Netskope supports automatic remediation of security violations through its Auto-Remediation frameworks, which are available in the public Netskope GitHub Open Source repository. These frameworks allow for the automatic mitigation of risks associated with security misconfigurations in your cloud environment.The Netskope Auto-Remediation framework for AWS, for example, deploys a set of AWS Lambda functions that query the Netskope API at scheduled intervals and automatically mitigates supported violations1.Similarly, there are frameworks for GCP and other cloud environments that follow the same principle2. This capability is particularly useful for low-risk environments where the security operations team's workload can be reduced by automating the remediation process.

To obtain a list of aggregated users, applications, and instance IDs, especially when dealing with non-sanctioned Cloud Storage platforms, theAdvanced Analytics (A)tool within Netskope would be used. Advanced Analytics provides in-depth visibility into cloud app usage and activities.It allows security teams to create detailed reports and dashboards that can help identify risks and ensure compliance with company policies by analyzing user behavior, application access, and data movement across the organization1.

The reason for the activity being NULL in this scenario is likely because a user accessed a static Web page. In Netskope's Advanced Analytics, when the activity is reported as NULL, it often indicates that there was no dynamic interaction or transaction to record, which is typical when a static web page is accessed1. Static web pages do not generate the kind of events or activities that are tracked by policies, hence they appear as NULL in the activity field.

To enable the Netskope Client to automatically determine whether it is on-premises or off-premises, you can use the following options in the Netskope UI:

Enable Dynamic Steering:

This option is available in theSteering Configurationsection of the UI.

By enabling dynamic steering, the Netskope Client can intelligently determine the appropriate data plane (on-premises or cloud) based on the user's location and network conditions.

It ensures that traffic is directed to the optimal data plane for improved performance and security.

On Premises Detection:

This option is available under theClient Configurationsection of the UI.

By configuring on-premises detection, the Netskope Client can identify whether it is connected to the local network (on-premises) or accessing resources from outside (off-premises).

It helps in applying relevant policies and steering traffic accordingly.

The inconsistent results observed during User Acceptance Testing (where marketing users sometimes access gambling sites and sometimes are blocked) are likely due to the configuration of the Forward Proxy.

Cookie Surrogate: The Cookie Surrogate is a mechanism used in Forward Proxy deployments to maintain user context across multiple requests. It ensures that user-specific policies are consistently applied even when multiple users share the same IP address (common in VDI environments).

Issue: If the Forward Proxy is not configured to use the Cookie Surrogate, it may lead to inconsistent behavior. When different users log into the VDI server, their requests may not be associated with their specific user context, resulting in varying policy enforcement.

Solution: Ensure that the Forward Proxy is properly configured to use the Cookie Surrogate, allowing consistent policy enforcement based on individual user identities.Reference:

Netskope Security Cloud Operation & Administration (NSCO&A) - Classroom Training

Netskope Security Cloud Introductory Online Technical Training

Netskope Architectural Advantage Features