Quantify the value of Netskope One SSE – Get the 2024 Forrester Total Economic Impact™ study

cerrar
cerrar
  • Por qué Netskope chevron

    Cambiar la forma en que las redes y la seguridad trabajan juntas.

  • Nuestros clientes chevron

    Netskope atiende a más de 3.400 clientes en todo el mundo, incluidos más de 30 de las 100 empresas más importantes de Fortune

  • Nuestros Partners chevron

    Nos asociamos con líderes en seguridad para ayudarlo a asegurar su viaje a la nube.

Líder en SSE. Ahora es líder en SASE de un solo proveedor.

Descubre por qué Netskope debutó como Líder en el Cuadrante Mágico de Gartner® 2024 para Secure Access Service Edge (SASE) de Proveedor Único.

Obtenga el informe
Testimonios de Clientes

Lea cómo los clientes innovadores navegan con éxito por el cambiante panorama actual de las redes y la seguridad a través de la Plataforma Netskope One.

Obtenga el eBook
Testimonios de Clientes
La estrategia de venta centrada en el partner de Netskope permite a nuestros canales maximizar su expansión y rentabilidad y, al mismo tiempo, transformar la seguridad de su empresa.

Más información sobre los socios de Netskope
Grupo de jóvenes profesionales diversos sonriendo
Tu red del mañana

Planifique su camino hacia una red más rápida, más segura y más resistente diseñada para las aplicaciones y los usuarios a los que da soporte.

Obtenga el whitepaper
Tu red del mañana
Netskope Cloud Exchange

Cloud Exchange (CE) de Netskope ofrece a sus clientes herramientas de integración eficaces para que saquen partido a su inversión en estrategias de seguridad.

Más información sobre Cloud Exchange
Vista aérea de una ciudad
  • Security Service Edge chevron

    Protéjase contra las amenazas avanzadas y en la nube y salvaguarde los datos en todos los vectores.

  • SD-WAN chevron

    Proporcione con confianza un acceso seguro y de alto rendimiento a cada usuario remoto, dispositivo, sitio y nube.

  • Secure Access Service Edge chevron

    Netskope One SASE proporciona una solución SASE nativa en la nube, totalmente convergente y de un único proveedor.

La plataforma del futuro es Netskope

Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG) y Private Access for ZTNA integrados de forma nativa en una única solución para ayudar a todas las empresas en su viaje hacia la arquitectura Secure Access Service Edge (SASE).

Todos los productos
Vídeo de Netskope
Next Gen SASE Branch es híbrida: conectada, segura y automatizada

Netskope Next Gen SASE Branch converge Context-Aware SASE Fabric, Zero-Trust Hybrid Security y SkopeAI-Powered Cloud Orchestrator en una oferta de nube unificada, marcando el comienzo de una experiencia de sucursal completamente modernizada para la empresa sin fronteras.

Obtenga más información sobre Next Gen SASE Branch
Personas en la oficina de espacios abiertos.
Arquitectura SASE para principiantes

Obtenga un ejemplar gratuito del único manual que necesitará sobre diseño de una arquitectura SASE.

Obtenga el eBook
Libro electrónico de arquitectura SASE para principiantes
Cambie a los servicios de seguridad en la nube líderes del mercado con una latencia mínima y una alta fiabilidad.

Más información sobre NewEdge
Autopista iluminada a través de las curvas de la ladera de la montaña
Habilite de forma segura el uso de aplicaciones de IA generativa con control de acceso a aplicaciones, capacitación de usuarios en tiempo real y la mejor protección de datos de su clase.

Descubra cómo aseguramos el uso generativo de IA
Habilite de forma segura ChatGPT y IA generativa
Soluciones de confianza cero para implementaciones de SSE y SASE

Más información sobre Confianza Cero
Conducción en barco en mar abierto
Netskope logra la alta autorización FedRAMP

Elija Netskope GovCloud para acelerar la transformación de su agencia.

Más información sobre Netskope GovCloud
Netskope GovCloud
  • Recursos chevron

    Obtenga más información sobre cómo Netskope puede ayudarle a proteger su viaje hacia la nube.

  • Blog chevron

    Descubra cómo Netskope permite la transformación de la seguridad y las redes a través del perímetro de servicio de acceso seguro (SASE)

  • Eventos y Talleres chevron

    Manténgase a la vanguardia de las últimas tendencias de seguridad y conéctese con sus pares.

