The 5 Steps to Cloud Confidence

Similar documents
The Netskope Active Platform

APERTURE. Safely enable your SaaS applications.

These materials are 2015 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.

Cloud Access Security Broker. Ted Hendriks HP Atalla Pre-Sales Consultant, APJ Region HP Enterprise Security Products

Netskope Cloud Report. Report Highlights. cloud report. Three of the top 10 cloud apps are Storage, and enterprises use an average of 26 such apps

The Cloud App Visibility Blindspot

Vulnerability Management

SAFELY ENABLING MICROSOFT OFFICE 365: THREE MUST-DO BEST PRACTICES

How APIs Turned Cloud on Security on Its Head

Enabling Business Beyond the Corporate Network. Secure solutions for mobility, cloud and social media

APRIL CLOUD REPORT. Netskope Cloud Report for Europe, Middle East, and Africa

Assessment & Monitoring

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

APRIL CLOUD REPORT. Netskope Cloud Report Worldwide

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Securing and Monitoring Access to Office 365

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

REVOLUTIONIZING ADVANCED THREAT PROTECTION

CyberArk Privileged Threat Analytics. Solution Brief

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere

AirWatch Solution Overview

Requirements When Considering a Next- Generation Firewall

Network Performance + Security Monitoring

Securing SharePoint 101. Rob Rachwald Imperva

Top 10 Reasons Enterprises are Moving Security to the Cloud

How To Manage Security On A Networked Computer System

SECURE FILE SHARING AND COLLABORATION: THE PATH TO INCREASED PRODUCTIVITY AND REDUCED RISK

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

SANS Top 20 Critical Controls for Effective Cyber Defense

10 Building Blocks for Securing File Data

Endpoint Threat Detection without the Pain

Websense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration

Netskope Cloud Report

Top Five Security Must-Haves for Office 365. Frank Cabri, Vice President, Marketing Shan Zhou, Senior Director, Security Engineering

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

A Websense White Paper Implementing Best Practices for Web 2.0 Security with the Websense Web Security Gateway

The Challenge of Securing and Managing Data While Meeting Compliance

On-Premises DDoS Mitigation for the Enterprise

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Cisco Cloud Web Security

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

February Considerations When Choosing a Secure Web Gateway

Preventing Data Leaks At The Firewall A Simple, Cost-Effective Way To Stop Social Security and Credit Card Numbers From Leaving Your Network

Executive s Guide to Cloud Access Security Brokers

Securing Content: The Core Currency of Your Business. Brian Davis President, Net Generation

The Sophos Security Heartbeat:

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Cisco Advanced Malware Protection for Endpoints

Information Technology Policy

Kenandy TM Cloud ERP White Paper. Kenandy Cloud ERP Overview

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

Cisco Advanced Malware Protection

#ITtrends #ITTRENDS SYMANTEC VISION

ENABLING FAST RESPONSES THREAT MONITORING

Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments

WildFire. Preparing for Modern Network Attacks

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

INTRODUCING isheriff CLOUD SECURITY

Agent vs. Agent-less auditing

The Firewall Audit Checklist Six Best Practices for Simplifying Firewall Compliance and Risk Mitigation

Imperva Skyfence Secures Office 365 Access for Mobile Employees at Metro Bank

Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview

Enterprise Buyer Guide

End-user Security Analytics Strengthens Protection with ArcSight

Securing your IT infrastructure with SOC/NOC collaboration

Cisco Advanced Malware Protection for Endpoints

An Enterprise Approach to Mobile File Access and Sharing

Carbon Black and Palo Alto Networks

Reduce Your Network's Attack Surface

AccelOps NOC and SOC Analytics in a Single Pane of Glass Date: March 2016 Author: Tony Palmer, Senior ESG Lab Analyst

How To Write A Mobile Device Policy

Transcription:

