Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to 01-Chapter 01-Introduction to CASB and Netskope.pptx
Similar to 01-Chapter 01-Introduction to CASB and Netskope.pptx (20)
Recently uploaded
Recently uploaded (20)
01-Chapter 01-Introduction to CASB and Netskope.pptx
- 1. Netskope Technical Training Chapter 1 - Introduction to CASB & Netskope 2018 © Netskope. All rights reserved. Netskope confidential. v50
- 2. The Way People Work Has Changed Any place, any device, any time Instantaneous sharing and collaborating More sensitive data now in the cloud 2018 © Netskope. All rights reserved. Netskope confidential. 2
- 3. Disruptive Trends Dynamic Cloud Powered by APIs Language of cloud and web is different than when legacy tools were built Access Methods Have Changed > 50% of access comes from sync clients and apps, and TLS-based traffic Legacy security solutions were not built to handle these trends New Threats Use Cloud and Web Blended threats like the malware fan out are changing security requirements The Workplace is No Longer a Place >50% of all cloud usage occurs beyond your network You need to understand these things to solve today’s cloud security use cases 2018 © Netskope. All rights reserved. Netskope confidential. 3
- 4. Security Tools vs. Disruption Access Patterns Language Threats Campus & Branch network Packets Allow the right access. Block based on IP + ports Same HTTP + AUP for URLs, signatures + Remote direct-to-cloud, mobile apps, desktops apps, sync clients + APIs/JSON – layers well above HTTP/S + Perimeterless protection, machine learned, heuristic, static/dynamic analysis built on published and unpublished API context + Blocking based on protocol headers Firewall Web Proxy Next-Gen Firewall Cloud Security Platform + Remote VPN Disruption + First 1k bytes of transaction 2018 © Netskope. All rights reserved. Netskope confidential. 4
- 5. Cloud Access Security Broker VISIBILITY DATA SECURITY COMPLIANCE THREAT PROTECTION The Four Pillars of CASB “CASB is a required security platform for organizations using cloud services.” 2018 © Netskope. All rights reserved. Netskope confidential. 5
- 6. Gartner’s Top 10 Security Technologies List - 2018 6 Cloud Access Security Brokers Cloud Workload Protection Platforms Container Security Deception Endpoint Detection and Response Managed Detection and Response Microsegmentation Network Traffic Analysis OSS Security Scanning and Software Composition Analysis for DevSecOps Remote Browser Software-Defined Perimeters 2018 © Netskope. All rights reserved. Netskope confidential.
- 7. Netskope recognized as a leader in Gartner Magic Quadrant for Cloud Access Security Brokers* 7 2018 © Netskope. All rights reserved. Achieves furthest overall position for completeness of vision. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from [insert client name or reprint URL]. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. * Gartner Magic Quadrant for Cloud Access Security Brokers, Craig Lawson and Steve Riley, October, 2018
- 8. Netskope = The Leader in Cloud Security 2018 © Netskope. All rights reserved. Netskope confidential. ‣ The world’s largest bank, automaker, pharmaceutical, payment processor, consulting firm, insurance, energy, oil and gas, retail and healthcare companies. ‣ The largest Box, Google, O365, Slack users worldwide ‣ Process 50 times more transactions inline than any other CASB ‣ Proven use cases, peer references locally & nationally ‣ Financially independent — won’t need to raise capital again. Focus is always on being a standalone iconic security company and taking a longer term view. ‣ Backed by the top enterprise investors in the world– with ~415 million raised (incl 168.7 mil (Nov 13,2018) Investors Customers The Most Awarded CASB ‣ 650+ employees globally, including North America, Europe, and Asia-Pacific ‣ Largest R&D investment of any stand-alone CASB ‣ Early distinguished architects from large traditional security companies ‣ First comprehensive CASB patent. 45+ patent claims across four categories, with 100s of patents pending Team ‣ Cybersecurity Excellence Award for DLP (2018) ‣ Leader in Cloud Security Solutions, Cyber Defense Magazine (2018) ‣ Highest Ranked CASB in Forbes Cloud 100 (2016) ‣ Network World CASB Review: Winner (2016) ‣ Gartner Market Guide for CASB (2018) 8
- 9. The Netskope Active Platform 2018 © Netskope. All rights reserved. Netskope confidential. 9 API (out-of-band) Proxy (inline, TLS decryption at scale) ACCESS (Browser, mobile app, sync client) REMOTE (Airplanes, coffee shops, etc.) ON-PREMISES (HQ, Branch office) USERS
- 10. The Netskope Active Platform 2018 © Netskope. All rights reserved. Netskope confidential. 10 ACCESS (Browser, mobile app, sync client) REMOTE (Airplanes, coffee shops, etc.) ON-PREMISES (HQ, Branch office) USERS
