Netskope Expands Amazon Web Services Security Capabilities with Insider Threat Protection, Continuous Security Assessment Enhancements

Multi-cloud dashboard and reporting simplifies enterprise public cloud compliance

SANTA CLARA, Calif. – Nov. 15, 2018 – Netskope, the leader in cloud security, today announced the release of several enhancements to Netskope for IaaS. For Amazon Web Services (AWS), enterprises can now use Netskope to create and enforce policies prohibiting data exfiltration from managed to unmanaged Amazon S3 buckets. Organizations can also achieve their compliance objectives with a continuous view of cloud inventory, and identify assets that may need configuration remediations. In addition to these enhancements to Netskope for AWS, the company also introduced a multi-cloud dashboard and report for organizations that use more than one cloud infrastructure provider.

AWS provides two primary controls for defining authorized access control policies for S3. Enterprises can define user permissions with identity and access management (IAM) policies to control what resources users have access to and what actions are allowed or denied for each role. Enterprises can also define bucket policies to prescribe the permissible actions on buckets. Many organizations, however, still grapple with how to ensure users with legitimate access to data stored in S3 buckets are not inadvertently or maliciously uploading that data to an unsanctioned or non-corporate S3 bucket.

Powered by the patented Netskope Cloud XD technology, these industry-first capabilities enable customers to use Netskope to monitor and prevent data movement to S3 buckets outside of an organization’s control. Netskope for AWS enables customers to apply granular control policies that allow copy/sync to managed buckets but prevent copy/sync to unmanaged ones. With a list of approved accounts and buckets that is automatically and continuously updated, customers can create real-time policies to whitelist bucket activities like copy/sync to/from specific buckets, and block the action for unapproved buckets. Other data exfiltration paths can also be thwarted, such as blocking users uploading data from their machine to unmanaged buckets.

Netskope enhancements to the continuous security assessment for AWS include:

• Simplified cloud compliance for large multi-cloud environments: Most large enterprises operate in multiple clouds and have large numbers of accounts. The new Netskope user interface, powered by our unique “One Cloud” architecture, provides a comprehensive view of public cloud infrastructure. Administrators will have an overview of the application spread across multiple clouds summarized view of all their cloud infrastructure, then drill down by filtering on Cloud Service Provider, Account, Tags, and more; thereby removing the need for “swivel-chair administration” by logging into multiple consoles.
• Asset inventory: See cloud infrastructure assets and resources from a single dashboard. View inventory and manage risk of cloud resources across CSPs, drilling down into details with an asset oriented view of your cloud risks.
• Expanded configuration checks: Configuration drift may occur due to one time changes or deployment scripts changes. These can now be identified easily with over 40 out-of-the-box configuration checks. They include correlation configuration checks that look at multiple layers of controls to find misconfigurations that expose resources in your environment. These checks go beyond the basic compliance checks to produce higher fidelity, more actionable alerts. For example, these checks will identify security groups that expose SSH to the internet for EC2 instances that are currently running and have internet connectivity.  

In addition to these enhancements to Netskope for AWS, Netskope also announced the availability of a multi-cloud dashboard and a reporting framework that delivers on-demand and on schedule compliance reports for customers that use more than one cloud infrastructure provider. With today’s release, customers can use an intuitive new user interface that gives an aggregated view of security and compliance posture across multiple cloud providers. With this new view, admins can find quickly find misconfigurations, security threats, view compliance status and gaps and remediate them.

“Data breaches resulting from leaky public cloud infrastructure like Amazon S3 buckets are a major concern for enterprises, and today’s announcement will go very far in protecting our customers from inadvertent or malicious insider threats,” said Sanjay Beri, founder and CEO, Netskope. “We look forward to working with enterprises around the world to help them realize the benefits of public cloud infrastructure without sacrificing security. ”

Netskope is unique in its ability to identify all managed and unmanaged AWS, Microsoft Azure, and Google Cloud Platform (GCP) instances inside of an enterprise, identify the owner of the instance, audit all activities, and protect against deliberate or inadvertent exposure of sensitive data. Similarly, it can also prevent malware and ransomware in these instances. No other CASB provides this capability across the broad spectrum of enterprise IaaS use.

About Netskope

Netskope is the leader in cloud security. We help the world’s largest organizations take full advantage of the cloud and web without sacrificing security. Our patented Cloud XD technology eliminates blind spots by going deeper than any other security provider to quickly target and control activities across thousands of cloud services and millions of websites. With full control through one cloud-native interface, our customers benefit from 360-degree data protection that guards data everywhere and advanced threat protection that stops elusive attacks. Netskope — smart cloud security.