To take into account some recent adjustments to CCI scoring that were made in your Netskope tenant, you can use the App Tag and App Score aspects in the UI to create a real-time protection policy. The App Tag is a label that indicates the level of enterprise readiness of a cloud app based on its CCI score. The App Score is a numerical value that represents the CCI score of a cloud app based on various criteria such as security, auditability, and business continuity. You can use these aspects to filter cloud apps by their CCI ratings and apply policies accordingly. For example, you can create a policy that blocks access to cloud apps with an App Tag of Poor or an App Score below 50. References: Netskope Cloud Confidence IndexCreating Real-Time Policies for Cloud Applications

According to Netskope, two preferred methods to report a URL miscategorization are: use www.netskope.com/url-lookup and use the URL Lookup page in the dashboard. The first method allows you to visit www.netskope.com/url-lookup in your browser and enter any URL that you want to check or report for miscategorization. You will see the current category assigned by Netskope for that URL and you can submit a request to change it if you think it is incorrect. The second method allows you to use the URL Lookup page in the dashboard of your Netskope platform tenant and enter any URL that you want to check or report for miscategorization. You will see the current category assigned by Netskope for that URL and you can submit a request to change it if you think it is incorrect. Emailing [email protected] or tagging Netskope on Twitter are not preferred methods to report a URL miscategorization, as they are not designed for this purpose and may not be as efficient or effective as using the dedicated tools provided by Netskope. References: [Netskope URL Lookup],  Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 8: Skope IT, Lesson 2: Page Events.

To obtain and export a list of all hosts including domains and IP addresses that a user accessed through Netskope Private Access for the past seven days, you can follow these steps:

Access the Netskope Web UI: Log in to your Netskope admin console.

Navigate to SkopeIT:

Go to the SkopeIT section in the Netskope admin console.

Private Apps page in SkopeIT:

In the SkopeIT section, navigate to the "Private Apps" page.

Here, you can find detailed information about the private applications accessed by users, including the domains and IP addresses.

Use the filter options to specify the user and the time range (past seven days).

Export the data as needed for your investigation.

Network Events page in SkopeIT:

In the SkopeIT section, navigate to the "Network Events" page.

This page provides a comprehensive list of network events, including details about the hosts accessed through Netskope Private Access.

Again, use the filter options to specify the user and the time range.

Export the data for reporting purposes.

These two locations within the SkopeIT section of the Netskope Web UI will provide you with the necessary data to meet your security team's requirements.

References:

Netskope Knowledge Portal: Using SkopeIT for Network and Private Apps Analysis​​​​​​​​.

 NewEdge Traffic Management:

NewEdge is Netskope's high-performance global network designed to deliver fast and secure access to the internet and cloud applications.

NewEdge Traffic Management ensures efficient routing and traffic steering for optimal performance and security.

 Client Integration:

The Netskope Client uses NewEdge Traffic Management to steer traffic securely to the Netskope cloud.

It ensures that user traffic is routed through the best possible path for performance and security.

The Client component is responsible for redirecting user traffic to the NewEdge network, applying security policies, and ensuring secure access.

 References:

For detailed information on NewEdge Traffic Management and how the Netskope Client utilizes it, refer to the Netskope documentation on traffic management and client configuration​​​​.

The inline and API implementation of the Netskope platform are two different ways of connecting cloud applications to Netskope for inspection and policy enforcement. Two fundamental differences between them are: The API implementation can only be used with sanctioned applications, which are applications that are approved and authorized by the organization for business use. The API implementation relies on using out-of-band API connections to access data and events from these applications and apply near real-time policies. The inline implementation can effectively block a transaction in both sanctioned and unsanctioned applications, which are applications that are not approved or authorized by the organization for business use. The inline implementation relies on using in-band proxy or reverse-proxy connections to intercept traffic to and from these applications and apply real-time policies. The API implementation can be used with both sanctioned and unsanctioned applications and the inline implementation can only effectively block a transaction in sanctioned applications are not true statements, as they contradict the actual capabilities and limitations of each implementation method. References: [Netskope SaaS API-enabled Protection], [Netskope Inline CASB].