- 11. Safely permit unsanctioned, yet necessary, cloud services Identify ecosystems, non- corporate instances, and create category-level and context-based policies Block risky activities Skipping this step may lead to user revolt and a decrease in productivity Safely enable cloud services you have sanctioned Apply adaptive access control Implement granular policies and workflows Prevent data loss Protect against threats Encrypt when necessary The Cloud Security Journey in Phases 11 2018 © Netskope. All rights reserved. Netskope confidential. Unsanctioned and optionally blocked Optionally block the most risky services and coach users to use alternatives Block risky services Coach users Continuously discover cloud services and assess risk Discovered = 1000 Blocked = 300 Sanctioned = 50 Safely Permitted = 650 Use of Granular Control Protect against threats 450 Prevent data loss 300 Block risky activities 200 Govern access 150 Sanctioned
- 12. The Netskope Advantage 12 2018 © Netskope. All rights reserved. Netskope confidential. Only CASB built to safely enable unsanctioned, yet permitted, cloud services • See and control activity- and data- level detail for thousands of unsanctioned cloud services • Apply DLP to thousands of cloud services • Differentiate between a corporate and personal instance of services • Category-level layered policies with the ability to incorporate allow or block actions tied to activities VS. Award-winning cloud DLP provides broadest and most accurate coverage • Protect thousands of sanctioned and unsanctioned cloud services • All access methods: browsers, mobile apps, desktop apps, sync clients • Accuracy via exact match match and fingerprinting with similarity hashing • 3,000 data identifiers, 1,000 file types including OCR, metadata, hidden fields, files, body of posts, etc. The most comprehensive cloud- specific threat protection Uniquely architected to cover the widest range of use cases • Industry’s foremost cloud threat researchers, the Netskope Threat Research Labs. Most comprehensive threat protection for the cloud • Quarantine malware in sanctioned cloud services and stop malware going to and from all cloud services • Anomaly detection that sees IoCs tied to external bad actors or malicious insiders • EDR and sandbox integrations for seamless threat protection and remediation workflow • Flexible deployment options, including inline configurations from agent-less forward proxy to reverse proxy in addition to out-of-band API options • Covers on-premises, mobile, and remote users • Covers all access methods: browsers, mobile apps, desktop apps, sync clients • Most comprehensive coverage for Office 365 with granular visibility and control of dozens of O365 apps
- 13. Summary 13 • You need a cloud security platform built to solve today’s use cases • Netskope is a leader in this fast- growing market • Gartner has put CASB at the top of their list of security technologies 2018 © Netskope. All rights reserved. Netskope confidential.
Editor's Notes
- Introduction to CASB & Netskope
- let’s talk about the current situation that has fueled Netskope’s entry into the market. • Let’s face it. The way people work has changed. It wasn’t too long ago that users and the services they were accessing were contained within the network perimeter, within the walls of data centers and branch offices. • but Today users are everywhere, connecting from different devices and different places, and they are also accessing cloud services, which is fueled by the need to collaborate more effectively. • This new way that people work has presented a challenging scenario where more than a 1/3 of a company’s data is now in the cloud.
- So This new way that people work is causing a fundamental shift in the underlying technology that is needed to secure it. • Starting with the language of the cloud. Legacy tools were built at a time when simply looking at web traffic was good enough. Today’s cloud services speak a different language and that is the language of APIs. • As we mentioned earlier, users are everywhere. In fact more than 50% of users access cloud services beyond your network so legacy perimeter security tools miss this traffic altogether. • additionally, Users are also accessing the cloud from sync clients and native apps so legacy tools that look at browser traffic only are missing a big portion of traffic. • In fact, there is a recent trend tied to automatically syncing all user data from their desktop to the cloud. Google and Apple are examples of this and there is no control over what type of data to sync or not. • And then there is the rise of cloud-based threats such as data exfiltration taking place from IT-led cloud services like Office 365 to personal cloud apps. There is also a growing concern over advanced malware like ransomware, that uses a combination of the cloud and web to spread and infect victims. • The net-net is that only by understanding all of these things can you gather data rich enough to solve today’s cloud security use cases. Legacy security solutions were not architected to deal with today’s environment. This presents a major security gap.
