Netskope Security for AWS, Azure, and GCP

Provides visibility into the configuration of various cloud resources and services, as well as your compliance with benchmarks, such as NIST, CIS, PCI, and even your own custom security controls.

• Provides visibility into the configuration of various cloud resources and services.
• Offers guidance on how to enable the appropriate workflows that allow security teams to integrate with the infrastructure teams to resolve misconfigurations.
• Automatically disseminates configuration scan results, with granular filters and least privilege, so that the owner of the infrastructure only gets the data they need
• Utilizes a large and growing library of Restful APIs to support key use cases, such as the bulk setup of accounts and subscriptions and the integration into the CI/CD pipeline via API scans.

Netskope provides unprecedented visibility into data at rest across cloud services, extending DLP capabilities to managed and unmanaged platforms like Salesforce, ServiceNow, and social media. Its advanced content inspection engines parse through various file types, enabling comprehensive monitoring and protection of sensitive information across diverse cloud environments.

• Extends the benefits of DLP profiles used for SaaS applications to your public clouds
• Offers Netskope DLP policies that cover data residing in fields of cloud services, such as Salesforce and ServiceNow
• Uses Netskope DLP’s unique ability to inspect content in thousands of cloud services.
• Uniquely extends support for DLP policies to unmanaged cloud services, such as social media posts, subject lines in webmail, and collaboration messages in application, such as Jive, Yammer, and Chatter
• Offers comprehensive malware prevention and detection capabilities. Netskope Threat Protection is not restricted to just executables. It includes proprietary engines to parse through PDFs, DOC files, etc.

Uses inline visibility and controls, powered by Netskope One Zero Trust Engine, to enhance native cloud controls and uncover admin and CLI activity taking place across unmanaged instances of AWS, Azure, and GCP (Shadow IT).

• Provides real-time inline visibility and control
• Alerts when a user logs into a personal AWS account (using a personal email)
• Alerts or blocks attempts to download malware from an S3 bucket
• Blocks attempts to upload sensitive data to Azure Blob Storage

Uniquely provides enhanced inline controls that extend beyond typical API-based CSP management capabilities.

• Pulls the S3 inventory to create a “whitelist” of known managed S3 buckets. This whitelist is fed into an inline policy, which allows you to block attempts to exfiltrate data from managed to unmanaged buckets.
• Enables policies to be established to provide inline security controls, like DLP and ATP of traffic to/from public clouds.
• Detects and blocks insider threats, stopping the exfiltration of data from a corporate, managed storage bucket/blob to a personal, unmanaged storage bucket/blob.
• Allows you to add custom bucket lists by uploading a CSV file or via API integration.