Netskope Help

Getting Started with Netskope Public Cloud Security

Netskope Public Cloud Security provides a security assessment framework which accesses and analyzes the posture of your IaaS resources in AWS, Azure, and Google Cloud Platform, and generates alerts that an administrator can remediate. You can configure one or more accounts to be evaluated against CIS benchmarks such as CIS AWS Foundations, CIS Microsoft Azure Foundations, or your own assessment framework. Netskope assesses your environment and measures against benchmarks and best practices. Netskope securely audits your cloud services continuously so you can determine if there are any potentially exploitable misconfigurations.

To set up Netskope Public Cloud Security, you need to:

  1. Configure Continuous Security Assessment (CSA) for each AWS account, Azure tenant, and GCP organization.

    For information on configuring CSA,

  2. Assign roles to IaaS/PaaS administrators.

    For information on managing admin privileges using  Netskope UI, see Managing Administrators

  3. Set up security assessment policies

    For information on security assessment policies, profiles, and rules, see Security Assessment.

    For information on creating custom security assessment rules, see Custom Rules using Domain Specific Language.

Here are references to APIs that help you automate deployments at scale.

  • To manage your IaaS API Data Protection instances, use 

    https://<tenant-name>.goskope.com/api/v1/introspection_instance
  • To receive security assessment violations from the latest scan, use

    https://<tenant-name>.goskope.com/api/v1/security_assessment

For more information on REST API endpoints see, Public Cloud API Endpoints.

Viewing IaaS Alerts

With security assessment, Netskope scans the configuration of all the resources deployed in your IaaS account and checks the configuration against standards such as CIS Benchmarks.  CIS Benchmarks support many best practices for configuration in your IaaS environment such as confirming that two-factor authentication is enabled, access keys are rotated every 90 days, or least access is allowed for Virtual Private Cloud. If violations are found, the items are flagged as Critical, High, Medium, or Low violations.  The administrator can find detailed information about each violation and how to remediate by drilling down via the Cloud Infrastructure pages. See, Cloud Infrastructure.

Note

The IaaS specific information under API Data Protection > <IaaS app> > <Instance Name> is now available under Cloud Infrastructure in the Netskope UI.