The 5 Steps to Cloud Confidence CLOUD APPS LET PEOPLE GO FAST Organizations are adopting cloud apps in a big way. Today accounting for 23 percent of IT spend, cloud computing has accelerated because it allows people to get their jobs done more quickly, easily, and flexibly than traditional computing tools. Cloud apps the most visible and adopted segment of cloud computing have proliferated in enterprises and have now reached a tipping point. Forrester predicts the SaaS market to total $93 billion in 2016. Netskope counts thousands of cloud apps being used in enterprises today. Cloud apps are increasingly common in nearly every kind of enterprise. Sometimes this is because they are cheaper to buy and operate. Other times it s because people want to be nimble, deploying an app faster and taking advantage of the latest product features sooner than they would with on-premises software. And other times it s because people don t want to coordinate across the many gatekeepers operations, hardware, networking, and security required to make a software roll-out successful. Cloud apps have reached a level of maturity and feature richness that they are now mainstream. In fact, they are reaching a tipping point in organizations. IDC expects nearly a third of companies to source greater than half of their IT spend from the public cloud in 2016. AN OPPORTUNITY FOR IT AND THE BUSINESS While IT has ownership or responsibility for some cloud apps, people are now more than ever empowered to go outside of IT and deploy their own apps. This means they are procuring, paying for, managing, and using these apps without IT s involvement. This is a good thing for the business because it lets users get their jobs done more efficiently. But it also means that there is no way for IT to consistently manage and secure all of the cloud apps running across the organization, whether shadow IT or sanctioned, or to enforce security or compliance controls. Beyond shadow IT, IT is often responsible for some portion of cloud app enablement. In some cases, deployment of a cloud app is a net-new project for the organization. In others, it s a migration from a traditional application. Whether shadow or sanctioned, cloud app usage is growing and C-suites, boards of directors, and audit committees around the world are beginning to ask whether the cloud technologies in their environment are safe, compliant with business policies, perform according to vendor service-level agreements, are cost-effective, and are optimized for business usage. When IT can confidently answer these questions and assuage these concerns, it can sanction cloud apps and deliver them optimally. IT can shine a light on shadow IT, educate and inform cloud app stakeholders of the risks and opportunities, and safely bring cloud apps on board. The time is now for you to get complete visibility into the cloud apps in your organization. Then, together with your security and line-of-business counterparts, you can make decisions and institute granular policies to make those apps safe, compliant, and high performance. SLEDGEHAMMER VS. SCALPEL When confronted with an unknown technology, sometimes organizations are inclined to shut it down. That s because many of the tools IT has used to detect and remediate rogue technology are binary, so they allow you to say only yes or no. But what if you could take a more nuanced approach? Instead of taking a sledgehammer to the apps people want to use, what if you could say yes to nearly all of their favorite apps, and then, like a surgeon, slice out certain activities to make the usage of those apps acceptable to your organization from a security and compliance standpoint? This approach would put you in the position of partnering with and enabling the business rather than saying no in a wholesale way. And for the cloud apps that you have been championing but have had to slow roll because of security and compliance concerns, this approach will let you adopt them quickly. Taking a scalpel instead of a sledgehammer to the problem will pave the way to cloud confidence. WHITE PAPER 1

