Netskope CASB Lab
I was able to join a lab provided by Netskope talking about CASB and their approach in a presentation for the CSA group I am a part of.
Going into this presentation I was unfamiliar with the concept of a CASB and the exact role they play in security (I'm sure some of you are judging me right now but like I said I'm still pretty new to this). They explained how cloud access security brokers have changed over the last decade and their role in the CASB space. After hearing their explanation and elevator pitch I was definitely impressed with what they were offering, as you'll see in my notes they have a very extensive library that they catalog cloud apps with and they are continually grading services based on security and privacy concerns.
Once I got to play around in the lab I'll be honest when I say I was thoroughly impressed with how granular you could get with setting rules for data and how easy those rules were to set up. I believe I set up a rule that was specific enough where you can determine the accounts users could upload or download files from in gmail, meaning that all personal gmail accounts were accessible however you could not upload or download from them but you could for a specific gmail account domain. On top of that the pop-up message that shows thanks to the Netskope agent does a good job of "training" the user of what they did wrong with I think is a great approach as opposed to just blocking the activity/traffic. I will move on to my notes below but I have to say all in all that Netskope has some features that I really like and could see being beneficial depending on the organizational needs.
Cloud Access Security Broker
The definiteion/use of a CASB has changed over the last 8-10 years
Most companies only feed about 2% of the traffic to/from cloud services through the CASB
Many CASB services can take minutes or potentially hours to read through data and alert a security team to an alert
85% of enterprise web traffic consists of cloud apps
CASB discussion
How do you identify and approve application usage? Access Control?
Do you normally utilize an allow or block strategy?
What approved cloud apps are sanctioned? How many others are
How does Netskope do logging?
Netskope has a database of around 35000 web apps
Netskope had a "cloud confidence score" of applictions base on multiple factors like:
EULA
Who owns the data?
Different certifications and security frameworks
Netscope's universal connector can detect many specific actions with with apps like login, upload file, download file, etc
Netskope can sit in your environment and detect all of the cloud apps that are being used
Rich Policy Context of CASB + SWG + DLP
Detect specific activities
Detect specific applications
Detect devices & users
Take specific actions such as allow, block, coach, encrypt, hold, etc.
Scoring
Enable mass-actions based on cloud app scores
Encryption trend
92% of pages in the US are now delivered with encryption as of Jan 4 2020
Discussion 2
Do you currently have SSL/TLS inspection deployed throughout your enterprise and remote offices?
Netskope private access
Netskope offers a cloud service providing zero-trust secure access to private enterprise applications in Hybrid IT
Benefits of NPA:
Fan out for hybrid IT instead of hairpinning
Zero Trust application access instead of network access
Unified secure access as-a-service for SaaS, Web, and Private
single client
Unified scurity
Intelligence from the cloud
Well that's all for my notes on this one, I have a picture from one of the slides below that is a great overview of Netskope and how it works because I'm sure I did not do a great job of explaining it. Big thanks to CSA for enabling me to participate in awesome labs like these!
Last updated