Deployment Options

The Netskope One Platform supports a number of deployment, connectivity and traffic steering methods. Options range from API connectors for managed apps, to inline options including the Netskope One Client and Gateway for achieving real-time protection and application connectivity.

Solution Brief

Choose one deployment method or combine multiple

Most customers choose to combine an API deployment with a forward and/or reverse proxy deployment, given the expanded use case coverage. This enables protection for data at rest in managed cloud apps in addition to real-time protection enabled by a proxy-based deployment.

API

Use API connectors to connect the Netskope One Platform to managed cloud apps like Microsoft 365, Box, Salesforce, Google Workspace, AWS, and more.

An API deployment provides out-of-band visibility and control of data at rest in managed cloud apps and is also required for IaaS continuous security assessment functionality.

Protects data at rest in cloud apps managed by IT
Enables policy actions such as remove public shares and restrict sharing of certain content to internal
Out-of-band deployment
Dozens of API connectors supported

Netskope One Client

The Netskope One Client, a unified SASE client, provides real-time visibility and control of managed devices accessing the cloud and web from anywhere. The Netskope One Client has a tiny footprint, takes minimal CPU resources, and simply steers cloud and web traffic from managed devices to the Netskope One Platform. All proxying and security functionality is performed in the cloud vs on the client.

Deployed on managed devices provides protection wherever the device and user goes
Single client for all cloud and web traffic
All proxying and security functionality performed in the cloud, not on the client
Lightweight footprint and minimal CPU resources used

Netskope One Gateway

The Netskope One Gateway, a unified SASE gateway, offers both hardware and virtual form factors for micro to large branches/data centers and virtual gateways across all clouds. It consolidates multiple networking (4G/5G, WiFi, Router, SD-WAN, VRF) and security services on a thin branch appliance to reduce complexity.

Context-Aware SASE Fabric delivers SD-WAN optimization for 75k+ apps.
One Gateway integrated within NewEdge as cloud gateways ensures high-performance access to priority SaaS/UCaaS applications
One Gateway delivers on-premise NGFW/IPS alongside one-click integration with cloud-delivered services such as SWG/CASB.
Run additional Netskope or partner services on the Netskope One Gateway, such as Netskope IoT Device Intelligence, Netskope P-DEM, and Speedtest.

Forward proxy

Netskope provides forward proxy configurations that do not require a footprint on the endpoint. The Netskope Secure Forwarder can be deployed on-premises as a virtual machine, steering local cloud and web traffic to the Netskope One Platform. Netskope can also be integrated with your existing proxy as a proxy chain.

Netskope Secure Forwarder deployed on premises to steer cloud traffic to the Netskope One Platform
Can also be deployed as a proxy chain with your existing proxy
Coverage for on-premises users only

Reverse proxy

Netskope provides a reverse proxy deployment mode that steers browser-based cloud traffic from managed cloud apps to the Netskope One Platform. This deployment option is required for covering unmanaged devices that are off network accessing managed cloud apps.

Real-time visibility and control for managed and unmanaged devices accessing managed cloud apps
Only deployment that covers unmanaged devices off network accessing managed cloud apps
Browser traffic only – no native apps or sync clients

GRE/IPSEC

The GRE/IPSec deployment option steers local cloud and web traffic from the router to the Netskope One Platform.

Uses the GRE tunnelling protocol to steer on-premises cloud and web traffic to the Netskope One Platform
IPSEC can be used as an alternative to GRE for steering on-premises cloud and web traffic to the Netskope One Platform

Log parsing

Netskope can be configured to parse log traffic from a perimeter device such as a firewall or proxy. This provides out-of-band discovery of cloud services. Logs can be uploaded directly to the Netskope One Platform or an on-premises log parser can be deployed to continuously send log data to the Netskope One Platform.

Perform log analysis and extract cloud usage details
Upload logs using the Netskope UI
Deploy an on-premises log parser to continuously send logs from a perimeter device to the Netskope One Platform
Dozens of off-the-shelf log formats supported plus a self-service tool for building custom log parsers

Use API connectors to connect the Netskope One Platform to managed cloud apps like Microsoft 365, Box, Salesforce, Google Workspace, AWS, and more.

An API deployment provides out-of-band visibility and control of data at rest in managed cloud apps and is also required for IaaS continuous security assessment functionality.

Protects data at rest in cloud apps managed by IT
Enables policy actions such as remove public shares and restrict sharing of certain content to internal
Out-of-band deployment
Dozens of API connectors supported

Deployed on managed devices provides protection wherever the device and user goes
Single client for all cloud and web traffic
All proxying and security functionality performed in the cloud, not on the client
Lightweight footprint and minimal CPU resources used

Context-Aware SASE Fabric delivers SD-WAN optimization for 75k+ apps.
One Gateway integrated within NewEdge as cloud gateways ensures high-performance access to priority SaaS/UCaaS applications
One Gateway delivers on-premise NGFW/IPS alongside one-click integration with cloud-delivered services such as SWG/CASB.
Run additional Netskope or partner services on the Netskope One Gateway, such as Netskope IoT Device Intelligence, Netskope P-DEM, and Speedtest.

Netskope Secure Forwarder deployed on premises to steer cloud traffic to the Netskope One Platform
Can also be deployed as a proxy chain with your existing proxy
Coverage for on-premises users only

Real-time visibility and control for managed and unmanaged devices accessing managed cloud apps
Only deployment that covers unmanaged devices off network accessing managed cloud apps
Browser traffic only – no native apps or sync clients

The GRE/IPSec deployment option steers local cloud and web traffic from the router to the Netskope One Platform.

Uses the GRE tunnelling protocol to steer on-premises cloud and web traffic to the Netskope One Platform
IPSEC can be used as an alternative to GRE for steering on-premises cloud and web traffic to the Netskope One Platform

Perform log analysis and extract cloud usage details
Upload logs using the Netskope UI
Deploy an on-premises log parser to continuously send logs from a perimeter device to the Netskope One Platform
Dozens of off-the-shelf log formats supported plus a self-service tool for building custom log parsers

Trusted by
leading companies

The Netskope SSE solution enables the future of work, redefines risk management and data protection, and simplifies operations.

Go to Customers

01 — 01

With Netskope we get one control point for all of our cloud apps. That’s huge for us from a time and training point of view.”

Sajawal Haider

CISO

Oak Hill Advisors

The Netskope
One Platform

Unrivaled visibility. Real-time data and threat protection.

Netskope Intelligent SSE is built on the Netskope One Platform, a platform that provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device.

See our Platform

Resources

Access our curated collection of relevant resources on your path to building a unified security architecture which enables business growth and innovation.

Solution Brief

Netskope One Platform

Netskope One is a cloud-native platform that offers converged security and networking services to enable your SASE and zero trust transformation.