FIVE STEPS TO CLOUD CONFIDENCE What steps must you take to gain cloud confidence? We ve identified the following five: 1. Find the cloud apps running in your enterprise and understand their risk; 2. Understand how those apps are being used, 3. Use analytics to monitor usage, detect anomalies, and conduct forensics, 4. Identify and prevent the loss of sensitive data, and 5. Enforce your security and compliance policies across any cloud app or app category in real-time. We ll walk through each of the five steps and provide a short checklist within each step. Let s set the stage with a use case. Acme s IT department has not been able to sanction the usage of, or help deploy, cloud apps for its business because it can t see the apps people are using and what they re doing in them. As managers of a public company, Acme s executives must be able to attest, for compliance purposes, that only authorized personnel had contact with key systems and data, and any use or modifications were proper and accurate. With an increasing number of cloud apps coming onto the scene at Acme that contain an increasing amount of critical company data, management is concerned that it can no longer attest to the accuracy of these statements. Find All Cloud Apps and Understand Risk In order to lay the groundwork for cloud confidence, Acme IT must take the first step: find all of the cloud apps that are running in the organization. This includes both apps that are sanctioned by Acme s IT department and any that are unknown. To get a complete picture, IT should find not only those apps accessed from desktops and laptops within the four walls of the workplace, but also from remote laptops and mobile devices, regardless of whether the apps are browser-based or native, such as a sync client. Once those apps are found, IT should evaluate each of the apps against a set of objective criteria in the areas of security, auditability, and business continuity as well as the app s risk given its organization s use of that app. 4 Find all cloud apps, whether sanctioned or shadow IT 4 Include cloud apps that are running on-premises, remote, or on PCs or mobile devices 4 Score apps on enterprise-readiness, as measured by security, auditability, and business continuity 4 Evaluate those apps risk based on your organization s usage of them 4 Make risk-based decisions about whether to standardize on, and migrate users to, certain apps Understand Cloud App Context and Usage After finding all of the cloud apps that are running in the organization, Acme IT should be able to drill down into the information surrounding those apps and understand how people are using them. This second step involves understanding contextual usage of those apps, including user identity or group, as well as the device the user is on, browser, geo-location, and time; cloud app, app instance, or app category; specific app activities, e.g., download, share, or edit; content type and file or object name; DLP profile, if applicable; and where and with whom content is shared. 4 Drill down into user identity, e.g., user, group, device, browser, geo-location, and time 4 Understand the app, e.g., app, app instance, or app category 4 Ascertain cloud app activities, e.g., download, upload, share, edit, or administrative activities, as well as with whom content was shared, if applicable 4 See content details, e.g., content type, file or object name; and DLP profile, if applicable 4 Perform e-discovery of content existing at rest within an app, including against a DLP profile Analytics for Monitoring, Anomaly Detection, and Forensics Now that Acme IT knows what cloud apps are relevant to the organization s compliance posture based on category and usage, they must be able to analyze that activity against policy, pivoting around any of the parameters described above. IT must also be able to use analytics to detect anomalies to identify risky behavior and potential data loss or breach. Depending on Acme s business operations and regulations, compliance-oriented questions will bubble to the top. IT should be able to answer specific questions, including: Who from my call center in Bulgaria is accessing my CRM system, and what specifically are they doing? Who from my Investor Relations group is sharing docs from our cloud storage app during the company s quiet period? Has any non-hr manager downloaded salary data in any cloud app in the past three months? Is there any excessive downloading or sharing that could signal a data breach? Beyond viewing app access and activity at a point-in-time, Acme wants the ability to do continuous compliance, or have ongoing and uninterrupted visibility of all activities that could impact compliance with the organization s policies. IT should be able to turn any analytics query into a watch list or report, where any defined event or any deviation from a baseline will trigger an action. WHITE PAPER 2

Taking the Acme use case beyond compliance, let s say that in the course of performing analytics, IT uncovers suspicious activity. Analysts suspect that just days before leaving Acme Corp. for a competitor, an employee has exfiltrated data by downloading proprietary data from one of the company s cloud apps and then uploading the file into a cloud storage app that he accessed with his personal login credentials. IT would like to be able to construct a forensic audit trail showing every cloud app action for that user leading up to and immediately following the incident. This would enable IT not only to uncover suspicious behavior, but also to prove a breach occurred and clearly demonstrate malicious or even criminal activity. In addition to security and compliance analysis, Acme Corp. would like to analyze cloud app usage from a performance and optimization standpoint, understanding things like uptime and latency across not just apps, but also across user locations, device types, and time periods. This information would help Acme IT hold its cloud app vendors to stated SLAs and make better decisions for traffic planning and app consolidation. 4 Run deep analytics on user behavior, pivoting around all of the above visibility parameters 4 View user behavior and activity against baselines to uncover anomalies 4 Analyze cloud app performance, e.g., uptime, latency, and SLA adherence 4 Perform forensic analysis on user activity leading up to an incident or breach Cloud Data Loss Prevention Beyond understanding cloud app activity and potential data loss, Acme IT needs to understand whether sensitive data are getting out of its control. It needs to take advantage of work that s been done in the last decade in the security industry to bring similar data controls to the cloud. This includes incorporating industry-standard data identifiers into DLP rules, and combining those rules to create DLP profiles that can get incorporated into granular, precise policies. By wrapping potential data leakage scenarios with context, Acme can ensure fewer false positives and higher accuracy with its DLP policies. 4 Create relevant DLP profiles for your cloud apps, including personally-identifiable information, Payment Card Information, electronic Personal Health Information, and more 4 Base your DLP profiles on industry-standard data identifiers and rules and incorporate rich context (apps, users, time, location, and user activities) into your DLP policies 4 Discover content at rest already resident within your apps and take action such as change ownership, quarantine, or encrypt 4 Set DLP policies that take effect in not just one app, but across an entire category or globally, if you need them to 4 Ensure that your DLP policies can be enforced in real-time before a data breach occurs Secure Cloud Apps Through Real-time Policy Enforcement Once Acme IT analyzes the organization s cloud usage against its policies and uncovers data risks, breaches, and potential inefficiencies, it can begin to take action. Let s revisit our contention that using a scalpel, not a sledgehammer, to enforce your policies is the way to cloud confidence. Acme IT realizes this, and not only wants to confidently say yes to the apps that are already in use, but wants to move even more of its IT systems to the cloud. Acme wants to be able to set sophisticated, precise policies based on the same parameters it analyzes. For example, Acme wants to: Enable the use of collaboration apps, but prevent sharing of data with people outside of the company Disallow file uploads to cloud storage apps that contain highly sensitive data or intellectual property that, if ever leaked, stolen, or modified, could cause serious damage to the company Allow people in the HR and finance groups worldwide to access HR or finance/accounting apps, but block anyone outside of the U.S. from downloading salary information Encrypt sensitive content in context as it s being uploaded or when it s already resident within cloud apps 4 Enforce granular, specific policies on any of the visibility parameters or DLP profiles described above 4 Set policies once and have them enforced in real-time in any app, at the app- or category-level or globally 4 Enforce policies whether or not you manage, or even have administrative privileges, to the app 4 Enforce policies in real-time, before an undesired event or behavior happens 4 Coach users on policy violations to educate them about risky behaviors and to create transparency These five stepsmake up the framework for cloud confidence and the ability to take these five steps would mean that Acme IT can say yes overall to the cloud apps that Acme Corp. wants to use, while limiting certain risky or non-compliant behaviors within the apps: 1. Find the cloud apps running in your enterprise and understand their risk 2. Understand how those apps are being used 3. Use analytics to monitor usage, detect anomalies, and conduct forensics 4. Identify and prevent the loss of sensitive data 5. Enforce your security and compliance policies across any cloud app or app category in real-time WHITE PAPER 3

