Staying Connected with Cloud Exchange: Netskope Cloud Threat Exchange & Digital Shadows Plugin

Many technology professionals have experienced the sense of frustration that occurs when multiple tools in their environment do not play nicely with each other. When technology leaders are making decisions about bringing new tools into their environment, they should be thinking about more than whether the platform is just a shiny new object that adds a new capability to their team. They should instead be making decisions based on the characteristic that provides the most value to their stack: how the technology integrates with, and enhances the abilities of, the other applications currently being used. Protecting your existing security investments is important, and the Netskope Cloud Exchange (CE) is a way of making sure Netskope is “the player who makes everyone around them better.” Applying this mindset, CE has opened up avenues for the Netskope security team to build closer relationships with our customers and explore new partnerships that create value for all of our stakeholders. 

While Netskope and Digital Shadows were brainstorming, one of the primary goals was delivering something that would benefit our mutual customer base. Several different ideas were thrown around initially, but CE was a natural location for this partnership to kick off. CE plugins provide high visibility for vendors and prove their ability to provide a two-way value with Netskope. The development and operationalizing of CE has also been an area the Netskope Security Operations Center (SOC) has been trying to improve on as part of our Customer Zero initiative. This integration was the perfect chance to take the next leap forward.

All Netskope customers have the ability to use Cloud Exchange to help connect Netskope with the rest of their technology stack. The platform offers nearly 40 different plugins to connect to third-party tools and is separated into four different modules: Cloud Threat Exchange (CTE), Cloud Log Shipper (CLS), Cloud Ticket Orchestrator (CTO), and Cloud Risk Exchange (CRE). Each of these modules works in mostly the same way; they ingest data from Netskope or other third-party tools/platforms via API, transform the data into a uniform object based on the module, and then share this data with other platforms you specify.

The CTE plugin for Digital Shadows makes it easy for customers to export any impersonating domains, impersonating subdomains, and phishing sites that they have found with Digital Shadows. The use case we had in mind while developing this plugin was sharing these domains to a URL list in a Netskope client, where we could then apply policies to automatically alert or block domains as they appear in the wild. If you would like to see this plugin in action, check out this video where I show you how you can begin using this in your own CTE environment.

Working with Digital Shadows to build this integration also meant that we could deliver a solution that was going to benefit as many users as possible and went beyond the minimum requirements originally scoped out. The plugin was originally only going to include impersonating domains, but through our own use of the Digital Shadows platform, we felt that including impersonating subdomains and phishing sites was a natural and valuable addition to the plugin’s capabilities. Including risk factors into the comments section of the IoCs was an idea brought forth by the Digital Shadows team, and yet another symbol of the benefit of working closely with others during development.

Through Netskope’s collaboration with Digital Shadows, we created a solution that provides value to both of our customer bases. It demonstrates how both Netskope technology and our security team, can assist organizations with extending the use cases of their product and increase the value provided to current and prospective customers through an interconnected security stack. Connecting ourselves with other technology vendors, their products, and our customers further enhances the ways in which our platform is “security that’s ready for anything.”

If you would like to chat with our security team about ways we can help your product become a dynamic duo with Netskope, please reach out at [email protected].