DEVOPSdigest

Netskope announced several key enhancements to its Netskope Security Cloud.

With enterprises rapidly adopting SASE architecture and applying Zero Trust principles in support of digital transformation efforts, teams seek security and networking providers that can offer complete, SASE-ready platform solutions.

"Enterprises know that security and networking must evolve toward a SASE architecture that applies Zero Trust principles. But they won't get there with legacy products that deliver a poor user experience, expose data in the cloud to a myriad of threat risks, and are expensive and complicated to maintain," said John Martin, Chief Product Officer of Netskope. "The enhancements we announce today add to what is already the industry's most complete SASE and Zero Trust solution, making it easier than ever for enterprises to simplify their security and networking, continuously manage risk, and protect data everywhere it is accessed."

The tightly integrated Netskope Security Cloud leverages a single-pass architecture, common management console, easy-to-use policy engine, unified client, and AI/ML intelligence, all of which translates into better security, faster performance, and lower total cost of ownership.

New enhancements to the Netskope Security Cloud include the following:

■ Netskope Cloud Firewall: Netskope Cloud Firewall is a firewall-as-a-service offering that helps reduce complexity, lower overall operational expenses, prevent a degraded user experience, and accelerate time-to-value for organizations transforming their security and networking to meet the demands of branch offices and a remote-first workforce.

Netskope Cloud Firewall is fully integrated into the Netskope Security Cloud and offers:

- Network security for all outbound ports and protocols for safe, direct-to-internet access using the Netskope client on managed devices or via GRE and IPsec tunnels for offices

- 5-tuple policy controls, user and group IDs, FQDNs, and wildcards for egress firewall settings, plus seamless FTP ALG support, and full logging (TCP, UDP, ICMP) with event export, including into Netskope Advanced Analytics

- Centralized access control, providing simplified management for users and branch offices using one console, one policy engine, and one security platform

■ Key Updates to Netskope Private Access For ZTNA: Netskope Private Access (NPA), a cloud-native ZTNA service, directly and securely connects users anywhere to specific internal resources hosted in the public cloud and/or private data centers. With new enhancements, NPA allows teams to:

- Reduce risk and securely connect corporate users, as well as third party contractors, to private resources, using the Netskope Client or using browser access for private web applications (instead of giving access to the network)

- Augment virtual private network (VPN) connectivity and simplify network routing, reducing reliance on legacy networking infrastructure and beginning the process of phasing out VPNs where appropriate

- Support hybrid cloud infrastructure, and provide direct, user-to-application connectivity, bypassing the limitations of legacy networking infrastructure

- Transition from an appliance-focused, cap-ex-centric model to a more efficient op-ex-centric service model for simplified maintenance, faster implementation, and easier scalability

■ Remote Browser Isolation (RBI)

Native remote browser isolation (RBI) capabilities are now fully integrated into the Netskope Security Cloud. Netskope developed its RBI product for the Netskope platform by leveraging the isolation and security expertise and domain knowledge of a team focused on RBI since 2015 when they founded their company Randed. The acquisition of Randed extended Netskope's expanding presence in Europe by adding a new development center in Spain.

While legacy Secure Web Gateways (SWG) are limited in that they can only block known bad websites and allow known good ones, RBI technology enhances SWGs by providing safe access to uncategorized and risky websites, removing threat risks or productivity limitations that can occur for users when sites are either fully allowed or fully blocked.

Targeted RBI renders uncategorized and security-risk websites (6-8% of all web requests) into pixel-streamed media to users while removing active scripts and potential web threats. Another key benefit of targeted RBI is to block file uploads and downloads and disable copy/paste/print activity for uncategorized and security risk websites to reduce data and threat risks. Netskope native RBI is fully integrated and invoked with an "isolate" policy control for desired web traffic, removing the complexity of forward proxy configurations.
Read the Netskope blog for more on RBI

■ SaaS Security Posture Management (SSPM)

SaaS security posture management (SSPM) capabilities help overcome misconfigurations, which in 2020 accounted for approximately 52% of security incidents where unintentional actions directly compromised the security of an information asset.

Netskope SSPM includes a set of features that help organizations:

- Avoid risky misconfigurations and configuration drift
- Simplify management and compliance
- Monitor users and administrator behavior
- Identify risky users and connected applications
- Facilitate the remediation of risks

Netskope's commitment to SSPM innovation includes its recent acquisition of Kloudless, a venture-backed company headquartered in Berkeley, California, whose team brought Netskope exceptional domain expertise with SaaS apps and APIs.

■ NewEdge Delivers Unprecedented Performance, Coverage, and Resilience: A SASE architecture needs the fastest, most scalable, most reliable connectivity possible. Netskope Security Cloud services run on NewEdge, the world's largest, highest-performing, and most well-connected security private cloud, allowing security to be deployed at the edge as close to the user as possible.

Today, NewEdge is powered by data centers in nearly 50 regions globally, with every data center offering full compute, all services available with no need to rely on the unpredictable performance of public cloud connectivity, and accessibility to every customer without surcharges.

Along with the continued global expansion of NewEdge, Netskope announced further enhancements to Service Level Agreements (SLAs) for its inline services including NG-SWG, CASB, NPA, and CFW, ensuring customers can be confident steering their traffic to NewEdge. Building on Netskope's existing five nines (99.999%) uptime/availability SLA, these expanded SLAs will address traffic processing latency within a NewEdge data center.

In addition, Netskope is releasing the first phase of Netskope Digital Experience Management (DEM). Enabled on a per-tenant basis and built natively into the existing Netskope Security Cloud, Netskope DEM further empowers customers—especially networking and infrastructure leaders—by providing critical visibility into their usage of Netskope Security Cloud services and traffic traversing NewEdge.