SUMMARY CLOUD CONFIDENCE CHECKLIST FIND CLOUD APPS AND UNDERSTAND RISK Find all cloud apps, whether sanctioned or shadow IT Include cloud apps that are running on-premises, remote, or on PCs or mobile Evaluate and score apps on enterprise-readiness, as measured by security, auditability, and business continuity Evaluate those apps risk based on your organization s usage of them Make risk-based decisions about whether to standardize on, and migrate users to, certain apps UNDERSTAND HOW CLOUD APPS ARE BEING USED Drill down into user identity, e.g., user, group, device, browser, geo-location, and time Understand the app, e.g., app, app instance, or app category Ascertain cloud app activities, e.g., download, upload, share, edit, or administrative activities, as well as with whom content was shared, if applicable See content details, e.g., content type, file or object name; and DLP profile, if applicable Perform e-discovery of content existing at rest within an app, including against a DLP profile ANALYTICS FOR MONITORING, ANOMALY DETECTION CLOUD DATA LOSS PREVENTION Run deep analytics on user behavior, pivoting around all of the above visibility parameters View user behavior and activity against baselines to uncover anomalies Analyze cloud app performance, e.g., uptime, latency, and SLA adherence Perform forensic analysis on user activity leading up to an incident or breach Create relevant DLP profiles for your cloud apps, including personally-identifiable information, Payment Card Information, electronic Personal Health Information, and more Base your DLP profiles on industry-standard data identifiers and rules and incorporate rich context (apps, users, time, location, and user activities) into your DLP policies Discover content in real-time as it is being uploaded, downloaded, and shared as well as content that has already been stored in the cloud app and take action such as quarantine, encrypt, change ownership, or change sharing permissions, Set DLP policies that take effect in not just one app, but across an entire category or globally, if you need them to Ensure that your DLP policies can be enforced in real-time before a data breach occurs SECURE CLOUD APPS THROUGH REAL-TIME POLICY ENFORCEMENT Enforce granular, specific policies on any of the visibility parameters or DLP profiles described above Set policies once and have them enforced in real-time in any app, at the app- or category-level or globally Enforce policies whether or not you manage, or even have administrative privileges, to the app Enforce policies in real-time, before an undesired event or behavior happens Coach users on policy violations to educate them about risky behaviors and to create transparency THE NETSKOPE ACTIVE PLATFORM TM : REAL-TIME CONTROL OVER ANY CLOUD APP, WHETHER IT MANAGES IT OR NOT Netskope is the leader in safe cloud enablement. The Netskope Active Platform gives IT the ability to find, understand, and secure cloud apps. Only Netskope empowers organizations to direct usage, protect sensitive data, and ensure compliance in realtime, on any device, for any cloud app so the business can move fast, with confidence. THE NETSKOPE ACTIVE PLATFORM FIND UNDERSTAND SECURE WHITE PAPER 4

