Observe Cloud App Activities (OPLP) and Risk Insights
Observe Cloud App Activities (OPLP) and Risk Insights
Netskope Risk Insights gives you an ongoing view of the cloud and web use at your organization and uses the Netskope Cloud Confidence Index (CCI) to assess the enterprise readiness of cloud services based on a set of objective criteria. This serves as a guidepost to mitigate risk, influence usage and reduce costs for the cloud services in your organization.
As a general methodology, Risk Insights is the process by which enterprises can routinely assess the risk associated with any cloud traffic, developing specific reports, queries, and dashboards to allow enterprises to monitor potential cloud threats in their environment and adjust their security posture appropriately.
Netskope delivers granular detail about cloud and web usage down to the activity and user level when available, which provides additional context to inform your security policies. Netskope even allows you to run ad hoc queries and dynamic reports in real time for custom reporting needs. You can also identify anomalies such as data exfiltration or compromised credentials.
Understanding Risk Insights
An event is the most fundamental element of information that is displayed in the Netskope tenant, tracking the details associated with an individual occurrence of a connection to a particular application. Events are separated into three distinct types: page, application, and alert events.
Shown below is a summary of the events:
Category | Page Events | Application Events | Alert Events |
---|---|---|---|
General Description | Provides byte traffic information | Provides context around user activities | Highlights potential risk through threat or policy engines |
OPLP/CLS | Detail of events depends on granularity of the log source | Usually only block events from proxy/firewall via policy or HTTP error codes | Usually only anomalies or malicious sites/malware |
API-enabled Protection | Not applicable | Polled audit logs and scan activities for users in API-integrated apps | Alerts on policy for DLP, quarantine, legal hold, etc. + anomalies, malware, compromised creds |
Real-time Protection | Users generate events with username and byte traffic direction | Real-time audit logs of user activities for all steered cloud apps | Alerts on policy for DLP, quarantine, legal hold, etc. + anomalies, malware, compromised creds |
Users of Risk Insights:
- Cloud Governance Team
- Risk Management Team
- Security Analyst
- Netskope Admin
Here are some widely used real world use cases that will address your organization’s visibility and reporting needs.
Use cases: