Netskope unveiled a suite of modules today that allow customers to tie their existing security infrastructure into its secure access service edge (SASE) platform.
The service, dubbed Cloud Exchange, is available at no added cost, deploys as a Docker container on premises or in the cloud, and enables threat intelligence and other data to be consumed more effectively by security operations teams, the company claimed.
Cloud Exchange is born out of an understanding that enterprises are grappling with how to manage multiple security products including SASE, extended detection and response (XDR), identity, and security information and event management (SIEM) tools, Andy Horwitz, VP of business development, told SDxCentral in an exclusive interview.
“The reason that cybersecurity money keeps flowing in … is because the threats keep changing,” he said. “We needed something to enable us to always work with small and big vendors and make sure we plug into the different pieces that we’re not going to do.”
At launch, Cloud Exchange features four modules that automate log management, risk telemetry and indicators of compromise (IOC) sharing, and ticket generation.
When It Comes to Security, Sharing Is Caring
Netskope’s Cloud Threat Exchange and Cloud Risk Exchange modules allow enterprises’ existing security tools to more effectively communicate with each other.
As its name suggests, Cloud Risk Exchange attempts to normalize risk profiles from third-party security tools with Netskope’s own user confidence indexes (UCI), thus allowing security operation center (SOC) teams to apply policy consistently based on these profiles.
Cloud Threat Exchange, on the other hand, allows IOCs like malicious file hashes or URLs, to be shared bidirectionally between supported security platforms.
According to Netskope, this effectively allows complementary security tools to fill gaps in their respective threat intelligence, which increases the likelihood threats will be detected and contained.
David Willis, senior director of technology alliances at Netskope, described a scenario where the vendor’s SASE platform detected a threat originating in the cloud before it reached a customer’s system running CrowdStrike’s endpoint protection service. Because the threat was mitigated before it reached the user’s system, the endpoint was never aware of the attack. However, using Cloud Threat Exchange, Netskope ensures the appropriate file hashes necessary to identify the malicious code are passed along to the endpoint agent.
“CrowdStrike was then able to subsequently use that to alert and block” the threat, he said, adding that this relationship works both ways. “What one knows, all know about a threat.”
If CrowdStrike, or another comparable endpoint agent, detects a threat the integration with Cloud Threat Exchange ensure’s that Netskope is also aware of the threat. And it isn’t limited to CrowdStrike or even a single endpoint protection vendor.
“We have customers who have two or three endpoint protection solutions. Those solutions do not natively talk to each other,” but with Cloud Threat Exchange, they can, Willis added.
Cloud Exchange Tackles Ticketing, Log Management
Cloud Exchange’s final two modules, Cloud Ticket Orchestrator and Cloud Log Shipper, are designed to streamline SOC team workflows.
Cloud Log Shipper allows customers to import Netskope logs directly into a third-party SIEM or data lake. “This is important because we’re talking billions of logs,” Willis said.
Meanwhile, Netskope’s Cloud Ticket Orchestrator enables customers to pull Netskope alerts into their existing ticketing systems. The service supports a wide variety of collaboration tools including Atlassian, PageDuty, ServiceNow, and Slack.
“Some of our customers actually want Slack to be the primary mechanism for triggering incident flows,” Willis said.
Cloud Ticket Orchestrator also works directly with the Cloud Risk Exchange module to generate tickets and/or trigger investigations, even if the threat wasn’t identified by Netskope.
Built for Extensibility
At launch, Cloud Exchange supports a wide range of endpoint, SIEM, and identity platforms. And because the platform is based on a cloud-first architecture, Willis claims it can be adapted for use with almost any service.
“We have a repeatable model for adding additional sources,” he said. “Everything we talked about is enabled with an API interface … So, if customers want to tie into their own orchestration, they can actually orchestrate everything that this brings in.”
Cloud Exchange can be deployed as a high-availability Docker Container and is available from Netskope, Github, and the Amazon Web Service marketplace. The company plans to expand availability to additional cloud providers in the near future.
“It only takes like five commands to get it up and running,” Willis said. “Once it’s running, all you really need is the destination of where the data is going.”
Netskope Expands SASE Reach
Today’s update comes just over a month after the company introduced a new cloud-delivered firewall and remote-browser isolation (RBI) to its SASE platform.
The update ticked yet another box in the long list of essential SASE services.
“The addition of Cloud Firewall for all ports and protocols is a net-new offering and is natively built on our platform to provide explicit configuration for users to access basically all apps, web, or services with firewall-type policies,” Netskope VP Sasi Murthy told SDxCentral in an earlier interview.
Meanwhile, the vendor’s RBI was acquired with the purchase of Madrid-based isolation and security startup Randed last year.
RBI promises to protect users from inadvertently downloading malicious code by running a web app in a sandbox — as opposed to downloading it onto a users’ endpoint — without any disruption to the user experience.
Netskope’s SASE developments have certainly paid dividends with the security vendor attracting a string of multi-hundred-million (and billion) dollar cybersecurity deals so far this year.
This culminated in a $300 million funding round in July led by existing investor Iconiq Growth, which sent Netskope’s valuation soaring to $7.5 billion.
Editors note: An earlier version of this story contained a quote that mischaracterized the threat-sharing relationship between Netskope and CrowdStrike.
"exchange" - Google News
November 02, 2021 at 08:00PM
https://ift.tt/2YccmgK
Netskope Cloud Exchange Streamlines the SOC - SDxCentral
"exchange" - Google News
https://ift.tt/3c55nbe
https://ift.tt/3b2gZKy
Exchange
Bagikan Berita Ini
0 Response to "Netskope Cloud Exchange Streamlines the SOC - SDxCentral"
Post a Comment