- • Speaking of security gaps, it is interesting to take a look at how legacy security tools once disrupted a market segment when they were first introduced, and how the nature of how they deal with threats, access patterns and language have evolved over time. , • Starting with the early firewall, inspecting packets on campus and branch networks allowed the right access based on IP and ports. • That was followed by Web proxies focused on HTTP and governing access for users on campus and branch offices accessing websites and looking for threats using signature-based detection. • Then came along Next-gen firewalls that performed packet inspection allowing blocking based on app, not just ports, for users consuming apps while on-premises and VPN. • The cloud has presented a new set of requirements tied to dealing with traffic outside of the perimeter. This includes using a combination of flexible deployment options to cover users when on or off network as well as access methods that include; browsers, mobile apps, desktop apps, and sync clients. • Getting access to today’s cloud traffic outside the perimeter is only the first step, you also need to understand the language of the cloud in context, which is APIs and JSON. • Netskope is the security platform that was architected for the way people work today. Only Netskope understands the language of the cloud, covers all access patterns, and protects against cloud-based threats
- So Several years ago, Gartner identified gaps that existed in the security stack and came up with a category they call Cloud Access Security Broker or CASB for short. Gartner identifies four pillars of functionality. Visibility, Compliance, Data Security, and Threat Protection. • as you can imagine, Visibility is often the starting point for any organization beginning their cloud journey and it is all about understanding cloud usage and assessing risk • Compliance is a key consideration when it comes to the cloud. Whether your are a healthcare organization and worried about PHI, a retail company and worried about PCI, or a financial firm worried about FINRA or SOX, compliance in the cloud takes on a different set of requirements compared to traditional on-premises infrastructure • Data security is top-of mind for any organization and protecting data tied to cloud usage should be a key focus of any CASB • Last, but not least, is threat protection. It turns out that the cloud presents a perfect opportunity for various strains of malware like ransomware to hide and spread rapidly to unsuspecting victims
- • so Gartner is very bullish about the CASB category and in fact they put CASB on their top 10 list of cyber security technologies. Filling in the gaps that legacy security tools don’t provide for the cloud is top of mind for Gartner and enterprises around the world.
- Lets introduce you to Netskope • Netskope has something really special in place with a great team, innovative technology, and a shared vision to be an iconic security company for many years to come • Netskope is backed by the top investors in the world and have raised more than $250 million to date - Much of that investment has gone into R&D and the result is an innovative architecture with 45+ patents with 100s of patents pending • Netskope is also the most awarded CASB. From recognition of our cloud DLP capabilities to recognition of the company’s overall success • What Netskope is most proud of, are our customers, which we call cloud trailblazers. The largest enterprises in the world trust Netskope to safely enable the cloud.
- • With the backdrop of “you need a security platform that was architected for the way people work today”, I would like to introduce you to the Netskope Active Platform • now Let’s start with how Netskope is deployed in your environment. There are two primary deployment methods. The first one is an inline proxy. Netskope can act like a control point between your users and the sanctioned and unsanctioned cloud services they are accessing, providing real-time visibility and control. • There are several proxy deployment methods an agent-less forward proxy that steers on-premises users to the cloud, a reverse proxy deployment that enables you to secure unmanaged devices to a client deployment that can be installed on Mac, PC, iOS, and Android to give you coverage for mobile and remote users. • In addition to providing real-time visibility and control via an inline proxy method, Netskope can also be deployed via an API connection to sanctioned cloud services. You simply grant Netskope access to your sanctioned cloud service using OAUTH and you can then provide out-of-band visibility and control. -O365 is one of the primary API based cloud apps • now This method enables you to inspect content repositories of sanctioned cloud services like OneDrive and Box for sensitive data and malware, and put near real-time policies in place such as “restrict shares to private” or “remove public shares”. • Most Netskope customers combine both methods to expand use cases.