To block all FTP connections regardless of the ports being used, the following steps should be taken using Netskope's Cloud Firewall:

Real-time Protection Policy:

Create a Real-time Protection policy where FTP is defined as the destination application.

Set the action to "Block" to ensure that any FTP traffic is blocked regardless of the port being used​​​​.

Custom Firewall App Definition:

Create a custom Firewall App Definition specifically for TCP port 21.

Define the action as "Block" to ensure any traffic directed to this port is blocked, preventing FTP access​​​​.

These configurations ensure that FTP traffic is effectively blocked, securing the network from potential threats and unauthorized data transfers via FTP​​​​.

The Application Events page in the SkopeIT Events & Alerts section is where you can find logs and events related to specific activities within cloud applications, such as "edit" or "login successful". This section provides a detailed audit trail of user activities and application usage, which is essential for monitoring, security, and compliance purposes.

This answer is validated by the event categorization provided in the Netskope documentation, where application-specific events are logged under the Application Events section for easier tracking and analysis.

=========================

References:

REST API v2 Overview - Netskope Knowledge Portal​​

Using the REST API v2 UCI Impact Endpoints - Netskope Knowledge Portal​​

Postman Collection for Netskope API​

The statement that is true in this scenario is: Certificate-related settings apply to each individual steering configuration level. Certificate-related settings are the options that allow you to configure how Netskope handles SSL/TLS certificates for encrypted web traffic. For example, you can choose whether to allow or block self-signed certificates, expired certificates, revoked certificates, etc. You can also choose whether to enable SSL decryption for specific domains or categories. Certificate-related settings apply to each individual steering configuration level, which means that you can have different settings for different types of traffic or devices. For example, you can have one steering configuration for managed devices and another one for unmanaged devices, and apply different certificate-related settings for each one. This allows you to customize your security policies based on your needs and preferences. References: Netskope SSL DecryptionNetskope Steering Configuration

When comparing data in motion with data at rest, the following statements are correct:

Data in motion requires the Netskope client: To inspect and enforce policies on data as it is being transmitted across the network (data in motion), the Netskope client is required. The client steers the traffic through the Netskope cloud where it is analyzed and policies are applied in real-time.

Data at rest requires API integration: To scan and enforce policies on data stored in cloud applications (data at rest), API integration is required. This allows Netskope to directly interact with cloud services and perform actions such as scanning for malware, applying DLP policies, and ensuring compliance.

References:

Netskope documentation on data protection strategies, including data in motion and data at rest.

Best practices for implementing API integrations for data at rest and using the Netskope client for data in motion.

 To provide a quick view under the Skope IT Applications page showing only risky shadow IT cloud applications being used, you can use two filter combinations: Sanctioned = No and CCL = Medium, Low, Poor. The Sanctioned filter allows you to select whether you want to see only sanctioned or unsanctioned apps in your organization. Sanctioned apps are those that are approved and managed by your IT department, while unsanctioned apps are those that are used without authorization or oversight by your employees. Shadow IT refers to the use of unsanctioned apps that may pose security or compliance risks for your organization. The CCL filter allows you to select the Cloud Confidence Level (CCL) ratings of the apps you want to see. The CCL rating is a measure of how enterprise-ready a cloud app is based on various criteria such as security, auditability, business continuity, etc. The CCL rating ranges from Excellent to Poor, with Excellent being the most secure and compliant and Poor being the least. Risky cloud apps are those that have a low CCL rating, such as Medium, Low, or Poor. By applying these two filters, you can narrow down the list of apps to only those that are unsanctioned and have a low CCL rating, which indicates that they are risky shadow IT cloud applications being used in your organization. References: SkopeIT ApplicationsNetskope Cloud Confidence Index

 Reverse Proxy Overview:

A reverse proxy allows users to access sanctioned cloud applications securely from public or untrusted networks.

It ensures that the traffic is inspected and policy controls are enforced before reaching the cloud application.

 Scenario Justification:

Users connecting from public computers, such as those in hotel business centers, cannot have a steering client installed, and IPsec/GRE tunnels are not feasible.

Proxy chaining requires control over the client's browser settings, which is not possible in this scenario.

A reverse proxy can handle the traffic without requiring configuration changes on the public computer.

 Implementation:

Configure the reverse proxy to handle traffic for sanctioned applications.

Ensure the reverse proxy settings are enforced via your organization's security policies.

 References:

Detailed configurations and use cases can be found in the Netskope documentation on reverse proxy solutions​​​​.

An App Instance is a feature in the Netskope platform that allows you to define and identify different instances of the same cloud application based on the domain name or URL. For example, you can define an App Instance for your enterprise Google Drive instance (such as drive.google.com/a/yourcompany.com) and another App Instance for your personal Google Drive instance (such as drive.google.com). This way, you can differentiate between them and apply different policies and actions based on the App Instance. You would want to define an App Instance to achieve this level of granularity and control over your cloud application activities. Creating an API Data Protection Policy for a personal Box instance, enabling the instance_id attribute in the advanced search field, or differentiating between an enterprise Google Drive instance vs. an enterprise Box instance are not valid reasons to define an App Instance, as they are either unrelated or irrelevant to the App Instance feature. References: Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 5: Real-Time Policies, Lesson 4: App Instances.

Two pillars of CASB are visibility and compliance. CASB stands for Cloud Access Security Broker, which is a solution that provides visibility and control over cloud services and web traffic, as well as data and threat protection for cloud users and devices. Visibility is the capability to identify all cloud services in use and assess their risk factors, such as security, auditability, business continuity, etc. Compliance is the capability to ensure that cloud services and data meet the regulatory standards and policies of the organization or industry, such as GDPR, HIPAA, PCI DSS, etc. References: What Is a Cloud Access Security Broker (CASB)? | MicrosoftCASB Guide: What are the 4 Pillars of CASB? - Security Service Edge

To create a policy that will notify and allow users to log into their personal Google Drive instance, you need to configure the following components:

Steering Exception:

This component allows you to create exceptions for specific traffic. In this case, you will configure a steering exception to allow traffic to personal Google Drive instances. This ensures that the policy correctly routes the traffic to the appropriate destination without being blocked or filtered incorrectly.

User Alert:

A User Alert component will be configured to notify users when they attempt to log into their personal Google Drive. This alert can provide information about the policy and any actions the user may need to take. It helps in enforcing the policy by informing users about the specific conditions or restrictions.

References:

Netskope Knowledge Portal: Configuring Steering Exceptions

Netskope Knowledge Portal: Creating User Alerts

When comparing data in motion with data at rest, it is important to understand how each type of data is handled in terms of security and monitoring:

Data in motion refers to data actively moving from one location to another, such as through email, instant messaging, or any other form of communication over the internet. To secure and monitor data in motion, Netskope typically requires the deployment of the Netskope client on user devices. The client helps enforce security policies, monitor data transfers, and protect against data loss and other threats during the data's transit.

References:

Netskope Knowledge Portal: Data Protection

Netskope Client Overview

When using the Netskope Compromised Credentials feature, administrators can gain valuable insights into security incidents related to compromised credentials. The insights provided by this feature include:

Compromised usernames: This information helps identify which user accounts have been compromised, allowing administrators to take necessary actions such as resetting passwords and notifying affected users.

Breach information source: Netskope provides details on the source of the breach, such as which third-party service or data breach resulted in the compromise of credentials. This helps in understanding the context of the breach and implementing measures to prevent future incidents.

