Integrating Panoptica with DSPM

Overview

DSPM is a Data Security Posture Management from the Netskope One platform that automates security and governance for data, whether on-premises or in the cloud, with end-to-end protection. It delivers real-time visibility, control, and remediation for structured (like SQL databases), semi-structured (such as JSON logs), and unstructured data (including emails and documents) across databases, data lakes, and warehouses. Powered by Data Access Governance (DAG) and Data Detection and Response (DDR), the platform enforces compliance and ensures continuous audit readiness.

Panoptica is a Cloud-Native Application Protection Platform (CNAPP) with Cloud Security Posture Management (CSPM) features, helping identify attack paths and risks across multi-cloud environments.

Use the steps below to integrate the Netskope DSPM with Panoptica, combining Panoptica’s risk insights with DSPM’s data protection to close security gaps and protect your most sensitive data.

Integration Overview and Benefits

Understanding the integration of CNAPP and Netskope DSPM in a real-world scenario highlights its strong value. For example, a customer using Panoptica CNAPP to secure cloud-native data assets and applications can identify attack paths and vulnerabilities across cloud environments. However, managing today’s cloud sprawl can be challenging for security and cloud teams.

Our DSPM strengthens security by continuously discovering and classifying data, spotting sensitive patterns, and highlighting urgent risks. It adds data-level access and usage monitoring, which complements CNAPP’s broader app and infrastructure visibility.

This integration provides end-to-end protection for both applications and the sensitive data they handle, while ensuring compliance with regulatory standards. It can also uncover previously unknown data assets containing personally identifiable information (PII), such as names or Social Security numbers, helping security teams better prioritize their efforts and safeguard critical assets.

Key benefits:

Comprehensive protection with a unified view of both applications and sensitive data.
Improved risk management by helping teams focus on critical data and app vulnerabilities.
Simplified compliance through continuous monitoring and automated reporting.
Faster, coordinated incident response to reduce impact and support recovery.

Supported Services

The Netskope DSPM and Panoptica integration supports the following services:

Cloud Provider	Database Services	Storage Services
AWS	RDS (MariaDB, MySQL, Oracle, PostgreSQL, SQL Server), Aurora, Redshift	S3, DynamoDB
Azure	Database for MariaDB	Blob Storage
GCP	BigQuery, Cloud SQL	Cloud Storage

Setting Up Netskope DSPM

If you don’t have access to our DSPM, email support@netskope.com with:

Your request for a new Netskope DSPM-hosted application.
The full name and email of the person who should be the application administrator.

You’ll receive the following from your assigned support representative:

Instructions to access your new Netskope DSPM application.
A link to our private knowledge base.

Generate Panoptica API Key

To generate a Panoptica API key, follow these steps:

In Netskope DSPM:

Go to Administration > Integrations.
Click Panoptica Console link.

In the Panoptica Console:

Go to Settings > API Keys.
Click Add API Key > Enter a name (e.g., Example_API_Key) > Click Save.
Copy the API key value

Complete the Connection:

Return to Netskope DSPM.
Paste the key into the Panoptica API Key field.
Click Connect.

Note
To disconnect later, edit the connection at the Integrations page and click Disconnect.

Configuring Netskope DSPM

After getting access to our DSPM, complete these two steps to start the integration:

Onboard your infrastructure connections
Connect your data stores

You’ll find links to the setup guides below, or you can contact support@netskope.com for assistance.

Onboard Infrastructure Connections

Amazon Web Services (AWS)

Netskope DSPM connects to AWS using IAM roles, which provide the permissions needed to scan and classify your data stores. You can create these roles with CloudFormation or Terraform.

Each AWS account used in Panoptica must also be added as a matching infrastructure connection in Netskope DSPM. Setup guides:

Once connected, our DSPM auto-discovers your AWS data stores and imports any related tags.

Google Cloud Platform (GCP)

GCP also uses IAM roles for integration with our DSPM. Roles can be created manually or with Terraform.

Each GCP account in Panoptica must also be set up in Netskope DSPM. Setup guides:

Microsoft Azure

Azure uses IAM roles as well. These can be created manually or through Terraform to give DSPM the access it needs.

Each Azure account in Panoptica must be added in DSPM too. Setup guides:

Connect Data Stores

Each data store you want to monitor in Panoptica must also be connected as a matching data store in Netskope DSPM. Follow the steps in the articles below (be sure to log in to our knowledge base using the link provided by the Netskope DSPM support team):

Once connected, our DSPM will analyze and classify the data using multiple signals and inputs. It also assigns sensitivity levels based on the types of data it finds. For example, if it detects usernames, it may label the data as Medium sensitivity.

You can find more details in the Classification Management article.

Monitoring Panoptica Insights

In Netskope DSPM, go to the Security Center and open Data Stores > Data Store Inventory to view insights retrieved from Panoptica. This page shows metrics like Asset Health Score, Network Exposure Health, Identity Health, Attack Path Count, and Security Findings Count.

Note
To see more details in Panoptica, click the hyperlink icon next to the Asset Health Score or any linked counts.
The Asset Inventory page in Panoptica also shows assets monitored by our DSPM.
Asset Details offer deeper insight into attack paths, including how to investigate and remediate them.
Security Insights show posture risks and recommended actions to address them.