The inline and API implementation of the Netskope platform are two different ways of connecting cloud applications to Netskope for inspection and policy enforcement. Two fundamental differences between them are: The API implementation can only be used with sanctioned applications, which are applications that are approved and authorized by the organization for business use. The API implementation relies on using out-of-band API connections to access data and events from these applications and apply near real-time policies. The inline implementation can effectively block a transaction in both sanctioned and unsanctioned applications, which are applications that are not approved or authorized by the organization for business use. The inline implementation relies on using in-band proxy or reverse-proxy connections to intercept traffic to and from these applications and apply real-time policies. The API implementation can be used with both sanctioned and unsanctioned applications and the inline implementation can only effectively block a transaction in sanctioned applications are not true statements, as they contradict the actual capabilities and limitations of each implementation method.Reference:[Netskope SaaS API-enabled Protection], [Netskope Inline CASB].

The three technologies that describe the primary cloud service models as defined by the National Institute of Standards and Technology (NIST) are Platform as a Service (PaaS), Software as a Service (SaaS), and Infrastructure as a Service (IaaS). These service models are based on the type of computing capability that is provided by the cloud provider to the cloud consumer over a network. According to NIST, these service models have the following definitions:

Platform as a Service (PaaS): The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.

Software as a Service (SaaS): The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

Infrastructure as a Service (IaaS): The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).

The CCI scoring is a way to measure the security posture of cloud applications based on a set of criteria and weights. The default objective score is calculated by Netskope using industry best practices and standards. However, customers can change the CCI scoring to suit their own business needs and risk appetite. For example, a customer may want to place a higher business risk weight on vendors that claim ownership of their data, as this may affect their data sovereignty and privacy rights. Changing the CCI scoring for this reason would be valid, as it reflects the customer's own security requirements and preferences. Changing the CCI scoring for other reasons, such as discovering a new SaaS application, punishing an application vendor, or using an application under research, would not be valid, as they do not align with the purpose and methodology of the CCI scoring.Reference:Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 7: Cloud Confidence Index (CCI), Lesson 1: CCI Overview and Lesson 2: CCI Scoring.

A file filter is a list of file hashes that you can use to exclude files from inspection by Netskope. By adding the hash of the file that triggered a false alarm to the file filter, you can prevent it from being scanned again by Netskope and avoid generating another incident. Quarantining the file, exporting the packet capture, or looking up the hash at VirusTotal are not effective ways to prevent the same file from triggering another incident, as they do not affect how Netskope handles the file.Reference:Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Course, Module 6: Data Loss Prevention, Lesson 2: File Filters.

A SAML reverse proxy is a service that acts as an intermediary between a SAML service provider (SP) and one or more SAML identity providers (IdPs). It can perform various functions, such as authentication, authorization, load balancing, caching, etc. One scenario where you would use a SAML reverse proxy is when there are multiple SAML IdPs in use and the SAML reverse proxy can help federate them all together. For example, suppose you have an internal application that needs to authenticate users from different domains or organizations, each with their own SAML IdP. Instead of configuring the application to trust each IdP separately, you can use a SAML reverse proxy to act as a single SP for the application and a single IdP for the users. The SAML reverse proxy can then redirect the users to their respective IdPs for authentication and relay the SAML assertions back to the application. This way, you can simplify the integration and management of multiple SAML IdPs and provide a seamless user experience.Reference:SAML Reverse ProxyWhat is application proxy & SAML SSO?