About Cloud Exchange

The Netskope Cloud Exchange (CE) platform and its four modules are provided at no charge to customers. One or more modules can be activated at a time. CE is deployed as a docker-based solution wherever Linux can be run and on systems that support docker. Customers can use their own resources to deploy and manage CE or they can have Netskope deploy and manage CE for them. The Netskope managed service offering for CE includes 99.9% availability and 24×7 support.

Five modules with ready to use plug-ins, 100+ integrations

Cloud Log Shipper

• Export event/alert logs
• Multi-threaded query engine
• Near real-time polling
• One or more destinations

Cloud Ticket Orchestrator

• Automate service tickets
• Curated event details
• Map tickets to workflows
• Mute & De-duplication

Cloud Threat Exchange

• Automate IOC sharing
• Bi-directional updates
• File hashes (threat, DLP)
• Malicious URLs

Cloud Risk Exchange

• Exchange risk scores
• Users, devices and/or applications
• Average/weight scores
• Trigger CTO actions

Device Intelligence Exchange

• Ingest CMDB, MDM, EDR, vulnerability, subnet and AD data
• API driven
• Support data transformation and normalization

Features and benefits

Any of the four modules of the Netskope Cloud Exchange (CE) platform can be activated at a time.

Cloud Exchange overview

Cloud Exchange is deployed as a docker-based solution wherever Linux can be run and on systems that support docker. Cloud Exchange requires very little compute and storage resources to run—a minimum of two (2) vCPU, 20 GB of storage, and 4 GB of RAM—and has been tested on Ubuntu and CentOS. CE supports most identity services for local login or single sign-on, role-based access controls for the UI and API tokens, access is secured with TLS v1.3 with the option of customer-generated certificates and provides multi-tenant support when managing multiple customer instances of the Netskope One platform. CE includes automated checks for updated or newly published plug-ins and provides syslog messages to report platform functionality, audit logs, and system errors.

Cloud Log Shipper

Netskope Cloud Log Shipper (CLS) enables organizations to performantly export the rich event logs from Netskope inline and out-of-band security solutions into SIEMs, data lakes, and syslog formats. Security operations centers (SOCs) and XDR/MDR services can extend their depth of visibility and context with Netskope SSE, Next Gen SWG, CASB, ZTNA, CSPM/SSPM, and CFW solution logs.

Cloud Ticket Orchestrator

Netskope Cloud Ticket Orchestrator (CTO) enables your organization to programmatically and automatically open tickets on IT service management (ITSM) and collaboration systems based on which alert types and elements are noteworthy, streamlining how the tickets are managed and effectively mapping them to workflows in those systems.

Cloud Threat Exchange

Netskope Cloud Threat Exchange (CTE) is a near real-time threat ingestion, curation, and sharing tool that enables Netskope customers and technology partners to bidirectionally exchange IOCs. Security teams can integrate up-to-the-minute intelligence feeds that contain malicious URLs and file hashes, plus DLP file hashes, into their security infrastructure products, such as endpoints, email security, SIEMs, SOARs, and XDR solutions.

Cloud Risk Exchange

Netskope Cloud Risk Exchange (CRE) creates a single view into multiple connected systems’ risk values for individual users, devices and/or applications. As scores are consumed into the CRE database, they are mapped to a normalized value range and can be weighted as needed to create a single score per user/or application, and a daily average across all users, devices and/or applications. By leveraging business logic, security analysts can match individual scores, score combinations, or weighted scores as nested to trigger targeted actions in connected systems to reduce risk plus define triggers to send notifications via CTO plug-ins to ITSM and collaboration systems.