Real-time Protection for IaaS

You can define granular Real-time Protection policies to monitor API and browser traffic to sanctioned and unsanctioned accounts.

For AWS, you can include all supported AWS services in a single Real-time Protection policy with the Cloud App Suite grouping feature. Real-time Protection leverages Netskope’s Cloud Security Posture Management (CSPM) capabilities to synchronize AWS account IDs as app instances of the “Amazon Web Services Console” app, which covers the AWS Console Login. When the policies are applied, Netskope refers to these account IDs to identify the destination of traffic. To learn more about supported AWS services, see: Supported AWS Entities for Real-time Protection.

For GCP, the Cloud App Suite feature and CSPM-based synchronization are unsupported. The Instance ID mapping for GCP traffic is the project ID. In cases where API calls don’t have project IDs in the traffic transaction, the instance ID is mapped to the user domain or service account email. To learn more about supported GCP services, see Supported GCP Entities for Real-time Protection.

Rest APIs for adding app instances programmatically are available. To learn more, see Add an App Instance.

To create a Real-time Protection policy for IaaS:

1. In the Netskope tenant, navigate to Policies > Real-time Protection.
2. Click New Policy and select Cloud App Access.
3. On the Real-time Protection Policy page, select the Source from the list of users, user groups, organizational units, or unknown users.
4. For Destination:
   • To apply this policy to all AWS or GCP services, select Cloud App and click AWS or GCP to select individual apps for granular match. For AWS, you can also select Amazon Web Services under Cloud App Suite to select all AWS apps as a group.
   • To create a policy to control console logins for your AWS accounts onboarded through CSPM, select App Instance and then select All Amazon Web Services to include all the existing and future AWS instances. Alternatively, select specific instances under Amazon Web Services.
   • To create a policy when not using CSPM for AWS, you must create an app instance using REST API, and then select the instances under App Instances > App.
5. In the previous step, if you selected Cloud App and Amazon Web Services suite or individual AWS or GCP cloud apps, you can apply additional criteria (e.g., App Instance Tag) using REST API.
6. Under Profile & Action, you can select multiple DLP profiles and set an action for each profile.
7. Provide a policy name, set the status as Enabled, and set the policy schedule.
8. Click Save.