Netskope, has announced the availability of Netskope Active Threat Protection (NATP), a first-of-its-kind threat protection solution for the cloud access security broker (CASB) industry. With a comprehensive vantage point over cloud app usage, NATP combines threat intelligence, static and dynamic analysis, and machine-learning based anomaly detection to enable real-time detection, prioritised analysis and remediation of threats that may originate from — or be further propagated by — cloud apps. These new Netskope capabilities integrate with industry-leading tools to create a defence-in-depth solution that reduces the time required for cloud threat detection and forensic analysis from hours to minutes.
[easy-tweet tweet=”#CloudNews: @Netskope introduces complete threat protection and remediation solution for #enterprise #apps”]
With 4.1 percent of enterprises’ sanctioned cloud apps laced with malware and total cloud app usage — including unsanctioned or “shadow IT” apps — extending into the thousands per enterprise, organisations have been largely unprotected by traditional perimeter security providers. The increasing complexity of the threat landscape and frequency of attacks has also led to an unprecedented shortage of skills and cognitive overload for IT security professionals.
NATP addresses the lack of cloud visibility with a 360-degree view into sanctioned and unsanctioned cloud app usage, even if the user is accessing the app remotely or from a mobile device. This vantage point over the cloud vector goes beyond other CASB solutions that fail to see all app usage and data movement. NATP goes even further by understanding the context of the usage, such as who is uploading, downloading and sharing data — information that may prove critical when thwarting an attack or limiting its blast radius.
To help IT address the complexity of the threat landscape and skills shortage, NATP is designed to prioritise potential threat dangers during scanning without sacrificing the comprehensiveness of the scans performed. This is done at high speed and in real time before surfacing forensic analysis in a single Netskope dashboard or via a customer’s security information and event management (SIEM) solution. To expedite or automate remediation efforts, NATP comes with a granular policy enforcement engine and can trigger workflows such as quarantining, or a customer can integrate with their existing remediation toolset.
Key features of Netskope Active Threat Protection include:
- 360-degree cloud vantage point: NATP offers a 360-degree view into sanctioned and unsanctioned apps, distilled into users, activity and context, all in one central dashboard.
- Prioritised threat protection: Industry-first prioritised threat protection provides deep contextual-based insights from threat intelligence, static and dynamic analysis and anomaly detection, to detect, analyse and quarantine the latest viruses, advanced persistent threats (APTs), spyware, adware, worms, ransomware and other malware.
- Remediation built for the cloud: NATP leverages the Netskope policy enforcement capabilities along with cloud-specific integrations with endpoint detection and response (EDR), sandbox and SIEM vendors so that the time required for forensics is reduced from hours to minutes.
“With the constantly evolving landscape of malware, ransomware and other threats to the enterprise, IT need not only ‘rip the blindfold off’ when it comes to shadow IT, but must be able to react immediately to ensure the safety and security of sensitive data,” said Sanjay Beri, co-founder and CEO, Netskope. “With Netskope Active Threat Protection, customers can now take advantage of the Netskope deep cloud app visibility and granular policy enforcement capabilities in tandem with the benefits of a complete threat protection suite. We have collaborated with a number of leading enterprise security companies to offer this service to our customers and ensure that we are one step closer to safer enterprise cloud app usage.”
NATP also integrates with leading IT security vendors to provide best-of-breed capabilities and extend existing enterprise investments:
- Threat intelligence feed aggregation and sharing: NATP automatically aggregates and normalises threat intelligence feeds to increase threat detection. In addition, as a participant in the FireEye Cyber Security Coalition, Netskope integrates with the FireEye platform to share intelligence. Finally, Netskope Active Threat Protection communicates using STIX/TAXII or OpenIOC standards to exchange threat context and detection information and Netskope customers can easily leverage existing threat intelligence aggregations that they have built over time.
- Zero-day threat intelligence: Zero-day intelligence feeds from FireEye ensure NATP detects and protects against the latest threats.
- Sandboxing: NATP provides certified integrations with FireEye and Cyphort. Additional sandboxing providers can be leveraged through pre-built integrations.
- Endpoint intelligence and incident response: NATP integrates out-of-the-box with the Carbon Black EDR solution. The integration is bi-directional; endpoint behavioural data is pulled into the Netskope platform, where it is analysed against user, activity and content data. Netskope cloud app policies can also be pushed to the EDR for seamless remediation.