FIND ALL CLOUD APPS, WHETHER SANCTIONED OR SHADOW IT To find all of the cloud apps running in your organization, Netskope relies on a combination of its Cloud Confidence Index (CCI), a repository of thousands of enterprise cloud apps, and algorithm-based traffic analysis that discovers unknown apps. This gives you confidence in knowing what apps your organization is dealing with and lays the groundwork for further analysis and policy-setting. Beyond finding apps, Netskope informs you of the enterprise-readiness score of each app based in its security, auditability, and business continuity, as well as combines that score with your specific usage to come up with a risk score specific to your environment. THE NETSKOPE ACTIVE PLATFORM IDENTIFIES THE CLOUD APPS RUNNING AT ACME CORP. THE NETSKOPE ACTIVE PLATFORM INFORMS ACME OF ITS RISKY APPS WHITE PAPER 5

SEE APPS AND USAGE IN CONTEXT WITH NETSKOPE ACTIVE VISIBILITY Netskope Active Visibility provides not just information about apps and users, but complete visibility into how the apps are used within your organization. You can quickly drill down to view the apps or app instances that are being accessed, by whom, the number and duration of each app session, where people are when they access the apps, what devices and browsers they are using, what app services they are consuming, what discrete actions they are taking (log in, modify data, download content, upload content, share content, administrative actions like escalation of privileges, etc.), what content type and file or object name they are dealing with, whether it is deemed sensitive given your DLP profiles, and where and with whom it is being shared. Moreover, we normalize those activities, so you can get one consistent view across app behaviors, and can use that single truth to enforce one simple policy uniformly across all relevant apps instead of having to set policies app by app. For instance, share and send, download and save, and edit and change can each mean the same thing across different apps. Imagine that for the more than 150 different cloud storage apps in the market, of which a dozen or more could be in use your organization, you d have to take a swivel chair approach and analyze app after app. And that s just for cloud storage. Netskope normalizes all of these user activities across more than 50 categories of apps so you do not have to understand each app and map its activities to understand what s going on. THE NETSKOPE ACTIVE PLATFORM LETS USERS DRILL DOWN INTO EACH ACTION OCCURRING IN A SESSION THE NETSKOPE ACTIVE PLATFORM SHOWS CLOUD APP USER ACCESS AND TRAFFIC PATTERNS AT ACME CORP. WHITE PAPER 6

PERFORM DEEP ANALYTICS WITH NETSKOPE ACTIVE ANALYTICS Netskope Active Analytics lets you pivot around any of the above parameters and answer any business or security question, understanding the who, what, when, and where, and with whom of any user s or administrator s activity within a cloud app, users activity overall, or activity compared to a baseline. With Netskope, you can perform granular queries, be alerted to granular behavioral anomalies, do forensic analysis after a security incident or breach, and set watch lists that will alert you on any activity. You can also run analytics on app performance, slicing by any of the visibility parameters above. DETECT ANOMALIES IN CONTEXT WITH NETSKOPE ACTIVE ANALYTICS PREVENT LOSS OF SENSITIVE DATA WITH NETSKOPE ACTIVE CLOUD DLP Netskope Active Cloud DLP is unique in preventing loss of sensitive data in the cloud in a way that is context and activity aware, works in real-time, and can be applied across any app, not app-by-app. With Netskope, you can incorporate cloud app and usage details such as the app, its category, its enterprise-readiness score per the Netskope CCI, the user or group, location of the user or app, time of day, device, browser, and user activity (e.g., upload, download, or view ) into your policies, which helps you be precise in identifying potential data loss scenarios so you can protect data in a targeted way. This helps you increase the accuracy of sensitive data detection and protection. You can also perform introspection within certain apps to e-discover content at rest that matches a certain DLP profile, and then take action on that content such as change ownership, quarantine, or encrypt. Netskope Active Cloud DLP uses industry-standard content inspection incorporating more than 3,000 language-independent data identifiers across hundreds of categories and more than 400 file types. These come together to form DLP rules, which comprise DLP profiles. From those profiles, you can set precise, contextual policies in the Netskope Active Platform. Netskope Active Cloud DLP comes with pre-built DLP profiles or lets you easily and quickly configure custom ones. This translates to confidence that you are using proven, industry-standard DLP building blocks in your policies and protecting data in context, leading to accuracy and effectiveness. WHITE PAPER 7

