About Netskope Secure Web Gateway
About Netskope Secure Web Gateway
Netskope Secure Web Gateway enables you to govern web usage and provide a safe experience for your users with comprehensive web classification and content filtering. By steering web traffic through Netskope, you can distill web activity into user sites, page visits, and other web activities in order to analyze usage and protect your enterprise.
Netskope Secure Web Gateway Features
Feature | Description |
---|---|
Web traffic steering |
|
Web classification and filtering |
|
Advanced data loss prevention (DLP) |
|
Remote Browser Isolation |
|
Risk-focused classification |
|
Advanced threat protection |
|
Transport Layer Security (TLS) decryption | Decrypt and inspect TLS traffic at cloud-scale with no impact to end user experience. |
Graceful handling of retries for blocked files | Data trickling allows browser to use range headers to download partial files. This behavior is blocked entirely after the first block is sent from the proxy which prevents further partial downloads. |
Use Cases
Netskope Secure Web Gateway applies the benefits of CASB to the entire web. By adding specific category classifications to a Real-time Protection policy, you can prohibit users from inappropriate sites, plus protect your organization from data loss and potential malware. Here are some examples of how to use Netskope Secure Web Gateway.
- Prohibit users from sites that violate your Acceptable Use Policy (AUP). Custom categories can be created to find prohibited sites not already specified in one of our predefined categories. The URL Lookup feature can tell you whether or not a category contains a particular URL to help ensure full coverage.
- Prohibit users from possibly inappropriate sites, but allow access if justification can be provided by the user, or a site exception is configured using a URL list in a custom category. Users are notified when they can justify access and when they are denied access due to a policy violation.
- Protect your users and organization from data loss and malicious sites by adding DLP or Threat Protection profiles to a Real-time Protection policy. Remediate threats by blocking sites with multiple layers of threat detection including static and dynamic anti-virus inspection, user behavior anomaly detection, heuristic analysis, sandbox analysis, and more.
iOS Profile Use with Netskope Secure Web Gateway and Netskope Private Access
For Netskope Secure Web Gateway (and CASB), the iOS profile created uses an on-demand VPN on iOS devices. For Netskope Private Access installing the Client creates another always on VPN profile. You can only use one of these profiles at a time on an iOS device.
Both of the profiles are independent and can be created on the same device. Depending on the resource the you want to access, you’ll need to go to iOS settings and switch between the iOS profiles.
Prerequisites
In order to use Netskope Secure Web Gateway, you must:
- Purchase the Netskope Secure Web Gateway license and contact Support to have it enabled in your tenant.
- Use version 66 or later when using the Netskope Client for traffic steering.
Workflow
Netskope Secure Web Gateway includes these primary steps:
- Determine which traffic steering method you want to use: Netskope Client, Generic Routing Encapsulation (GRE) or IP Security (IPSec) tunneling, Secure Forwarder, or Data Plane On-Premises appliance.
- Create custom categories to use in a Real-time Protection policy. Use the URL list feature to include or exclude specific URLs in a custom category.
- Create a Real-time Protection policy that uses the custom categories and profiles you created to protect your web traffic activity.
- Review the Skope IT Site and Page Events to get specifics about your web traffic, and then create web summary reports to compile web usage analytics.