  • Seguridad definida chevron

    Todo lo que necesitas saber en nuestra enciclopedia de ciberseguridad.

Podcast Security Visionaries

Predicciones para 2025
En este episodio de Security Visionaries, nos acompaña Kiersten Todt, presidenta de Wondros y ex jefa de personal de la Agencia de Seguridad de Infraestructura y Ciberseguridad (CISA), para analizar las predicciones para 2025 y más allá.

Reproducir el pódcast Ver todos los podcasts
Predicciones para 2025
Últimos blogs

Lea cómo Netskope puede habilitar el viaje hacia Zero Trust y SASE a través de las capacidades de perímetro de servicio de acceso seguro (SASE).

Lea el blog
Amanecer y cielo nublado
SASE Week 2024 bajo demanda

Aprenda a navegar por los últimos avances en SASE y Zero Trust y explore cómo estos marcos se están adaptando para abordar los desafíos de ciberseguridad e infraestructura

Explorar sesiones
SASE Week 2024
¿Qué es SASE?

Infórmese sobre la futura convergencia de las herramientas de red y seguridad en el modelo de negocio actual de la nube.

Conozca el SASE
  • Empresa chevron

    Le ayudamos a mantenerse a la vanguardia de los desafíos de seguridad de la nube, los datos y la red.

  • Ofertas de Trabajo chevron

    Únase a los +3,000 increíbles miembros del equipo de Netskopeque construyen la plataforma de seguridad nativa en la nube líder en el sector.

  • Soluciones para clientes chevron

    Le apoyamos en cada paso del camino, garantizando su éxito con Netskope.

  • Formación y Acreditaciones chevron

    La formación de Netskope le ayudará a convertirse en un experto en seguridad en la nube.

Apoyar la sostenibilidad a través de la seguridad de los datos

Netskope se enorgullece de participar en Vision 2045: una iniciativa destinada a crear conciencia sobre el papel de la industria privada en la sostenibilidad.

Descubra más
Apoyando la sustentabilidad a través de la seguridad de los datos
Ayude a dar forma al futuro de la seguridad en la nube

At Netskope, founders and leaders work shoulder-to-shoulder with their colleagues, even the most renowned experts check their egos at the door, and the best ideas win.

Únete al equipo
Empleo en Netskope
Netskope dedicated service and support professionals will ensure you successful deploy and experience the full value of our platform.

Ir a Soluciones para clientes
Servicios profesionales de Netskope
Asegure su viaje de transformación digital y aproveche al máximo sus aplicaciones en la nube, web y privadas con la capacitación de Netskope.

Infórmese sobre Capacitaciones y Certificaciones
Grupo de jóvenes profesionales que trabajan

BlackCat Ransomware: Tactics and Techniques From a Targeted Attack

Nov 09 2022

Summary

BlackCat (a.k.a. ALPHV and Noberus) is a Ransomware-as-a-Service (RaaS) group that emerged in November 2021, making headlines for being a sophisticated ransomware written in Rust. It has both Windows and Linux variants and the payload can be customized to adapt to the attacker’s needs. BlackCat is also believed to be the successor of the Darkside and BlackMatter ransomware groups. They work with a double-extortion scheme, where data is stolen, encrypted, and leaked if the ransom isn’t paid, which is a common methodology implemented by RaaS groups. 

According to Microsoft, BlackCat was found targeting different countries and regions in Africa, the Americas, Asia, and Europe, having at least two known affiliates: DEV-0237 (previously associated with Ryuk, Conti, and Hive), and DEV-0504 (previously associated with Ryuk, REvil, BlackMatter, and Conti). However, due to the diversity of affiliates and targets, BlackCat may present different TTPs across the attacks. Recently, in September 2022, BlackCat claimed to have breached a contractor that provides services to the U.S. Department of Defense and other government agencies. 

In this blog post, we will analyze BlackCat and show some of the tactics and techniques we found in a recent ransomware incident analyzed by Netskope Threat Labs. The evidence shows that this was a targeted attack, where the attackers were mainly focused on stealing sensitive data from the organization and infecting as many devices as possible.

