Netskope is architected to cover all cloud security use cases in a comprehensive manner. Flexibility starts with the option of being deployed as a 100 percent cloud service, as an on-premises appliance, or in a hybrid manner that includes both. Netskope is the only vendor with an all-mode architecture that supports all ways enterprises steer traffic to the Netskope cloud for visibility and control. Our customers are in production across every deployment architecture offered in the market today, including log-based discovery, API introspection, inline as a reverse proxy, inline as a forward proxy with or without agents or mobile profiles, in secure TAP mode, and in proxy-chaining mode. We have abstracted our analytics and policy enforcement engine from our deployment options, which allows customers to add to their deployments quickly and with minimal disruption. Netskope can easily add new apps in our modular data plane with no impact to the rest of the platform.
Netskope sees and decodes all cloud traffic, not just sanctioned browser traffic like most CASBs. Our patented, all-mode architecture gives you visibility and control over sanctioned and unsanctioned services whether users are on a web browser, mobile app, or sync client. When nine out of 10 of your cloud services are unsanctioned, visibility and control are critical!
Now combine that full visibility with granular policy controls. Rather than take a sledgehammer approach by always blocking cloud services, use the Netskope Context Engine as your scalpel. Identify risky activities and their context, such as sharing outside of the organization or downloading confidential data to a BYO device, and block or throttle those instead. Choose from policy outcomes such as “block,” “alert,” “bypass,” “encrypt,” “quarantine,” and “coach” to match the appropriate enforcement to each policy violation.
For sanctioned services like Microsoft Office 365, Box, and G Suite, Netskope provides full-spectrum governance across user, service, device, location, activity, and content. Enforce policies such as “Coach users when they attempt to download personally identifiable information (PII) from any HR service to a mobile device,” and more. For unsanctioned services, Netskope provides visibility and control at the service, service instance, or category level with “set-it-once” policies like “Block the download of PII to all mobile devices.”
Gain full visibility of your cloud services with an all-mode architecture capable of covering all cloud traffic whether your users are on premises or remote, using a web browser, mobile app, or sync client.Use a frictionless out-of-band API introspection deployment for near real-time visibility and control of sanctioned cloud services.
Carve out risky activities in sanctioned or unsanctioned cloud services with fine-grained policies that take into account user, device, location, service, activity, and data. For example, instead of blocking cloud storage services, restrict upload of sensitive data to only cloud storage services sanctioned by the company.
Monitor activity and enforce policies granularly in cloud services based on contextual details such as user, service, device, location, activity, and context. Do things like disallow content upload to any service whose Netskope Cloud Confidence Level is “medium” or below. Enforce policies at the service, service instance, or service category level.
This video gives you cloud security best practices and specific policy examples. Learn how to enforce a “layered” exception policy to address use cases such as enforcing different policies in a sanctioned instances versus personal instances of a cloud service like Dropbox.
Netskope provides the ability to understand and control real-time activities, such as edits, shares, and downloads, in cloud services. And with deep visibility into these activities, you can define granular policies that target and control specific risky activities, such as blocking the download of sensitive data to an unmanaged device.
Enforce granular, activity-level policies to protect regulated data. You can protect regulated data by restricting it from being shared like “Block upload of protected health information (PHI) to any big data service,” or protecting it in transit or on data already resident in a sanctioned service with encryption policies.
When you enforce a policy such as blocking uploads to an unsanctioned cloud service, provide an automated message to coach the user (e.g., provide a link to the corporate-sanctioned alternative of the cloud service). Let users justify or report a false positive.
Enforce conditional access policies based on user, service, device, location, activity, and content. For example, allow users on corporate devices full access to the Office 365 suite while limiting BYOD users only to the web version of the services.
Watch how Netskope allows you to place granular policies on cloud activities and maintain employee productivity instead of being forced to outright block cloud services.Learn more