Netskope CASB Lab

I was able to join a lab provided by Netskope talking about CASB and their approach in a presentation for the CSA group I am a part of.

Going into this presentation I was unfamiliar with the concept of a CASB and the exact role they play in security (I'm sure some of you are judging me right now but like I said I'm still pretty new to this). They explained how cloud access security brokers have changed over the last decade and their role in the CASB space. After hearing their explanation and elevator pitch I was definitely impressed with what they were offering, as you'll see in my notes they have a very extensive library that they catalog cloud apps with and they are continually grading services based on security and privacy concerns.

Once I got to play around in the lab I'll be honest when I say I was thoroughly impressed with how granular you could get with setting rules for data and how easy those rules were to set up. I believe I set up a rule that was specific enough where you can determine the accounts users could upload or download files from in gmail, meaning that all personal gmail accounts were accessible however you could not upload or download from them but you could for a specific gmail account domain. On top of that the pop-up message that shows thanks to the Netskope agent does a good job of "training" the user of what they did wrong with I think is a great approach as opposed to just blocking the activity/traffic. I will move on to my notes below but I have to say all in all that Netskope has some features that I really like and could see being beneficial depending on the organizational needs.

  • Cloud Access Security Broker

    • The definiteion/use of a CASB has changed over the last 8-10 years

    • Most companies only feed about 2% of the traffic to/from cloud services through the CASB

    • Many CASB services can take minutes or potentially hours to read through data and alert a security team to an alert

    • 85% of enterprise web traffic consists of cloud apps

  • CASB discussion

    • How do you identify and approve application usage? Access Control?

    • Do you normally utilize an allow or block strategy?

    • What approved cloud apps are sanctioned? How many others are

  • How does Netskope do logging?

    • Netskope has a database of around 35000 web apps

    • Netskope had a "cloud confidence score" of applictions base on multiple factors like:

      • EULA

      • Who owns the data?

      • Different certifications and security frameworks

    • Netscope's universal connector can detect many specific actions with with apps like login, upload file, download file, etc

    • Netskope can sit in your environment and detect all of the cloud apps that are being used

  • Rich Policy Context of CASB + SWG + DLP

    • Detect specific activities

    • Detect specific applications

    • Detect devices & users

    • Take specific actions such as allow, block, coach, encrypt, hold, etc.

    • Scoring

      • Enable mass-actions based on cloud app scores

  • Encryption trend

    • 92% of pages in the US are now delivered with encryption as of Jan 4 2020

  • Discussion 2

    • Do you currently have SSL/TLS inspection deployed throughout your enterprise and remote offices?

  • Netskope private access

    • Netskope offers a cloud service providing zero-trust secure access to private enterprise applications in Hybrid IT

    • Benefits of NPA:

      • Fan out for hybrid IT instead of hairpinning

      • Zero Trust application access instead of network access

      • Unified secure access as-a-service for SaaS, Web, and Private

        • single client

        • Unified scurity

        • Intelligence from the cloud

Well that's all for my notes on this one, I have a picture from one of the slides below that is a great overview of Netskope and how it works because I'm sure I did not do a great job of explaining it. Big thanks to CSA for enabling me to participate in awesome labs like these!

Last updated