Mimecast Shared File Hashes

Mimecast Shared File Hashes

Netskope provides a feature called “Shared File Hashes” that allows organizations to securely share file hashes with Netskope.

Threat Detection and Prevention

Netskope compares shared file hashes against a database of known malicious hashes to identify potentially malicious files or objects. If a match is found, Netskope can trigger alerts, block access, or take other appropriate actions to prevent the spread of malware or unauthorized content. Follow below steps for Threat Protection.

1. Create a Threat Detection and Prevention profile. In the Netskope UI, go to Policies and under Profiles select File. Click New File Profile and select File Hash. Select SHA-256 from the Add File Hash by Type dropdown.

2. Enter a Temporary value in the text field as you can’t keep the field empty while creating the file profile. For example: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff.

3. Click Next, add a Profile Name and Description, and then click Save.

4. Click Apply Changes on the File profile page to get the profile reflected.

5. Add the File Profile created in to a Threat Protection profile. Go to Policies > Profiles > Threat Protection > Malware Detection Profile and click New Malware Detection Profile.

6. Click Next and add the File profile you created previously in to the New Malware Detection profile under Allowlist. Click Next twice.

7. Enter a Profile name, and then save the profile.

8. Create a Real-time Protection Policy for the shared Threat Exchange File Hashes. Go to Policies > Real-time Protection > New Policy > Threat Protection.

9. Select a Source from the dropdown, add the required action on the basis of generated alerts for the selected Malware profile you created, and then enter a Policy name. When finished, click Save.

Netskope is now ready to react to shared file hashes uploaded from Cloud Exchange shared from Mimecast.

Data Loss Prevention (DLP)

Shared hashes are used in DLP policies to identify sensitive data within files. Organizations can generate and share hashes of sensitive data, such as credit card numbers or personally identifiable information (PII), with Netskope. Netskope can then scan files and objects within the cloud environment to identify matches with the shared hashes, helping prevent data leaks or unauthorized sharing of sensitive information. Follow Netskope DLP Configuration to implement the same.

1. Add the File profile created in the threat protection profile in to a DLP profile. Go to Policies > Profiles > DLP > New DLP Profile and click New Profile.

2. Select the File Profile you created previously and click Next.

3. Select a Rule Classification per your specifications and click Next.

4. Enter a DLP Profile Name and click Save.

5. Create a Real-time Protection Policy for the shared Threat Exchange File Hashes. Go to Policies > Real-time Protection > New Policy and select DLP.

6. Select a Source from the dropdown, add the required action on the basis of generated alert for the selected DLP profile you created, and then enter a Policy name. When finished, click Save.

Netskope is now ready to react to the shared file hashes shared via Cloud Exchange using the Mimecast plugin.