NETSKOPE ACTIVE CLOUD DLP PROFILES ENFORCE GRANULAR POLICIES IN REAL TIME ACROSS ANY APP WITH NETSKOPE ACTIVE POLICIES Once you discover and analyze your cloud apps and their usage in the context of your business policies, Netskope Active Policies let you set and enforce granular policies that will take effect across whatever cloud apps you specify (one app, one app instance, a category of apps, or all of the cloud apps in your environment) in a few clicks. In fact, as you re analyzing cloud app usage by clicking and drilling into the visibility parameters described above, The Netskope Active Platform is building breadcrumbs that you can turn into a policy in Netskope Active Policies at any time. Beyond incorporating contextual details such as device and location into your policy, you can incorporate apps CCI scores and DLP profiles into your policy-setting to narrow the contextual aperture in order to be targeted and accurate, minimizing false positives and false negatives. Finally, Netskope offers a variety of actions that you can specify as an outcome of policy non-compliance. You can block, alert, bypass, encrypt, coach users, or kick off a workflow to remediate, record, or report on the out-of-compliance event or activity. Some examples of how granular a policy can be include: Allow users in Sales to share any public collateral while preventing them from downloading content deemed confidential from a cloud storage app Alert IT if any user in Investor Relations shares content from a finance/accounting app with someone outside of the company Block any user located outside of the U.S. from downloading contacts from any CRM app Only allow data uploads to apps that have a CCI score of Medium or above, and block uploads to the rest NETSKOPE ACTIVE POLICIES LET ADMINS ENFORCE CONTEXTUAL, GRANULAR POLICIES WHITE PAPER 8

NETSKOPE ACTIVE POLICIES LET YOU COACH USERS WITH CUSTOMIZED MESSAGING HOW THE NETSKOPE ACTIVE PLATFORM WORKS When we built the Netskope Active Platform, we envisioned giving you deep views and tons of flexibility to answer any business or security question about your organization s cloud apps, as well as the power to enforce your policies in real time. In order to achieve this, we knew we needed to inspect cloud app traffic but also take a fundamentally different approach to looking at data and taking action. Being in the data plane carries with it a high level of responsibility, so we pulled together a group of proven veteran architects and engineers, including some of the original or founding architects from companies like NetScreen, Palo Alto Networks, Juniper, Cisco and McAfee, who have solved similar challenges in the past. We first started by looking at the application layer traffic, and, rather than deeply inspecting network packets, we developed a method for deeply inspecting cloud app transactions in real time and all calls to them, whether they were made within the confines of the corporate network or outside, from a laptop or mobile device, or from a browser or native app. We call this Deep API Inspection, or DAPII. Unlike existing pattern recognition methods that, for example, inspect GET and POST traffic in web sessions to find malicious or inappropriate websites, DAPII relies on information available from API transactions as they are actually occurring. We built connectors, or standardized integrations, for cloud apps that we use to interpret the conversation between browsers and apps. Connectors convey those conversations in JSON files, which contain a structure and format that allow Netskope to both understand what actions a user is performing in the app as it is happening, but also normalize those activities across all of the apps Netskope is dealing with. So, as in the prior example, if someone shares content in one app and sends it in another, Netskope will know and report on the fact that they are the same action. In short, Netskope enables you to see what is truly going on inside of an app without having to break apart or understand that app. For example, without Netskope, you may be able to see that a user went to a URL and during that session, and 973 upstream bytes were sent or retrieved, whereas Netskope gives you a much more detailed, context-aware and intelligent description of what happened: Joe from Investment Banking, currently in Japan, shared his M&A directory with an investor at a hedge fund at 10 PM something he has never done before. It s worth taking a moment to explain how we make sure that we gain visibility and enforce policy dynamically on your enterprise s cloud app transactions and traffic. We enable and have production deployments on a host of non-mutually exclusive, in-line and out-of-band deployment options. Each with these methods has a different level of theoretical coverage, visibility, and enforcement, from the most basic to the most advanced and real-time, so it s important to choose the right one(s) to facilitate your use cases. The options include: Out-of-band: Log-based. You can upload logs from your perimeter networking equipment such as your web gateway or next-generation firewall to Netskope offline. Introspection via API connectors. We connect to your sanctioned app using the OAuth authorization standard to give you control of content already residing in the app. Note that this only applies to apps that IT sanctions and administers. In-line: Agentless. We steer your users on-premises cloud network traffic to the closest one of four Netskope SOC-1/SOC-2, SSAE- WHITE PAPER 9

