Starting with the cloud based Secure Web Gateway, user’s web traffic is assessed via a cloud tenant hence it does not matter if a user is on premise or working remotely. There is also no need to “hairpin” a user’s traffic back into the on premise network in order for it to be inspected. Typical category based filtering and malware protection comes as standard with the SWG component to allow for easily defined blanket block or allow policies as well as the means to block threats at source.

Add to this the CASB feature that provides granular control of Cloud Applications giving an Administrator experience to apps that can also be controlled centrally. Netskope understands the new language of the internet hence it can block individual activities being performed on Cloud Apps as opposed to outright blocking resources based on their domain. This is key for collaboration with customers and suppliers i.e. say we are a Google house and use Google Drive, yet our customer uses Office 365 – instead of blocking all of Office 365 since it is not an in house sanctioned application, we can control the individual activities that our users can perform on this particular app such as blocking uploads but allowing downloads.

Netskope is also fully content aware hence when it comes to uploading and downloading files to or from cloud applications via it’s real time Data Loss Prevention feature. With this, we could allow uploading and downloading of data to a 3rd party cloud application however Netskope can be configured to block sensitive data from being shared.

Both the SWG and CASB elements also offer full visibility of user activities. Typical SWGs would tend to only show a user visited or attempted to visit a particular domain but with Netskope full visibility encompasses the user, their activities on the page or in the the app, the username used, the file transferred, etc.

Within SASE is the concept of Zero Trust Network Access and Netskope answers this via a variety of methods.

The first is via their Private Access feature which at its heart is essentially an always on VPN. As an example, there is a web app within the company perimeter that remote users need to access. At present they use a typical 3rd party VPN to connect to the company network and then they load the private web app. With Netskope’s Private Access, they would be able to open that private app securely from anywhere as their traffic would be getting directed to a Netskope Cloud Tenant, the Cloud Tenant is securely connected to an on premise Publisher and the Publisher can connect to the private app. It should be noted that private apps don’t have to be solely web based applications and protocols such as RDP or SSH are supported.

As with the granular activity controls that can be applied to policies within Netskope, further granular controls can also be applied such as adaptive controls based on the user, team, browser used, device being trusted, etc. which when configured correctly allows for a full zero trust experience that is also highly customizable based on a business’ needs.

Netskope’s Cloud Firewall, which is a new feature, can also provide further protection especially in relation to blocking sensitive data exfiltration. As an example, say we have set up all our SWG and CASB controls to stop data exfiltration in relation to web or cloud traffic, what stops a user RDPing or SSHing to a remote resource to then transfer the data to this? Netskope’s Cloud Firewall would allow for the further blocking of protocols like RDP or SSH to prevent this.