Public Cloud Security

Identify and protect sensitive data stored within your AWS, Azure, and GCP clouds. Monitor and control data in motion between cloud services to enhance visibility into cloud native audit logs, VPC flow logs and other data sources.

• Protects your data at rest and data in motion
• Offers predefined regulatory and best practices compliance templates
• Uses 3000+ language-independent data identifiers to inspect 1500+ file types
• Identifies and blocks any attempts by users to upload data to an unmanaged storage bucket or blob, whether via the cloud provider’s GUI or executing a programmatic copy and sync in the CLI (see demo)
• Feeds API-based insights into Netskope Security Cloud policies for inline enforcement
• Includes file and binary fingerprinting as well as Optical Character Recognition (OCR)
• Provides exact data matching for structured content
• Uses machine learning based document and image classification for high efficiency

Detects and blocks threats and data exfiltration by malicious insiders using a unique combination of API-enabled and inline controls.

• Creates and enforces policies prohibiting data exfiltration from managed corporate storage services to personal and unmanaged storage services
• Uses UEBA to defend against insider threats such as data exfiltration, compromised credentials, and malware
• Identifies and prevents risky activity and anomalies like bulk downloads or copying of data – whether using the AWS console, CLI, or third-party app
• Allows copy/sync of buckets that are “corporate owned” (managed)
• Blocks or restricts copy/sync of buckets that are not “corporate owned” (unmanaged)

Utilize multi-layer threat detection including static and dynamic antivirus inspection, anti-malware, user and entity behavior analytics (UEBA), heuristic analysis, sandboxing analysis, and more, to uncover elusive and advanced attacks.

• Provides automated policies and workflows for real-time response to stop or reverse the effects of cloud threats
• Is enhanced and constantly updated by Netskope Threat Research Labs
• Conducts real-time, full file inspection to detect and block malware
• Provides rich metadata for SOC investigations and threat hunting
• Uses machine learning anomaly detection to expedite and simplify threat response
• Utilizes 40+ threat intelligence (TI) feeds, plus custom IOC hash and URL feeds, and shares TI via STIX/TAXII formats
• Offers an open REST API for EDR, SIEM, SOAR, and 3rd party integrations

Monitor and protect your public cloud resources in real time using granular controls that identify and restrict access between managed and unmanaged “shadow IaaS” services.

• Enhances visibility into cloud and data activity using a combination of both real-time and API-enabled controls
• Decodes activities in real-time using Netskope Zero Trust Engine and places activity-level restrictions for users, groups, and organizational units (OUs) across 80+ public cloud services
• Provides visibility and control of actions performed via the cloud provider’s management console and CLI

Secure access to applications within your public clouds using zero trust network access (ZTNA) capabilities to mitigate public exposure of private applications while avoiding the need to inefficiently “hairpin” access back through a corporate data center.

• Provides secure connectivity between remote users’ devices and private applications using end-to-end TLS (v1.3) encrypted tunnels
• Supports multiple application access methods including browser-based (e.g. HTTP/HTTPS) and non-web / thick applications (e.g. SSH, RDP)
• Ensures only authenticated and authorized users can gain access to select private applications
• Integrates with Microsoft Active Directory and single sign-on (SSO) providers to understand users, groups and organizational units
• Ensures that only corporate, managed devices meeting a specific security posture can access private applications
• Provides inline, granular policies for restricting or allowing access to private applications based on criteria including; User, Group, or OU, Device Classification, and Operating System
• Offers optimal routing through the Netskope NewEdge network – a low-latency, high-capacity, scalable global network infrastructure