Initial Foothold and Lateral Movements

In a recent incident analyzed by Netskope Threat Labs, the attackers breached a contractor who had access to a virtual desktop machine within the corporate network.

The attacker used a malicious browser extension to capture the contractor’s account. Since there was no MFA required, the attacker was able to login to the virtual desktop, escalate privileges, and move to other devices in the corporate network.

Payload Execution

After scanning the corporate network, BlackCat attackers created multiple text files, each one containing the names of identified machines in the network.

Screenshot of files with names of machines identified by the attackers.
Files with names of machines identified by the attackers.

Then, they used PsExec and a compromised domain account to deploy ExMatter to more than 2,000 machines in the network.

Screenshot of details of PsExec binary used by BlackCat attackers.
Details of PsExec binary used by BlackCat attackers.

The attackers used batch files to execute multiple PsExec commands to deploy payloads to the identified machines.

Screenshot of Batch file executed by BlackCat attacker.
Batch file executed by BlackCat attacker.

Below is an example of the command line executed by the attacker to remotely execute commands and payloads using PsExec and the compromised account:

start PsExec.exe -d -n 5 @C:\temp\list01.txt -accepteula -u <REDACTED_USER> -p <REDACTED_PASSWORD> cmd /c <COMMAND_LINE>

The description for the PsExec arguments used by the attacker can be found below:

ArgumentDescription
-dDon't wait for process to terminate (non-interactive)
-n 5Wait 5 seconds when connecting to remote computers
@C:\temp\list01.txtFile containing the names of the computers in which PsExec will execute the command
-accepteulaAutomatically accept the EULA to avoid displaying the dialog
-u Username of the compromised account used by the attacker
-p Password of the compromised account used by the attacker
cmd /c Command-line executed by the attacker

Among other evidence, it’s possible to confirm whether PsExec was successfully executed in a device by checking the following registry key.

Screenshot of key added by PsExec when the tool is executed.
Key added by PsExec when the tool is executed.

Data Exfiltration

In this incident, the attackers used a .NET data exfiltration tool known as ExMatter, which was the same tool used by BlackMatter ransomware and recently adopted by BlackCat. It’s worth mentioning that the server used for data exfiltration in this incident was stood up by the attackers one day before the attack.

The specific sample from this incident was compiled close to the attack and contains a popular .NET protection named Confuser.

Example of details about the ExMatter tool used by BlackCat attackers.
Some details about the ExMatter tool used by BlackCat attackers.

The attacker tried to deploy this tool to over 2,000 machines in the network using PsExec, like described earlier. ExMatter will iterate over the drives of infected machines to search for files that will be exfiltrated.

Screenshot of logs from the ExMatter tool used by BlackCat.
Logs from the ExMatter tool used by BlackCat.

As described earlier, this tool was recently updated by BlackCat, containing code refactoring and new functionalities. Despite the code changes, we can clearly observe similarities between a known ExMatter sample and the tool used in this attack.

Screenshot comparing a known ExMatter tool with the binary found in the attack.
Comparing a known ExMatter tool with the binary found in the attack.

ExMatter contains a list with details about the types of files it will try to exfiltrate and directories to avoid. Also, this tool is only stealing files between 4 KB and 64 MB.

Example of types of files ExMatter will try to exfiltrate.
Types of files ExMatter will try to exfiltrate.

It will not exfiltrate data from the following directories:

  • AppData\Local\Microsoft
  • AppData\Local\Packages
  • AppData\Roaming\Microsoft
  • C:$Recycle.Bin
  • C:\Documents and Settings
  • C:\PerfLogs
  • C:\Program Files
  • C:\Program Files (x86)
  • C:\ProgramData
  • C:\Users\All Users\Microsoft
  • C:\Windows
Screenshot of ExMatter skipping directories from the pre-defined list.
ExMatter skipping directories from the pre-defined list.

As previously mentioned, it will only exfiltrate files that contains the following extensions and are within the file size threshold:

  • *.bmp
  • *.doc
  • *.docx
  • *.dwg
  • *.ipt
  • *.jpeg
  • *.jpg
  • *.msg
  • *.pdf
  • *.png
  • *.pst
  • *.rdp
  • *.rtf
  • *.sql
  • *.txt
  • *.txt
  • *.xls
  • *.xlsx
  • *.zip
Example of ExMatter function that searches for files to exfiltrate.
ExMatter function that searches for files to exfiltrate.

By default, this specific sample is trying to communicate with an IP address via WebDav, initially sending a PROPFIND request.

Example of exfiltration tool sending an initial request to the attacker’s server.
Exfiltration tool sending an initial request to the attacker’s server.

The WebDav methods implemented by this tool are: PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, and UNLOCK.

Screenshot of WebDav methods implemented in ExMatter.
WebDav methods implemented in ExMatter.

This tool can also be executed in background (without showing the console) if “-background” or “-b” is specified.

Example of checking if the “background” parameter was specified.
Checking if the “background” parameter was specified.

Data Encryption

Like the ExMatter tool, the BlackCat payload was also compiled in July 2022. The attackers deployed the ransomware to over 2,000 machines with the same technique described earlier, by using PsExec with a compromised domain account.

Example of some of the binary details of BlackCat ransomware.
Some of the binary details of BlackCat ransomware.

BlackCat can be executed with different parameters, which can be found in its “help” menu.

Screenshot of the BlackCat ransomware help menu.
BlackCat ransomware help menu.

The options offered by BlackCat ransomware are:

ParameterDescription
--access-token String used by BlackCat to validate the execution. It’s also used to decrypt BlackCat configuration in the latest version
--bypass This parameter doesn’t seem to be implemented
--childRun as child process
--drag-and-dropInvoked with drag and drop
--drop-drag-and-drop-targetDrop drag and drop target batch file
--extra-verboseLog more to console (Also forces process to run in attached mode)
-h, --helpPrint help information
--log-file Enable logging to specified file
--no-impersDo not spawn impersonated processes on Windows
--no-netDo not discover network shares on Windows
--no-propDo not self propagate (worm) on Windows
--no-prop-servers Do not propagate to defined servers
--no-vm-killDo not stop VMs on ESXi
--no-vm-kill-names Do not stop defined VMs on ESXi
--no-vm-snapshot-killDo not wipe VMs snapshots on ESXi
--no-wallDo not update desktop wallpaper on Windows
-p, --paths Only process files inside defined paths
--prop-file Propagate specified file
--propagatedRun as propagated process
--safebootReboot in Safe Mode before running on Windows
--safeboot-instanceRun as safeboot instance on Windows
--safeboot-networkReboot in Safe Mode with Networking before running on Windows
--sleep-restart Sleep for duration in seconds after a successful run and then restart. (This is soft persistence, keeps process alive no longer then defined in --sleep-restart-duration, 24 hours by default)
--sleep-restart-duration Keep soft persistence alive for duration in seconds. (24 hours by default)
--sleep-restart-until Keep soft persistence alive until defined UTC time in millis. (Defaults to 24 hours since launch)
--uiShow user interface
-v, --verboseLog to console

At this point, two versions of BlackCat’s encryptor were found in the wild. The first one was storing the ransomware’s configuration in plain-text within the binary, which could be easily extracted and parsed. The second one started to encrypt the configuration, where the decryption key is passed via an argument named “access token”. In other words, the latest version of BlackCat cannot be executed or have its configuration extracted if the access token is unknown. 

The version used in this specific attack is the latest one, which can be confirmed by running the sample without the access key or with an random key, generating an “invalid config” error.

Example of how BlackCat cannot be executed without the correct token created by the attacker.
BlackCat cannot be executed without the correct token created by the attacker.

Once running, the access key is then parsed and used to decrypt the configuration in runtime, using AES-128.

Example of BlackCat ransomware decrypting the configuration with the token provided by the attacker.
BlackCat ransomware decrypting the configuration with the token provided by the attacker.

BlackCat ransomware’s configuration contains 23 fields:

ValueDescription
config_idConfiguration ID (used by BlackCat to identify the target)
extensionExtension added to encrypted files
public_keyRSA public key
note_file_nameName of the ransom note
note_full_textFull version of the ransom note
note_short_textShort version of the ransom note
credentialsArray of compromised credentials used by BlackCat for privilege escalation and propagation via PsExec
default_file_modeFile encryption mode, usually set as “Auto”. The “SmartPattern” value was also found in the wild, which resulted in just some megabytes of the file being encrypted.
default_file_cipherFile encryption cipher, usually defined as “Best”, which uses AES.
kill_servicesList of services to be terminated
kill_processesList of processes to be terminated
exclude_directory_namesList of directories to exclude from the encryption process
exclude_file_namesList of files to exclude from the encryption process
exclude_file_extensionsList of extensions to exclude from the encryption process
exclude_file_path_wildcardFile paths to be excluded from the encryption process using wildcard
enable_network_discoveryEnable/disable network discovery
enable_self_propagationEnable/disable self propagation via PsExec
enable_set_wallpaperEnable/disable the wallpaper change
enable_esxi_vm_killEnable/disable VM termination on ESXi
enable_esxi_vm_snapshot_killEnable/disable snapshot deletion on ESXi
strict_include_pathsHardcoded file paths to encrypt
esxi_vm_kill_excludeList of VMs to exclude on ESXi hosts
sleep_restartSleep time before restart

According to the decrypted configuration of this specific sample, the ransomware tries to kill the following services:

  • agntsvc
  • dbeng50
  • dbsnmp
  • encsvc
  • excel
  • firefox
  • infopath
  • isqlplussvc
  • msaccess
  • mspub
  • mydesktopqos
  • mydesktopservice
  • notepad
  • ocautoupds
  • ocomm
  • ocssd
  • onenote
  • oracle
  • outlook
  • powerpnt
  • sqbcoreservice
  • sql
  • steam
  • synctime
  • tbirdconfig
  • thebat
  • thunderbird
  • visio
  • winword
  • wordpad
  • xfssvccon
  • *sql*
  • bedbh
  • vxmon
  • benetns
  • bengien
  • pvlsvr
  • beserver
  • raw_agent_svc
  • vsnapvss
  • CagService
  • QBIDPService
  • QBDBMgrN
  • QBCFMonitorService
  • SAP
  • TeamViewer_Service
  • TeamViewer
  • tv_w32
  • tv_x64
  • CVMountd
  • cvd
  • cvfwd
  • CVODS
  • saphostexec
  • saposcol
  • sapstartsrv
  • avagent
  • avscc
  • DellSystemDetect
  • EnterpriseClient
  • VeeamNFSSvc
  • VeeamTransportSvc
  • VeeamDeploymentSvc

The ransomware does not encrypt files in the following directories:

  • system volume information
  • intel
  • $windows.~ws
  • application data
  • $recycle.bin
  • mozilla
  • $windows.~bt
  • public
  • msocache
  • windows
  • default
  • all users
  • tor browser
  • programdata
  • boot
  • config.msi
  • google
  • perflogs
  • appdata
  • windows.old

It has the following file name exclusion list:

  • desktop.ini
  • autorun.inf
  • ntldr
  • bootsect.bak
  • thumbs.db
  • boot.ini
  • ntuser.dat
  • iconcache.db
  • bootfont.bin
  • ntuser.ini
  • ntuser.dat.log

It also skips the encryption on files with these extensions:

  • themepack
  • nls
  • diagpkg
  • msi
  • lnk
  • exe
  • cab
  • scr
  • bat
  • drv
  • rtp
  • msp
  • prf
  • msc
  • ico
  • key
  • ocx
  • diagcab
  • diagcfg
  • pdb
  • wpx
  • hlp
  • icns
  • rom
  • dll
  • msstyles
  • mod
  • ps1
  • ics
  • hta
  • bin
  • cmd
  • ani
  • 386
  • lock
  • cur
  • idx
  • sys
  • com
  • deskthemepack
  • shs
  • ldf
  • theme
  • mpa
  • nomedia
  • spl
  • cpl
  • adv
  • icl
  • msu

The following settings are also enabled according to the config file:

  • Network Discovery
  • Self Propagation
  • Set Wallpaper
  • ESXi VM Kill
  • ESXi VM Snapshot kill

BlackCat also contains a “self propagation” functionality (worm), by using PsExec and compromised credentials specified in the configuration. The PsExec binary is encrypted and stored within the ransomware executable.

Example of PsExec binary embedded within the ransomware payload.
PsExec binary embedded within the ransomware payload.

There’s also an option named “drag-and-drop”, which creates a batch file that can be used to execute the ransomware. The content of this file is decrypted at runtime.

Screenshot of Batch file created by BlackCat.
Batch file created by BlackCat.

Additional commands ran by BlackCat:

  1. Get device UUID
    “C:\Windows\system32\cmd.exe” /c “wmic csproduct get UUID”
  2. Stop IIS service
    “C:\Windows\system32\cmd.exe” /c “iisreset.exe /stop”
  3. Clean shadow copies
    “C:\Windows\system32\cmd.exe” /c “vssadmin.exe Delete Shadows /all /quiet”
    “C:\Windows\system32\cmd.exe” /c “wmic.exe Shadowcopy Delete”
  4. List Windows event logs names and try to clear them all.
    “C:\Windows\system32\cmd.exe” /c “wevtutil.exe el”
    “C:\Windows\system32\cmd.exe” /c “wevutil.exe cl \”<NameHere>\”

In this attack, we noticed that the attacker listed all the logs with the correct binary (wevtutil), but there’s a typo in the commands that actually clear the logs (wevutil). In other words, the attacker failed to clean the Windows event logs.

Screenshot of a typo in command line executed by the ransomware.
Typo in command line executed by the ransomware.

This ransomware encrypts files using AES or ChaCha20 depending on the configuration, and the key used to encrypt the file is encrypted with a public RSA key contained within its configuration. 

Once done, the extension defined in the configuration is appended to encrypted files and, like other ransomware, BlackCat created the ransom note with information about the attack and contact instructions.

Example of BlackCat ransom note.
BlackCat ransom note.

If enabled in the configuration, the ransomware also changes the user’s wallpaper with the following message.

Example of BlackCat wallpaper message.
BlackCat wallpaper message.

BlackCat’s Website

Like other RaaS groups operating in the double-extortion scheme, BlackCat maintains a website hosted on the deep web where they leak stolen data if the ransom isn’t paid by the victims.

Screenshot of BlackCat “collections” website.
BlackCat “collections” website.

They are likely the first ransomware group that allows you to search leaked data through keywords, even supporting wildcards.

Conclusions

BlackCat and other Ransomware-as-a-Service (RaaS) groups often exploit basic flaws in security policies and network architecture to infect as many devices as possible, stealing and encrypting data to extort organizations and individuals. As demonstrated in this analysis, these groups often use legitimate tools throughout the attack, such as PsExec.

We strongly recommend companies revisit password policies and avoid using default passwords for new accounts. Technologies such as Microsoft LAPS can help to generate unique passwords for local administrator accounts. Implementing a security policy to enforce multi-factor authentication and using strong passwords for domain accounts is also recommended. 

Implementing strong monitoring and blocking known tools like PsExec can also help the security of your organization. User training is also strongly recommended as social engineering could be exploited by these groups to gain access to networks. Lastly, we also recommend using a secure web gateway to protect your network against malware and data exfiltration.

Tactics and Techniques

All the tactics and techniques observed in this analysis can be mapped with the MITRE ATT&CK knowledge base as follows:

TacticATT&CK IDDescription
ReconnaissanceT1589.001Gather Victim Identity Information: Credentials
Resource DevelopmentT1587.001Develop Capabilities: Malware
Resource DevelopmentT1588.002Obtain Capabilities: Tool
Initial AccessT1078.002Valid Accounts: Domain Accounts
ExecutionT1059.003Command and Scripting Interpreter: Windows Command Shell
Privilege EscalationT1548.002Abuse Elevation Control Mechanism: Bypass UAC
Defense EvasionT1222.001File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Defense EvasionT1070.001Indicator Removal on Host: Clear Windows Event Logs
DiscoveryT1087.002Account Discovery: Domain Account
DiscoveryT1083File and Directory Discovery
Lateral MovementT1570Lateral Tool Transfer
Command and ControlT1071.001Application Layer Protocol: Web Protocols
ExfiltrationT1048Exfiltration Over Alternative Protocol
ImpactT1486Data Encrypted for Impact
ImpactT1491.001Defacement: Internal Defacement
author image
Gustavo Palazolo
Gustavo Palazolo is an expert in malware analysis, reverse engineering and security research, working many years in projects related to electronic fraud protection.
Gustavo Palazolo is an expert in malware analysis, reverse engineering and security research, working many years in projects related to electronic fraud protection.

Stay informed!

Suscríbase para recibir lo último del blog de Netskope