While compromised passwords (option C) are indirectly involved, they are not explicitly listed as an insight provided by this feature. Similarly, affected managed applications (option D) are related but not directly part of the primary insights.

References:

Netskope documentation on Compromised Credentials feature and incident response.

Security best practices for managing and mitigating compromised credential incidents.

=================

The term that correctly defines the Zero Trust security model is least privilege access. The Zero Trust security model is a modern security strategy based on the principle: never trust, always verify. Instead of assuming everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an open network. One of the core principles of the Zero Trust model is to use least privilege access, which means granting users or systems only the minimum level of access they need to perform their tasks, and only for a limited time. This helps reduce the attack surface and minimize the impact of a potential breach. References: Zero Trust Security - microsoft.comWhat is Zero Trust Security? Principles of the Zero Trust Model

SD-WAN technology is used in the following scenarios:

To optimize utilization and performance across multiple Internet connections:

SD-WAN allows organizations to aggregate multiple Internet connections and optimize traffic flow based on application requirements and network conditions. This improves overall network performance and ensures efficient use of available bandwidth.

To replace dedicated MPLS connections with multiple broadband WAN and mobile options:

SD-WAN provides the flexibility to use a mix of broadband, LTE, and other connectivity options to replace traditional MPLS circuits. This can significantly reduce costs and improve agility in network deployment and management.

References:

Netskope Knowledge Portal: SD-WAN Integration

Netskope Knowledge Portal: Benefits of SD-WAN

When using an out-of-band API connection with your sanctioned cloud service, two capabilities available to the administrator are: to quarantine malware and to find sensitive content. An out-of-band API connection is a method of integrating Netskope with your cloud service provider using the APIs exposed by the cloud service. This allows Netskope to access the data that is already stored in the cloud service and perform retrospective inspection and enforcement of policies. One capability that the administrator can use with an out-of-band API connection is to quarantine malware. This means that Netskope can scan the files in the cloud service for malware, ransomware, phishing, and other threats, and move them to a quarantine folder or delete them if they are found to be malicious. Another capability that the administrator can use with an out-of-band API connection is to find sensitive content. This means that Netskope can scan the files in the cloud service for sensitive data, such as personal information, intellectual property, or regulated data, and apply data loss prevention (DLP) policies to protect them. For example, Netskope can encrypt, redact, or watermark the files that contain sensitive content, or notify the administrator or the file owner about the exposure. References: Netskope API ProtectionReal-time Control and Data Protection via Out-of-Band API

From the Netskope Console in the device detail view, select Collect Log:

Step 1: Access the Netskope Admin Console.

Step 2: Navigate to the specific device detail view.

Step 3: Locate and select the "Collect Log" option.

To protect your users from malicious scripts that may be downloaded from websites, you need to use technologies that can detect and prevent malware, ransomware, phishing, and other advanced threats in web traffic. Two technologies that form a part of Netskope’s Threat Protection module, which is a feature in the Netskope platform that provides these capabilities, are sandbox and heuristics. Sandbox is a technology that allows Netskope to analyze suspicious files or URLs in a virtual environment isolated from the rest of the network. It simulates the execution of the files or URLs and observes their behavior and impact on the system. It then generates a verdict based on the analysis and blocks any malicious files or URLs from reaching your users or devices. Heuristics is a technology that allows Netskope to identify unknown or emerging threats based on their characteristics or patterns, rather than relying on predefined signatures or rules. It uses machine learning and artificial intelligence to analyze various attributes of files or URLs, such as file type, size, entropy, metadata, code structure, etc., and assigns a risk score based on the analysis. It then blocks any files or URLs that exceed a certain risk threshold from reaching your users or devices. A log parser or DLP are not technologies that form a part of Netskope’s Threat Protection module, as they are more related to discovering cloud applications or protecting sensitive data. References: [Netskope Threat Protection], Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 9: Threat Protection.