Netskope NSK101 - Netskope Certified Cloud Security Administrator (NCCSA)

ï‚· Adaptive Zero Trust Data Protection Overview:

Netskope's Adaptive Zero Trust Data Protection ensures that data is protected based on continuous risk assessments and adaptive policies that respond to changing contexts and threats.

ï‚· Contextual Risk Awareness:

This capability involves understanding the context around data access and usage to assess risk dynamically.

Netskope leverages various signals such as user behavior, device security posture, location, and other factors to gauge risk levels.

By continuously evaluating these factors, Netskope can enforce appropriate security measures in real-time.

ï‚· Continuous Adaptive Policies:

Policies in the Netskope platform adapt continuously based on the assessed risk and changing contexts.

These policies are not static; they evolve based on ongoing risk assessments and threat intelligence.

Adaptive policies ensure that security measures are always aligned with the current threat landscape and organizational requirements.

ï‚· References:

For detailed capabilities and how they are implemented, refer to the Netskope documentation on Adaptive Zero Trust Data Protection​​​​.

When adjusting Cloud Confidence Index (CCI) scoring in your Netskope tenant, you can use the following two CCI attributes in a Real-time Protection policy:

App Tag:

App Tags are used to categorize and tag applications based on their functionality, risk level, or compliance requirements. By using App Tags in Real-time Protection policies, you can enforce security measures and monitor activities based on the specific tags assigned to applications.

CCL Level:

CCL (Cloud Confidence Level) is a score assigned to cloud applications based on their risk profile and compliance with security standards. By incorporating CCL Level into your Real-time Protection policies, you can ensure that actions are taken based on the risk level of the applications, such as blocking or monitoring high-risk applications.

References:

Netskope Knowledge Portal: Cloud Confidence Index

Netskope Real-time Protection Policies

PCI-DSS stands for Payment Card Industry Data Security Standard, which is a set of security requirements for organizations that handle credit card data. It aims to protect cardholder data from unauthorized access, disclosure, or theft, both in transit and at rest. PCI-DSS covers various aspects of security, such as encryption, authentication, firewall, logging, monitoring, and incident response. If you are working with a large retail chain and have concerns about their customer data, you should use PCI-DSS as the regulatory compliance standard to govern this data. SOC 3, AES-256, and ISO 27001 are not specific to credit card data protection, although they may have some relevance to general security practices. References: [PCI-DSS], [SOC 3], [AES-256], [ISO 27001].

Netskope’s Private Access Solution is a service that allows users to securely access private applications without exposing them to the internet or using VPNs. It provides protection for private applications by encrypting the traffic, enforcing granular policies, and preventing data exfiltration. It also provides access to private applications by creating a secure tunnel between the user’s device and the application’s server, regardless of their location or network. It does not act as a cloud-based firewall, as it does not filter or block traffic based on ports or protocols. It does not require on-premises hardware, as it is a cloud-native solution that leverages Netskope’s global network of points of presence (POPs). References: [Netskope Private Access].

An administrator would use the Digital Experience Management (DEM) component to see an overview of private application usage and performance. DEM provides comprehensive insights into the performance and user experience of private applications, including metrics on latency, bandwidth, and application health.

Digital Experience Management (DEM): This component focuses on monitoring and optimizing the user experience for private and public applications by collecting detailed performance data and providing actionable insights.

The other options do not provide the same level of detailed performance and usage overview for private applications:

Publishers page: Typically used for managing and configuring Netskope Publishers.

Incident Management: Focuses on tracking and resolving security incidents.

Cloud Exchange: Deals with integrations and data sharing between Netskope and other security solutions.

References:

Netskope documentation on Digital Experience Management and its capabilities.

Best practices for using DEM to monitor application performance and enhance user experience.

=================

In the exhibit, a user is uploading a file containing PCI-DSS data to the corporate Google Drive instance. Despite the policy that blocks DLP (Data Loss Prevention) uploads being active, the upload is not blocked. This indicates that the policy is not applied in the correct order.

Netskope applies policies in a top-down manner. If there are multiple policies that could apply to an action, the order in which the policies are evaluated is crucial. In this case, another policy might be allowing the upload before the DLP policy can block it. Ensuring that the DLP policy is higher in the order can resolve this issue.

References:

Netskope policy configuration and enforcement documentation.

Details on how Netskope processes and applies policies based on their order in the policy list.

ï‚· NewEdge Data Planes Monitoring:

To determine which NewEdge data planes your remote users have been using, you need to access the relevant monitoring section in the Netskope Tenant UI.

ï‚· Client Steering under Digital Experience Management:

The Client Steering section under Digital Experience Management provides detailed information on how traffic is being steered for remote users.

This section includes insights into the NewEdge data planes being utilized by users.

ï‚· Steps:

Navigate to Digital Experience Management in the Netskope Tenant UI.

Select Client Steering to view detailed reports and logs on traffic steering.

Analyze the data to identify the NewEdge data planes used by remote users recently.

ï‚· References:

For more details on accessing and using the Client Steering section under Digital Experience Management, refer to the Netskope documentation on digital experience management and client steering​​​​.

When reviewing files affected by malware in the Netskope UI under Incidents -> Malware, you have the following options:

Identify the exposure of the file identified as malware: This allows you to see where the malware has spread within the organization, which users or systems are affected, and any potential data exposure resulting from the malware.

Determine the Detection Engine used to identify the malware: Netskope provides details on which detection engine (such as AV, sandboxing, or other heuristic engines) identified the malware. This helps in understanding the threat vector and the reliability of the detection.

Downloading the original malware file (option A) is generally not recommended for security reasons and may not be supported directly from the Netskope UI. Remediation of compromised devices (option C) would typically be handled through endpoint security solutions rather than directly from the Netskope UI.

References:

Netskope documentation on malware detection and incident response.

Best practices for handling malware incidents and using the Netskope UI for threat analysis.

=================

When designing an architecture with Netskope Private Access, the Netskope Publisher is the element that guarantees connectivity between the Netskope cloud and the private application. The Publisher acts as a gateway, securely connecting users to private applications hosted on-premises or in data centers.

Netskope Publisher: This component facilitates secure access to private applications by connecting the Netskope cloud with the internal network. It ensures that users can access private applications seamlessly while maintaining security and compliance.

References:

Netskope documentation on Private Access and the role of the Publisher.

Best practices for configuring and deploying Netskope Publisher to ensure secure connectivity to private applications.

=================

Two pillars of CASB are visibility and compliance. CASB stands for Cloud Access Security Broker, which is a solution that provides visibility and control over cloud services and web traffic, as well as data and threat protection for cloud users and devices. Visibility is the capability to identify all cloud services in use and assess their risk factors, such as security, auditability, business continuity, etc. Compliance is the capability to ensure that cloud services and data meet the regulatory standards and policies of the organization or industry, such as GDPR, HIPAA, PCI DSS, etc. References: What Is a Cloud Access Security Broker (CASB)? | MicrosoftCASB Guide: What are the 4 Pillars of CASB? - Security Service Edge