- • Now that you have Netskope acting as a control point between users and their cloud services, this is where Netskope provides a rich set of cloud security capabilities. Think of Netskope not as a piece of software, or as a security tool, but more as a cloud security platform that delivers a variety of security services on the cloud traffic, that it can now see thanks to the deployment options. • From Discovery, to DLP, to threat protection, to access control, these services were built to help you safely enable the cloud in a way that legacy security products and services can not. • now The center-piece of the Netskope Active Platform is the Netskope Context Engine. This enables granular visibility and control of thousands of sanctioned and unsanctioned cloud services. Only Netskope understands the language of the cloud, and the Netskope Context Engine is the interpreter that makes that possible.
- So lets turn to use cases; • Getting access to a rich set of cloud security services is the first step. Applying those services within the scope of your cloud security strategy is an important next step. Netskope was architected to comprehensively cover your cloud security use cases. • One of the ways many of our customers approach cloud security is via three phases. The first phase is to use Netskope to discover cloud services in use and assess risk. This is often the starting point for any organization. <Build> • so In this example, we have discovered 1,000 cloud services, which is typical for an average enterprise. The next step is optionally followed by identifying and blocking the most risky cloud services. Some of our customers opt to not block anything, and move to applying granular controls to everything instead. • In this example, let’s say you identify that nearly a third of the cloud services you discover are identified as very risky and you want to block them. This step involves blocking 300 cloud services and using Netskope to implement automated coaching workflows to coach users towards more safe cloud services. <Build> • The next step for many customers is to safely enable sanctioned cloud services. These are the cloud services that you have admin access to so – Apps like Office 365, Salesforce, ServiceNow, and others. This is the opportunity to harness the power of the Netskope Active Platform and apply various cloud security services such as access control, granular policies, DLP, encryption, and threat protection. • Netskope research shows that 5% or less of an enterprise’s cloud services are sanctioned, so in this example, let’s say we have 50 of these sanctioned cloud services that we want to apply cloud security to. • What’s interesting is that when the CASB market started, these were the primary 2 steps that solutions were architected around. These are important steps, but there is one step that is missing. <build> • So In our example, what about the 650 cloud services that are unsanctioned, but we don’t necessarily want to block? Users rely on these cloud services to be more productive, and get their job done. We want to permit their use, but we also want to make sure this is a safe environment for users. • This is one of the key areas that separates Netskope from other CASBs. Netskope’s unique architecture that understands the language of the cloud, with the ability to perform granular policy control and DLP on thousands of cloud services, means that you can apply the same level of cloud security services to unsanctioned as you can for sanctioned. • Other CASBs actually force you into a coarse-grained allow or block decision for unsanctioned cloud services because they don’t understand the language of unsanctioned cloud services. • Again, Netskope was uniquely architected to safely enable both sanctioned and unsanctioned cloud services, enabling you to address the requirements tied to a comprehensive cloud security strategy.
- So why are the largest enterprises in the world choosing Netskope? • It really comes down to four primary reasons First, Netskope is the only CASB that can address use cases tied to safely enabling unsanctioned or Shadow IT cloud services. Other CASBs cannot address this use case because they were not architected with the ability to provide granular visibility and control of thousands of cloud services Their DLP is limited to dozens of apps, not the thousands required to adequately protect against sensitive data loss in unsanctioned cloud services They don’t understand the language of the cloud. They can’t differentiate between corporate and personal instances of cloud apps and don’t have a policy engine that can adequately deal with thousands of cloud services with support for category-level policies with both allow and block actions. Next is Netskope’s award-winning cloud DLP. Protecting against sensitive data loss in the cloud is a big use case, and Netskope’s DLP is far ahead of the competition when it comes to breadth of app coverage and accuracy of inspection results. Netskope also provides the most comprehensive cloud-specific threat protection. Backed by the Netskope Threat Research labs, our ability to find and stop various strains of malware like ransomware in the cloud, and even help you remediate post infection, separates netskope from other CASBs that provide rudimentary threat protection capabilities. Last, but certainly not least is our ability to comprehensively cover customer use cases in a way that other CASBs simply cannot. Our platform was architected with flexible deployment options that enable you to optionally take a crawl-walk-run approach to cloud security, and start with Discovery or a friction-less deployment like API Introspection. • You can then grow into a more advanced deployment method, and go inline using a number of configurations to achieve real-time visibility and control. The net result is that we are architected to uniquely cover your use cases, today and tomorrow.
- In summary you have learned; you need a security platform that can solve today’s cloud security use cases How important the CASB category is. How Netskope is a leader in this fast growing market.