Quantify the value of Netskope One SSE – Get the 2024 Forrester Total Economic Impact™ study

close
magnifying glass
Get Started
magnifying glass
Support
chevron
Support Language
close
  • Why Netskope chevron

    Changing the way networking and security work together.

  • Our Customers chevron

    Netskope serves more than 3,400 customers worldwide including more than 30 of the Fortune 100

  • Our Partners chevron

    We partner with security leaders to help you secure your journey to the cloud.

A Leader in SSE. Now a Leader in Single-Vendor SASE.

Learn why Netskope debuted as a leader in the 2024 Gartner® Magic Quadrant™️ for Single-Vendor Secure Access Service Edge

Get the report
Customer Visionary Spotlights

Read how innovative customers are successfully navigating today’s changing networking & security landscape through the Netskope One platform.

Get the eBook
Customer Visionary Spotlights
Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.

Learn about Netskope Partners
Group of diverse young professionals smiling
Your Network of Tomorrow

Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.

Get the white paper
Your Network of Tomorrow
Netskope Cloud Exchange

The Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.

Learn about Cloud Exchange
Aerial view of a city
  • Security Service Edge chevron

    Protect against advanced and cloud-enabled threats and safeguard data across all vectors.

  • SD-WAN chevron

    Confidently provide secure, high-performance access to every remote user, device, site, and cloud.

  • Secure Access Service Edge chevron

    Netskope One SASE provides a cloud-native, fully-converged and single-vendor SASE solution.

The platform of the future is Netskope

Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG), and Private Access for ZTNA built natively into a single solution to help every business on its journey to Secure Access Service Edge (SASE) architecture.

Go to Products Overview
Netskope video
Next Gen SASE Branch is hybrid — connected, secured, and automated

Netskope Next Gen SASE Branch converges Context-Aware SASE Fabric, Zero-Trust Hybrid Security, and SkopeAI-powered Cloud Orchestrator into a unified cloud offering, ushering in a fully modernized branch experience for the borderless enterprise.

Learn about Next Gen SASE Branch
People at the open space office
SASE Architecture For Dummies

Get your complimentary copy of the only guide to SASE design you’ll ever need.

Get the eBook
SASE Architecture For Dummies eBook
Go to Solutions Overview
Go to Solutions Overview
Go to Solutions Overview
Make the move to market-leading cloud security services with minimal latency and high reliability.

Learn about NewEdge
Lighted highway through mountainside switchbacks
Safely enable the use of generative AI applications with application access control, real-time user coaching, and best-in-class data protection.

Learn how we secure generative AI use
Safely Enable ChatGPT and Generative AI
Zero trust solutions for SSE and SASE deployments

Learn about Zero Trust
Boat driving through open sea
Netskope achieves FedRAMP High Authorization

Choose Netskope GovCloud to accelerate your agency’s transformation.

Learn about Netskope GovCloud
Netskope GovCloud
  • Resources chevron

    Learn more about how Netskope can help you secure your journey to the cloud.

  • Blog chevron

    Learn how Netskope enables security and networking transformation through secure access service edge (SASE)

  • Events and Workshops chevron

    Stay ahead of the latest security trends and connect with your peers.

  • Security Defined chevron

    Everything you need to know in our cybersecurity encyclopedia.

Security Visionaries Podcast

2025 Predictions
In this episode of Security Visionaries, we're joined by Kiersten Todt, President at Wondros and former Chief of Staff for the Cybersecurity and Infrastructure Security Agency (CISA) to discuss predictions for 2025 and beyond.

Play the podcast Browse all podcasts
2025 Predictions
Latest Blogs

Read how Netskope can enable the Zero Trust and SASE journey through secure access service edge (SASE) capabilities.

Read the blog
Sunrise and cloudy sky
SASE Week 2024 On-Demand

Learn how to navigate the latest advancements in SASE and zero trust and explore how these frameworks are adapting to address cybersecurity and infrastructure challenges

Explore sessions
SASE Week 2024
What is SASE?

Learn about the future convergence of networking and security tools in today’s cloud dominant business model.

Learn about SASE
  • Company chevron

    We help you stay ahead of cloud, data, and network security challenges.

  • Careers chevron

    Join Netskope's 3,000+ amazing team members building the industry’s leading cloud-native security platform.

  • Customer Solutions chevron

    We are here for you and with you every step of the way, ensuring your success with Netskope.

  • Training and Accreditations chevron

    Netskope training will help you become a cloud security expert.

Go to Customer Solutions
Netskope Training
Supporting sustainability through data security

Netskope is proud to participate in Vision 2045: an initiative aimed to raise awareness on private industry’s role in sustainability.

Find out more
Supporting Sustainability Through Data Security
Help shape the future of cloud security

At Netskope, founders and leaders work shoulder-to-shoulder with their colleagues, even the most renowned experts check their egos at the door, and the best ideas win.

Join the team
Careers at Netskope
Netskope dedicated service and support professionals will ensure you successful deploy and experience the full value of our platform.

Go to Customer Solutions
Netskope Professional Services
Secure your digital transformation journey and make the most of your cloud, web, and private applications with Netskope training.

Learn about Training and Certifications
Group of young professionals working

Netskope
Threat Labs Report:
Australia 2024

light blue plus
The Netskope Threat Labs Report series aims to provide strategic, actionable intelligence on active threats. In this report, we cover Australia.
Netskope Threat Labs Report

Australia
November 2024

In This Report Introduction Social engineering Malicious content delivery
TA577 Evil Corp
Data security GenAI data security
Aggressive adoption Mitigating controls
Recommendations Netskope Threat Labs About This Report
10 min read

In This Report link link

  • Phishing is a popular adversary tactic in Australia, where 5 out of every 1,000 enterprise users click a phishing link monthly, and adversaries commonly target popular cloud apps.
  • Data loss prevention tools are ubiquitous in Australia, with 80% of organizations implementing DLP controls and 6% of users violating data protection policies monthly.
  • While organizations in Australia have adopted genAI apps at the same rate as the rest of the world, they have been more aggressive at applying certain types of controls, especially real-time user coaching, to reduce the data risks associated with genAI.

 

 test answer

Introduction link link

This report focuses on three types of threats the organizations in Australia face

  • Social engineering – Adversaries use tactics including phishing and impersonation to exploit human behavior and bypass security measures.
  • Malicious content delivery – Adversaries attempt to trick their victims into accessing malicious content on the web or in the cloud.
  • Data security – Data security is at risk from external adversaries in targeted breaches and insiders mishandling data.

 

Social engineering link link

Social engineering is among Australia’s most significant cybersecurity threats. Social engineering includes phishing, fake software updates, tech support scams, and Trojans. Phishing is one of the most common social engineering tactics, with 5 out of every 1,000 individuals working in Australia clicking on a phishing link monthly. This rate is slightly higher than the global average. The victims click on links in various places, including email, messaging apps, social media, ads, and search engine results. Among the most common phishing targets are cloud accounts, which attackers seek to leverage for data theft, to sell on illicit marketplaces, or to leverage for additional attacks.

 

Malicious content delivery link link

Each month, approximately 1% of users in Australia attempt to access malicious content on the web or in the cloud and are blocked from doing so by Netskope Advanced Threat Protection engines. The malicious content takes multiple forms, including malicious JavaScript content that the browser executes and malware downloads that infect the host OS. The following is a list of the top five malware families detected in Australia over the past year.

  • Backdoor.Zusy (a.k.a. TinyBanker) is a banking Trojan based on the source code of Zeus, aiming to steal personal information via code injection into websites.
  • Downloader.SLoad (a.k.a Starslord) is a downloader often used to deliver Ramnit.
  • Trojan.FakeUpdater (a.k.a. SocGholish) is a JavaScript downloader that delivers various payloads, including Dridex and Azorult.
  • Trojan.Parrottds is a JavaScript-based traffic direction system that has been used to redirect traffic to various malicious locations since 2019.
  • Trojan.VexTrio is a JavaScript-based traffic direction system active since 2017 and is used by multiple criminal organizations to redirect victims to various malicious locations.

Delivering malware using popular cloud apps is a technique adversaries use to fly under the radar. Each month, 86% of organizations have users attempting to download malware from cloud apps. While the full list of apps numbers in the hundreds, three apps appear commonly across organizations in Australia. The following chart presents those three apps in terms of the percentage of organizations that see malware downloaded from the app monthly. GitHub is at the top because it is used to host a variety of hacktools. OneDrive and Amazon S3 are at the top because they are ubiquitous. Adversaries attempt to share malicious payloads in those apps with the understanding the apps will be widely used in target organizations.

top apps for malicious downloads - Threat Labs Report: Australia 2024

Netskope Threat Labs tracks adversaries actively targeting Netskope customers to understand their motivations, tactics, and techniques, so that we can build better defenses against them. We generally categorize adversary motivations as either criminal or geopolitical. The two top adversary groups targeting organizations in Australia over the past year were criminal groups based in Russia.

 

TA577

Location: Russia
Motivation: Criminal
Aliases: Hive0118

TA577 has been targeting multiple industries worldwide, delivering malware payloads, including Qbot, Ursnif, and Cobalt Strike.

Evil Corp

Location: Russia
Motivation: Criminal
Aliases: Indrik Spider, Manatee Tempest, DEV-0243
Mitre ID: G0119

In their early days, Evil Corp primarily used the banking Trojan Dridex before pivoting to ransomware and using BitPaymer, WastedLocker, and Hades. Evil Corp uses JavaScript to deliver their payloads and uses the popular red team tool Cobalt Strike to establish persistence in victim environments.

Attributing activity to a specific adversary group can be challenging. Adversaries try to hide their true identities or even intentionally launch false-flag operations wherein they try to make their attacks appear to come from another group. Multiple groups often use the same tactics and techniques, some going as far as to use the same tooling or infrastructure. Defining adversary groups can be challenging as groups evolve or members move between groups. Adversary attributions are fuzzy and subject to change and evolve as new information comes to light.

 

Data security link link

Data security is top of the mind for organizations in Australia, with 80% of organizations in the region using data loss prevention (DLP) to help control the flow of sensitive data. Approximately 6% of users in Australia violate organizational data security policies each month, with the most common violations involving uploads of various types of data to unauthorized locations. The three most common data types involved in data policy violations are regulated data, intellectual property, and passwords and keys. Types of regulated data include personal, financial, and healthcare information.

Types of data policy violations - Threat Labs Report: Australia 2024

 

GenAI data security link link

GenAI data security represents a growing risk facing Australian organizations from two angles.

  • Input: What data do users send to genAI apps?
  • Output: How do users leverage the outputs they receive from genAI apps?

For the input, the primary risk is data leakage. For the output, the risks include correctness (genAI apps are very good at providing hallucinations and misinformation) and legal concerns (many companies trained their genAI apps on copyrighted or licensed content). This report focuses on the inputs since protecting sensitive data is typically the highest priority for most organizations.

Aggressive adoption

GenAI adoption has been aggressive in Australia, with the percentage of organizations using genAI growing from 75% a year ago to 93% today. Organizations in Australia use an average of 9 different genAI apps, and an average of 8% of individuals in each org use genAI apps monthly. The adoption trend in Australia mirrors aggressive adoption occurring worldwide over the past year. Australia’s most popular genAI apps include chatbots, writing assistants, copilots, and note-taking apps, mirroring many global trends.

Most popular genAI apps based on the percentage of orgs using those apps - Threat Labs Report: Australia 2024

Mitigating controls

To manage data security in this environment of aggressive adoption, 98% of organizations in Australia have controls in place to limit the use of genAI apps. This section lists each of the controls and provides more insights into their application.

Blocking apps that serve no legitimate business purpose

Organizations in Australia block 2.3 genAI apps per month on average, with the top organizations blocking more than 50 apps per month. How many apps an organization blocks appears to be a matter of preference and not correlated with factors such as industry or organization size. For example, organizations in the utility, finance, and government sectors are among the organizations with the most blocks and with the least blocks. The most blocked apps belong to multiple categories, including writing assistants, chatbots, image generators, and audio generators, bearing many similarities with global trends.

