Netskope Help

Advanced Threat Protection

Netskope Advanced Threat Protection includes multiple detection engines that detect sophisticated zero day threats and targeted attacks. Our comprehensive, multi-engine approach ensures higher efficacy and protection against evasive threats that may be optimized to bypass some detection engines.

The Netskope Advanced Threat Protection solution includes:

  • Advanced Heuristic Analysis

  • Cloud Sandbox Analysis

  • Ransomware Detection and Remediation.

Configure Advanced Threat Protection

The Netskope cloud platform has threat protection capabilities, including advanced threat detection engines, such as heuristic analysis, sandbox analysis, and ransomware detection and remediation.

You can also leverage some of your existing, trusted threat detection products like Palo Alto Networks Wildfire, Juniper SkyATP, and Check Point SandBlast to work with Netskope ATP. An advanced threat protection license is required. Contact Support to get this feature enabled.

After integration, verify the status is green. Go to Settings > Threat Protection > Integration. Under Advanced Threat Protection look for a green arrow besides Status:. Verifying the status is green ensures that blocklisted and allowlisted files are included in your Ransomware detection scan.

The file types sent vary per application:

  • Juniper SkyATP: Hash lookup of all file types

  • Check Point SandBlast: All file types

  • Palo Alto Networks Wildfire:

    • Android application package (APK) files

    • Adobe Flash files Archive (RAR and 7-Zip) files

    • Java Archive (JAR) files

    • Microsoft office files

    • Portable executable (PE) files

    • Portable document format (PDF) files

    • Mac OS X files

    • Linux (ELF) files

Before you begin, make sure you have your ATP app API key and server IP address; these are needed to complete this procedure.

To configure an ATP app integration:

  1. Go to Settings > Threat Protection > Integration.

  2. Click on the Juniper SkyATP, Palo Alto Networks Wildfire, or Check Point Sandblast application box.

  3. Enter and select parameters for each field:

    • API Key: Enter your ATP app API key

    • Rate Limit Per Hour: Enter a rate limit value per hour. Rate limiting controls the rate of traffic sent or received by the server. If a value of 200 is entered, Netskope will make a maximum of 200 API calls to the endpoint server in a span of one hour.

      Juniper SkyATP, PAN Wildfire, and Check Point Sandblast applications vary in rate limits. Check the product documentation for these apps to learn their rate limit per hour.

      Note

      This field is visible only if a rate limit is configured on your systems.

    • Type: Select Cloud.

    • Only send files that are detected malicious by Netskope engines: Sends only files that are detected as malicious by Netskope ATP engines.

    • Server: Enter the IP address or FQDN of your ATP server.

    • Instance Name: Enter a meaningful name to identify this integration.

  4. When finished, click Save.