Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

September 2021

Netskope Private Access Demo - Browser Access (Clientless)

In this video, we will demonstrate the new client-less Browser Access capabilities in Netskope Private Access (NPA). We will walk you through the configurations and show you how to securely enable access to web applications for contractors, suppliers, and other 3rd party users as well as employee BYOD.

Netskope Selected to Participate in ATARC Zero Trust Lab

We are pleased to share that Netskope has been selected by the Advanced Technology Academic Research Center (ATARC) as one of 49 vendors to participate in its Zero Trust Lab. The Zero Trust Lab is a state-of-the-art physical and virtual test environment that will provide federal agencies with the opportunity to build, test, and evaluate new Zero Trust Architectures in a simulated environment.

DLP Can Be So Much More Than Compliance

When you think about your DLP approach, what immediately comes to mind? Is it primarily centered around compliance? Is it simply using vendor-provided patterns of interest to satisfy an industry-specific framework like PCI, PII, or GDPR? Chances are, this probably describes at least some part of your DLP strategy because it is not difficult to set up and can satisfy a key business requirement of regulatory compliance reporting.

A Real-World Look at AWS Best Practices: Logging

Best practices for securing an AWS environment have been well-documented and generally accepted, such as AWS’s guidance. However, organizations may still find it challenging on how to begin applying this guidance to their specific environments. In this blog series, we’ll analyze anonymized data from Netskope customers that include security settings of 650,000 entities from 1,143 AWS accounts across several hundred organizations.

BazarLoader: Using LoLBins through Office Documents to Deliver Payloads

Malicious Microsoft Office documents are a popular vehicle for malware distribution. Many malware families such as Emotet, IcedID, and Dridex abuse Office documents as their primary distribution mechanism. Attackers have long used phishing emails with malicious Microsoft Office documents, often hosted in popular cloud apps like Box and Amazon S3 to increase the chances of a successful lure. The techniques being used with Office documents are continuing to evolve.

Yes, We Really Are This Confident in NewEdge Performance. Here's Why.

Over the last year, we’ve made tremendous progress expanding NewEdge to provide Netskope customers with the global coverage they demand. We have real, full-compute data centers in nearly 50 regions today and plans to go live with our Lima, Peru data center in early October (which will be our fifth in Latin America).

Demo - Remote Browser Isolation

Safely isolate risky and uncategorized websites. Remote browser isolation (RBI) uses pixel rendering to deliver seamless and safe viewing of risky websites and ensures no website code executes on end-user devices. RBI isolates uncategorized and risky websites as an option for Netskope secure web gateway (SWG) solutions. Known safe sites are allowed, known bad sites are blocked, and risky websites are isolated for safe viewing all within one cloud platform, one console, and one policy engine.

Beyond the Binary: A Third Contender in the Full Tunnel vs. Split Tunnel VPN Debate

Co-authored by James Robinson and Jeff Kessler As rapidly as wide-area networking (WAN) and remote access strategies with associated technologies are changing, we’re always surprised by the amount of time some security professionals and auditors dedicate to the either/or debate between split tunnel and full tunnel connectivity.

Demo - Introduction to Netskope SaaS Security Posture Management (SSPM)

Continuously enforce correct cloud configurations for SaaS Applications. SaaS Security Posture Management (SSPM) ensures common SaaS applications like O365, Zoom, Github, or Salesforce are correctly configured, prevents drift, and simplifies compliance management. Built-in guided remediation helps ensure misconfigurations are swiftly fixed before they can be exploited. Netskope SSPM compliments CASB for unmatched SaaS security.

Straight Talk Series: Network and Security United

A Secure Access Service Edge (or SASE) solution requires both network and security teams, and their tools to work together harmoniously. Netskope, the SASE leader, safely and quickly connects users directly to the internet, any application, and their infrastructure from any device, on or off the network. With CASB, SWG, and ZTNA built natively in a single platform, Netskope is fast everywhere, data-centric, and cloud smart, all while enabling good digital citizenship and providing a lower total-cost-of-ownership.

Ask SME Anything: What's the difference between SASE and SSE?

In this episode of Ask SME (Subject Matter Expert) Anything, Netskope’s Tony Kros dives into Gartner's new term Security Service Edge (SSE), what distinguishes SASE from SSE, and why both concepts are so fundamental to building cloud-centric security and networking architectures of the future.

Who Do You Trust? Challenges with OAuth Application Identity

In our recent blog, Who Do You Trust? OAuth Client Application Trends, we took a look at which OAuth applications were being trusted in a large dataset of anonymized Netskope customers, as well as raised some ideas of how to evaluate the risk involved based on the scopes requested and the number of users involved. One of the looming questions that underlies assessing your application risk is: How does one identify applications? How do you know which application is which? Who is the owner/developer?

Microsoft Office Document Triggering New Zero-Day

Most ransomware groups operating in the RaaS (Ransomware-as-a-Service) model have an internal code of A new zero-day vulnerability (CVE-2021-40444) affecting multiple versions of Windows has recently been discovered and disclosed by Microsoft. According to Microsoft’s Security Update Guide, the MSHTML component can be exploited by an attacker through a custom ActiveX control, allowing remote code execution.

Hive Ransomware: Actively Targeting Hospitals

Most ransomware groups operating in the RaaS (Ransomware-as-a-Service) model have an internal code of ethics that includes avoiding breaching some specific sectors, such as hospitals or critical infrastructure, thus avoiding great harm to society and consequently drawing less attention from law enforcement.

Ask SME Anything: Does SASE offer any benefit if my organization is still on-premise?

In this episode of Ask SME (Subject Matter Expert) Anything, Netskope’s Vidur Ramnarayan discusses how SASE can benefit any organization whether they are on-premise, fully in the cloud, or somewhere in between. Netskope, the SASE leader, safely and quickly connects users directly to the internet, any application, and their infrastructure from any device, on or off the network. With CASB, SWG, and ZTNA built natively in a single platform, Netskope is fast everywhere, data centric, and cloud smart, all while enabling good digital citizenship and providing a lower total-cost-of-ownership.

Understanding Security Service Edge (SSE) and SASE

The SASE journey requires reliable partners with truly integrated platform capabilities, not vendors wielding smoke-and-mirrors-style marketing proclaiming “SASE” in giant headlines. But clarity is critical, and both SASE and the more-recently-coined security service edge (SSE) terminology, can be a little confusing.

A Real-World Look at AWS Best Practices: Networking

Best practices for securing an AWS environment have been well-documented and generally accepted, such as in AWS’s guidance. However, organizations may still find it challenging on how to begin applying this guidance to their specific environments. In this blog series, we’ll analyze anonymized data from Netskope customers that include security settings of 650,000 entities from 1,143 AWS accounts across several hundred organizations.

Infinipoint and Netskope Partner to Integrate Device Identity with Zero Trust Access

In the past year, IT services have gone through a world of change. There are more remote workers, hybrid work models, cloud services, and mobile devices. It is finally safe to say that the classic perimeter no longer exists. In fact, you might go one step further and say that identity is the new perimeter. The ability for end-users to access any applications from any device from anywhere has put securing identities and their access privileges near the top of any Zero Trust security strategy.

AI/ML for Malware Detection

Malware detection is an important part of the Netskope Security Cloud platform, complete with a secure access service edge (SASE) architecture, that we provide to our customers. Malware is malicious software that is designed to harm or exploit devices and computer systems. Various types of malware, such as viruses, worms, Trojan horses, ransomware, and spyware, remain a serious problem for corporations and government agencies.