CASB Deployment options

 

 API

Use API Connectors to connect the Netskope Security Cloud to managed cloud apps like Office 365, Box, Salesforce, Google G Suite, AWS, and more. An API deployment provides out-of-band visibility and control of data at rest in managed cloud apps and is also required for IaaS continuous security assessment functionality.

. Protects data at rest in cloud apps managed by IT.

. Enables Policy actions such as remove public shares and restrict sharing of certain content to internal.

. Out-of-band deployment

. Dozens of API connectors supported.

 

 

Netskope client

The Netskope client provides realtime visibility and control of managed devices accessing the cloud and web from anywhere.The Netskope client has a tiny footprint, takes minimal CPU resources, and simply steers cloud and web traffic from managed devices to the Netskope Security Cloud. All proxying and security functionality is performed in the cloud vs on the client.

 . Deployed on managed devices provides protection wherever the device and user goes.

. Single client for all cloud and web traffic.

.All proxying and security functionality performed in the cloud, not on the client.

.Lightweight footprint and minimal CPU resources used.

 

 

 Forward proxy

Netskope provides forward proxy configurations that do not require a footprint on the endpoint.

The Netskope Secure Forwarder can be deployed on-premises as a virtual machine, steering local

cloud and web traffic to the Netskope Security Cloud. Netskope can also be integrated with your 

existing proxy as a proxy chain.

. Netskope Secure Forwarder deployed on premises to steer cloud traffic to Netskope security cloud.

. Can also be deployed as a proxy chain with your existing proxy

. Coverage for on-premises users only

 

 

 Reverse proxy

Netskope provides a reverse proxy deployment mode that steers browser-based cloud traffic from managed cloud apps to the Netskope Security Cloud.

This deployment option is required for covering unmanaged devices that are off network accessing managed cloud apps.

. Real-time visibility and control for managed and unmanaged devices accessing managed cloud apps.

.Only deployment that covers unmanaged devices off network accessing managed cloud apps.

.Browser traffic only-no native apps or sync clients.

 

 

 GRE/IPSEC

The GRE/IPSEC deployment option steers local cloud and web traffic from the router to the Netskope Security Cloud.

.Uses the GRE tunnelling protocol to steer on-premises cloud and web traffic to the Netskope security cloud.

.IPSEC can be used as an alternative to GRE for steering on-premises cloud and web traffic to the Netskope security cloud.

 

 

 Log parsing

Netskope can be configured to parse log traffic from a perimeter device. This provides out-of-band discovery of cloud services. 

Logs can be uploaded directly to the Netskope Security Cloud or an on-premises log parser can be deployed to continuously send log

data to the Netskope Security Cloud.

.Perform log analysis and extract cloud usage details.

.Upload logs using the Netskope UI

.Deploy an on-premises log parser to continuously send logs from a perimeter device to the Netskope Security Cloud

.Dozens of off-the-shelf log formats supported plus a self-service tool for building custom log parsers.