Netskope SaaS Security Posture Policy
Netskope SaaS Security Posture Policy
A security posture policy is a set of rules and categories and sub-categories like compliance standards, well-known security domains/categories, MITRE ATT&CK framework, and Netskope best practices standards. A category is a library of security best practices. Compliance standards are organized into sub-categories, sections, or controls. Rules are mapped to one or many sub-categories. A rule includes Netskope Governance Language (NGL), a description of the rule, and a severity level. An administrator can create a security posture policy for a SaaS app. An administrator can create a security posture policy to access and analyze the posture of the SaaS resources with industry benchmarks and best practices. An administrator can create a security posture policy with a set of rules and sub-categories belonging to rule-categories. A category can be predefined such as the CIS Benchmark standard, MITRE ATT&CK, security domain such as application, Netskope best practices for GitHub, etc. A rule is a code snippet with associated metadata, such as severity, that is used to identify a specific violation of a SaaS resource.
A security posture policy has three functions:
- What resource to scan: You can specify this by including or excluding instances.
- Against what rules to scan: Control rule selection via compliance standards, well-known security domains/categories, MITRE ATT&CK, Netskope best practices and rules. Selected rules can be disabled in each policy.
- What action to be taken: Alerts and email notifications.
You can create a security posture policy for a cloud service. To access the security posture policy page:
- Log in to the Netskope tenant UI.
- Navigate to Policies > Security Posture. Then, click the Next Gen tab.
The Security Posture page opens.
- The Security Posture page displays a list of policies configured for the SaaS apps infrastructure. The fields are:
- Policy Name: Name of the policy.
- Instance: Name of the instance for which the policy is defined.
- Rules: List the number of rules and categories associated with the policy.
- Last Edit: Time stamp of the last edited policy.
You can edit, revert, disable, clone, and delete a policy. Click the More Options icon (…) to the right of the policy entry and select one of the following options:
- Edit: On selecting this option, you can edit the policy.
- Revert: On selecting this option, Netskope reverts the policy to its last applied change.
Note
This option is available only for a policy with pending changes.
- Disable: On selecting this option, Netskope disables the policy and stops the scan for the policy.
- Clone: On selecting the option, Netskope creates a duplicate copy of the policy.
- Delete: On selecting this option, Netskope deletes the policy.
Note
If you delete a policy, scanning stops at the next scan interval. The existing scan continues to run till it finishes.
Also, you can perform the following tasks:
- Search a policy from the Policy Name ~ search field.
- Click + Add Filter to filter the policies based on App Suite, Compliance Standard, MITRE ATT&CK, Domain, Netskope Best Practices, and Instance.