16 Type 2-certified data centers around the world, which sits between your network and your cloud apps and is transparent to your users. Thin agent or mobile profile. We steer your users remote cloud network traffic to Netskope via an agent or, if a mobile device, a mobile profile Reverse proxy. We redirect traffic to a modified URL of your sanctioned cloud apps. Note that this only applies to apps that IT sanctions and administers. In the first out-of-band method, log analysis provides you information about what apps you have, and the Netskope Active Platform categorizes them, gives you a view of their enterprise-readiness, and gives you a risk view based on a combination of those apps enterprise-readiness. Though useful, it s only a small fraction of what you d be able to see and doesn t include the real-time policy enforcement that you d get with the other implementations. In the second out-of-band method, app introspection gives you a deep view within specific apps that you administer. It enables you to e-discover and inventory both content and users of that content. It then lets you take action on that content, including re-assign ownership, set sharing permissions, quarantine files, and apply encryption of data-at-rest. The in-line methods inspect enterprise cloud app traffic to give you deep visibility, the ability to perform analytics in real-time, and dynamic policy enforcement for your enterprise cloud apps. Each level has its own level of coverage based on theoretical limitations of the method. The agentless method provides you a touchless way to get on-premises cloud app network traffic from the user s PC or mobile device to the Netskope cloud for analysis. Because it sits at your network s egress point, it is limited to on-premises network traffic. The thin agent gives you the same visibility, analytics, and enforcement as in the agentless, but also coverage of any device that s outside of the four walls of your organization. And finally, the reverse proxy method gives you a touchless way to get cloud app visibility and control, however, it is limited only to apps you administer. NETSKOPE TOPOLOGICAL LAYOUT NETSKOPE APIs PUBLIC CLOUD APPS DEPLOYMENT OPTIONS (Thousands) REVERSE PROXY INTROSPECTION INTERNET ANALYTICS & REAL-TIME POLICY ENGINE PRIVATE/HYBRID CLOUD NETSKOPE ADMIN CONSOLE How does Netskope handle policy enforcement in the in-line deployments? When your cloud app network traffic reaches the Netskope data plane in one of our data centers, the encrypted traffic will terminate at our instance, we will interpret user activity within the apps using DAPII, and then we will disallow or take an if-then action (for, say, an alert or workflow) on whatever function from that API on which you have created a policy. As you start to enforce policies across not just one or two, but dozens of apps, Netskope becomes even more valuable. When you set a policy, you expect to be able to enforce it in one app, across a category of apps, or universally across all of your cloud apps. Because Netskope does the heavily lifting to identify and normalize behaviors in all cloud apps, when you set a policy once you know that it will be carried out across all of the apps you want it to. So, when you set a granular policy such as Let people in my call center use CRM, but don t let them download customer contacts onto a mobile device if they re outside of my country, or set policies about what apps you will and won t allow based on their CCI score, you know that those policies will be enforced immediately before an WHITE PAPER 10

undesired act occurs and that you can do it at network speed and enterprise scale. ABOUT NETSKOPE Netskope is the leader in safe cloud enablement. The Netskope Active Platform gives IT the ability to find, understand, and secure cloud apps. Only Netskope empowers organizations to direct usage, protect sensitive data, and ensure compliance in realtime, on any device, for any cloud app so the business can move fast, with confidence. WHITE PAPER 11 2015 Netskope, Inc. All rights reserved. 270 3rd Street, Los Altos, CA 94022 Netskope is a registered trademark and Cloud Confidence Index, Netskope Active, SkopeSights are trademarks of Netskope, Inc. All other trademarks are trademarks of their respective holders. 01/15 WP-2-5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information