incident Response: Netskope Active Threat Protection integrates out-of-the-box with the Carbon Black EDR solution. The integration is bi-directional; endpoint behavioral data is pulled into the Netskope platform, where it is analyzed against user, activity, and content data. Netskope cloud app policies can also be pushed to the EDR for seamless remediation.
Quotes from Netskope leadership, industry analysts and partners about the news:
“With the constantly evolving landscape of malware, ransomware and other threats to the enterprise, IT need not only ‘rip the blindfold off’ when it comes to shadow IT, but to be able to react immediately to ensure the safety and security of sensitive data,” said Sanjay Beri, co-founder and CEO, Netskope. “With Netskope Active Threat Protection, customers can now take advantage of the Netskope deep cloud app visibility and granular policy enforcement capabilities in tandem with the benefits of a complete threat protection suite. We have collaborated with a number of leading enterprise security companies to offer this service to our customers and ensure that we are one step closer to safer enterprise cloud app usage.”
“All organizations leveraging the tremendous agility of cloud computing for competitive advantage need to do so safely with purpose-built security solutions. Securing the use of the cloud includes awareness of bad actor use of SaaS applications as an attack vector to plant and disseminate malware,” said Doug Cahill, senior analyst for ESG Research. “With its breadth and depth of visibility and policy enforcement for both sanctioned and unsanctioned cloud apps, Netskope is in the right spot to address this problem. Now, through a combination of organic innovation and tight integrations with leading security controls, Netskope has introduced a smart approach that helps organizations detect and thwart threats emanating from the cloud. An example of thoughtful design is how the Netskope Active Threat Protection product prioritizes threat analysis to reduce the time to remediation for operational efficiency and thus allowing IT to focus on enabling their organization’s use of the cloud.”
“Netskope offers the most comprehensive real-time visibility and policy enforcement for enterprise cloud app usage in the industry. When integrated with the FireEye platform, enterprises unlock a greater security vantage point through the intelligence, technology, and services capabilities in the industry,” said Ed Barry, VP, Cyber Security Coalition, FireEye. “As a new member of the FireEye Cyber Security Coalition, we are excited to have Netskope work with us and other CSC members to enable better protection of joint customers against advanced threats.”
“The widespread usage of cloud apps has had a compounding impact on the complexity of the threat landscape. The Cyphort and Netskope integration takes this attack vector head on by combining Netskope’s uncompromised visibility and real-time control of cloud apps with Cyphort’s unique sandbox environment that combines machine learning and behavior analysis. This is great news for enterprises who have ventured into the cloud and want to detect and remediate threats,” said Anthony James, Vice President of Product and Marketing, Cyphort.
“Information sharing and a united defense are critical components of effective cyber security. With Carbon Black’s real-time visibility and continuous recording of endpoint activity, and Netskope’s real-time visibility of the cloud, this integration makes great sense for our companies and our joint customers. Now, whether enterprises are addressing threats in the cloud or on the endpoint, they can benefit from the bi-directional exchange of threat intelligence and risk information provided by each solution, combined with the outstanding detection and response capabilities of Carbon Black,” said Tom Barsi, senior vice president of business development for Carbon Black.
To learn more about Netskope Active Threat Protection, download this data sheet.
Resources
- Visit Netskope at RSA Conference booth #S1645 for a product demo
- Download the Netskope February 2016 Cloud Report for the latest on enterprise cloud app usage trends
- Learn more about how to gain visibility into enterprise cloud apps and how to ensure they are secure and compliant
- Visit the Netskope Hub for the latest commentary and insight on trends from the Netskope team
About Netskope
Netskope™, the leading cloud access security broker (CASB), helps enterprises find, understand and secure sanctioned and unsanctioned cloud apps. Through contextual awareness and a multi-mode architecture, Netskope sees the cloud differently. This results in the deepest visibility and control, the most advanced threat protection and data loss prevention and an unmatched breadth of security policies and workflows. The world’s largest companies choose Netskope, the only CASB that ensures compliant use of cloud apps in real-time, whether accessed on the corporate network, remotely or from a mobile device. With Netskope, enterprises move fast, with confidence. To learn more, visit our website.