Most blocked AI apps by percentage of organizations enacting a blanket ban on the app - Threat Labs Report: Australia 2024

Real-time user coaching

Real-time user coaching helps users make informed decisions about data security as they are confronted with tough choices. For example, it may remind a user that a genAI app they are about to use is not on the approved list and ask if they would like to use it anyway. When used in conjunction with DLP, it might notify a user that a prompt they are posting contains sensitive information and ask if they would like to proceed in sending it anyway. This strategy empowers users to make the right choice themselves. Organizations in Australia have been aggressively adopting real-time user coaching over the past year, from less than 30% a year ago to 53% today, leading the rest of the world by a significant and growing margin.

Percentage of organizations using real time user coaching to control AI App Access - Threat Labs Report: Australia 2024

DLP

The use of DLP as a genAI control is also popular in Australia, with 43% of organizations using DLP to prevent sensitive data uploads to genAI apps, mirroring the popularity of DLP as a data security control for genAI throughout the rest of the world. The gap between the 43% using DLP for genAI and the 80% using DLP in general suggests that DLP for genAI will likely grow in popularity. The distribution of data policy violations for genAI apps looks quite different from the more general data policy violations. Source code accounts for nearly half of all violations, with intellectual property, regulated data, and passwords and keys accounting for the other half. Rewriting, refactoring, or debugging source code is one of the top use cases for genAI apps, but the data policy violations indicate that users frequently choose unapproved apps to fulfill these use cases.

Type of data policy violations for genAI apps - Threat Labs Report: Australia 2024

 

Recommendations link link

Netskope Threat Labs recommends organizations in Australia review their security posture to ensure that they are adequately protected against these trends:

  • Inspect all HTTP and HTTPS downloads, including all web and cloud traffic, to prevent malware from infiltrating your network. Netskope customers can configure their Netskope NG-SWG with a Threat Protection policy that applies to downloads from all categories and applies to all file types.
  • Ensure that high-risk file types like executables and archives are thoroughly inspected using a combination of static and dynamic analysis before being downloaded. Netskope Advanced Threat Protection customers can use a Patient Zero Prevention Policy to hold downloads until they have been fully inspected.
  • Configure policies to block downloads from apps and instances that are not used in your organization to reduce your risk surface to only those apps and instances that are necessary for the business.
  • Configure policies to block uploads to apps and instances that are not used in your organization to reduce the risk of accidental or deliberate data exposure from insiders or abuse by attackers.
  • Use an Intrusion Prevention System (IPS) that can identify and block malicious traffic patterns, such as command and control traffic associated with popular malware. Blocking this type of communication can prevent further damage by limiting the attacker’s ability to perform additional actions.
  • Use Remote Browser Isolation (RBI) technology to provide additional protection when there is a need to visit websites that fall into categories that can present higher risk, like newly observed and newly registered domains.

 

Netskope Threat Labs link link

Staffed by the industry’s foremost cloud threat and malware researchers, Netskope Threat Labs discovers, analyzes, and designs defenses against the latest cloud threats affecting enterprises. Our researchers are regular presenters and volunteers at top security conferences, including DefCon, BlackHat, and RSA.

About This Report link link

Netskope provides threat protection to millions of users worldwide. Information presented in this report is based on anonymized usage data collected by the Netskope One platform relating to a subset of Netskope customers with prior authorization.

This report contains information about detections raised by Netskope’s Next Generation Secure Web Gateway (SWG), not considering the significance of the impact of each individual threat. Stats in this report are based on the period starting October 1, 2023 through October 31, 2024. Stats reflect attacker tactics, user behavior, and organization policy.
light blue plus

Threat Labs Reports

In the monthly Netskope Threat Labs Report, you will find the top 5 malicious domains, malware, and apps that the Netskope Security Cloud platform blocked plus recent publications and a threat roundup.

Browse reports
Threat labs

Accelerate your security program with the SASE Leader

Get Started