Threat protection like no other

Netskope One SSE is the only Security Service Edge that combines broad SaaS and IaaS inline content inspection, multiple layers of threat detection, and remediation capabilities to deliver comprehensive threat protection for cloud and web services.

Attacks are evading legacy web and email defenses

Rogue accounts

Attackers use rogue account instances within trusted managed cloud services and apps to share and deliver malicious payloads. Legacy defenses typically don’t know account owners, but Netskope Zero Trust Engine understands the user, app, instance, risk, data, and activity, so it can block rogue instances and prevent this attack vector.

Tailored attacks

Attackers conduct reconnaissance to identify your company’s preferred cloud services and apps and then creates fake login screens for these services to entice users to access, expose credentials, and possibly download payloads. Netskope Zero Trust Engine analyzes cloud service hosting accounts, so it can identify and block fake login pages.

Cloud phishing

Attacker evades legacy web and email defenses by delivering phishing attack elements from trusted managed cloud services using a rogue account instance. Netskope understands the difference between company and rogue instances for your managed cloud services, such as AWS, Azure, GitHub, Box, or Drive to block cloud phishing.

Hosting payloads

Legacy inline defenses often deploy ‘allow policies’ for all the services adopted by different lines of business, departments, and users. This opens the door to attack payloads being hosted in the cloud. Netskope can apply granular policies to both your managed and unmanaged clouds, to determine company approved account instances.

Cloud-based C2

Attackers use the cloud for command-n-control (C2) communications. Recently, an attacker used Slack for C2, knowing the company allowed it through legacy defenses. Instead of a broad ‘allow all’ for cloud services and apps, Netskope enables you to enforce granular user and account instance-aware policies to pinpoint and mitigate risks.

Data exfiltration

Unprotected cloud storage that leads to data exposure is well known, however, data can also be exfiltrated through rogue accounts in managed cloud services. Netskope provides Data Loss Prevention (DLP) defenses and granular policy controls that are aware of user, app, instance, risk, data and activity to prevent data loss.

Features and benefits

Gain full visibility

See what’s going on with inline encrypted traffic en route to and from cloud services and websites, as well as all your files stored in managed cloud services to prevent known threats and detect the unknown.

• Inspects traffic en route to and from cloud services and websites, as well as files stored in your managed cloud services
• Reveals threats and anomalous activity hiding in SSL/TLS-encrypted connections
• Monitors all cloud and web activity, whether users are on-premise or remote to prevent known threats and detect the unknown
• Covers browsers, sync clients, and mobile apps

Prevent threats and data exfiltration

Leverage multiple prevention defense layers, threat intelligence feeds, automated IOC sharing, UEBA anomaly detection including data exfiltration, remote browser isolation, plus granular policy controls using data context.

• Leverage multiple prevention defense layers, including anti-malware, client traffic exploit prevention (CTEP), heuristics, machine-learning analysis, and pre-execution document and script analysis
• Leverage 40+ shared threat intelligence feeds to detect known threats
• Cloud Threat Exchange (CTE) provides bi-directional automated IOC sharing
• Add-on Netskope One Remote Browser Isolation (RBI) to isolate risky websites, and Netskope One Firewall (FWaaS) to secure all ports and protocols users and offices
• Detect data exfiltration anomalies between company and personal instances
• Decode cloud traffic to understand user, app, instance, risk, activity and data to detect and block:
  • Fake phishing forms used by cloud phishing attacks
  • Malicious Office documents and scripts
  • Cloud hosted malware payloads

Detect and hunt threats

Use multiple detection defenses, including machine learning anomaly detection and sandboxing, to uncover unknown threats, plus leverage 90 days of rich metadata for investigations and threat hunting.

• Detect unknown threats and anomalies using sandbox analysis, user and entity behavior analytics (UEBA), machine learning models, and more to identify malicious activity (like data exfiltration, bulk downloads, and shared credentials)
• Investigate and hunt for threats using 90 days of rich metadata for cloud services, apps, and web traffic
• Integrate threat intelligence and incident details to improve the effectiveness of your security infrastructure, such as endpoint detection and response (EDR) solutions, security incident and event management (SIEM) systems, and security orchestration and automation response (SOAR) solutions

Leverage cloud threat intelligence

Benefit from the insights of Netskope Threat Research Labs, which is dedicated to the discovery and analysis of new cloud threats, alongside 40+ shared threat intelligence sources, for up-to-the-minute protection against the threats you are facing.

• Leverage proprietary threat intelligence from Netskope Threat Research Labs, which is a dedicated team focused on the discovery and documentation of new cloud threats
• Complement knowledge with 40+ external threat intelligence sources, plus custom-defined IOC hashes and URLs from your internal threat intelligence
• Understand how cloud services and apps are being used to subvert legacy web and email defenses and how allow/deny policies fail
• Learn and develop policies to block rogue accounts instances related to cloud phishing, malicious script delivery, and malware payloads

Quickly respond to threats

Block or quarantine attacks before they can do any damage and take advantage of automated workflows to further analyze and reverse the effects of known threats. Plus, integrate and share threat intelligence and incident details with other security solutions in your infrastructure to coordinate responses.

• Automatically stop known or suspected threats, with options to alert, block, or quarantine
• Leverage automated policies and workflows for real-time response that stop or even reverse the effects of cloud and web threats
• Support targeted or broad policies for cloud services, at the service, service instance, or service category level
• Integrate with third-party remediation tools, such as endpoint detection and response (EDR) solutions, to coordinate incident remediation