Choose one deployment method or combine multiple

Most customers choose to combine an API deployment with a forward and/or reverse proxy deployment, given the expanded use case coverage. This enables protection for data at rest in managed cloud apps in addition to real-time protection enabled by a proxy-based deployment.

API

Use API connectors to connect the Netskope One Platform to managed cloud apps like Microsoft 365, Box, Salesforce, Google Workspace, AWS, and more. An API deployment provides out-of-band visibility and control of data at rest in managed cloud apps and is also required for IaaS continuous security assessment functionality.

• Protects data at rest in cloud apps managed by IT
• Enables policy actions such as remove public shares and restrict sharing of certain content to internal
• Out-of-band deployment
• Dozens of API connectors supported

Netskope One Client

The Netskope One Client, a unified SASE client, provides real-time visibility and control of managed devices accessing the cloud and web from anywhere. The Netskope One Client has a tiny footprint, takes minimal CPU resources, and simply steers cloud and web traffic from managed devices to the Netskope One Platform. All proxying and security functionality is performed in the cloud vs on the client.

• Deployed on managed devices provides protection wherever the device and user goes
• Single client for all cloud and web traffic
• All proxying and security functionality performed in the cloud, not on the client
• Lightweight footprint and minimal CPU resources used

Netskope One Gateway

The Netskope One Gateway, a unified SASE gateway, offers both hardware and virtual form factors for micro to large branches/data centers and virtual gateways across all clouds. It consolidates multiple networking (4G/5G, WiFi, Router, SD-WAN, VRF) and security services on a thin branch appliance to reduce complexity.

• Context-Aware SASE Fabric delivers SD-WAN optimization for 75k+ apps.
• One Gateway integrated within NewEdge as cloud gateways ensures high-performance access to priority SaaS/UCaaS applications
• One Gateway delivers on-premise NGFW/IPS alongside one-click integration with cloud-delivered services such as SWG/CASB.
• Run additional Netskope or partner services on the Netskope One Gateway, such as Netskope IoT Device Intelligence, Netskope P-DEM, and Speedtest.

Forward proxy

Netskope provides forward proxy configurations that do not require a footprint on the endpoint. The Netskope Secure Forwarder can be deployed on-premises as a virtual machine, steering local cloud and web traffic to the Netskope One Platform. Netskope can also be integrated with your existing proxy as a proxy chain.

• Netskope Secure Forwarder deployed on premises to steer cloud traffic to the Netskope One Platform
• Can also be deployed as a proxy chain with your existing proxy
• Coverage for on-premises users only

Reverse proxy

Netskope provides a reverse proxy deployment mode that steers browser-based cloud traffic from managed cloud apps to the Netskope One Platform. This deployment option is required for covering unmanaged devices that are off network accessing managed cloud apps.

• Real-time visibility and control for managed and unmanaged devices accessing managed cloud apps
• Only deployment that covers unmanaged devices off network accessing managed cloud apps
• Browser traffic only – no native apps or sync clients

GRE/IPSEC

The GRE/IPSec deployment option steers local cloud and web traffic from the router to the Netskope One Platform.

• Uses the GRE tunnelling protocol to steer on-premises cloud and web traffic to the Netskope One Platform
• IPSEC can be used as an alternative to GRE for steering on-premises cloud and web traffic to the Netskope One Platform

Log parsing

Netskope can be configured to parse log traffic from a perimeter device such as a firewall or proxy. This provides out-of-band discovery of cloud services. Logs can be uploaded directly to the Netskope One Platform or an on-premises log parser can be deployed to continuously send log data to the Netskope One Platform.

• Perform log analysis and extract cloud usage details
• Upload logs using the Netskope UI
• Deploy an on-premises log parser to continuously send logs from a perimeter device to the Netskope One Platform
• Dozens of off-the-shelf log formats supported plus a self-service tool for building custom log parsers