Netskope Help

Observe Cloud App Activities (OPLP) and Risk Insights

Netskope Risk Insights gives you an ongoing view of the cloud and web use at your organization and uses the Netskope Cloud Confidence Index (CCI) to assess the enterprise readiness of cloud services based on a set of objective criteria. This serves as a guidepost to mitigate risk, influence usage and reduce costs for the cloud services in your organization.

As a general methodology, Risk Insights is the process by which enterprises can routinely assess the risk associated with any cloud traffic, developing specific reports, queries, and dashboards to allow enterprises to monitor potential cloud threats in their environment and adjust their security posture appropriately.

Netskope delivers granular detail about cloud and web usage down to the activity and user level when available, which provides additional context to inform your security policies. Netskope even allows you to run ad hoc queries and dynamic reports in real time for custom reporting needs. You can also identify anomalies such as data exfiltration or compromised credentials.

Understanding Risk Insights

An event is the most fundamental element of information that is displayed in the Netskope tenant, tracking the details associated with an individual occurrence of a connection to a particular application. Events are separated into three distinct types: page, application, and alert events. 

Shown below is  a summary of the events:

Category

Page Events

Application Events

Alert Events

General Description

Provides byte traffic information

Provides context around user activities

Highlights potential risk through threat or policy engines

OPLP/CLS

Detail of events depends on granularity of the log source

Usually only block events from proxy/firewall via policy or HTTP error codes

Usually only anomalies or malicious sites/malware

API-enabled Protection

Not applicable

Polled audit logs and scan activities for users in API-integrated apps

Alerts on policy for DLP, quarantine, legal hold, etc. + anomalies, malware, compromised creds

Real-time Protection

Users generate events with username and byte traffic direction

Real-time audit logs of user activities for all steered cloud apps

Alerts on policy for DLP, quarantine, legal hold, etc. + anomalies, malware, compromised creds

Users of Risk Insights:

  • Cloud Governance Team

  • Risk Management Team

  • Security Analyst

  • Netskope Admin

Here are some widely used real world use cases that will address your organization’s visibility and reporting needs.

Use cases: