Netskope Help

Protect against network-based attacks

Netskope's Client Traffic Exploitation Protection (CTEP) is a signature-based Intrusion Protection System (IPS) that analyzes network traffic flows and continuously compares the bitstream with its internal signature database for known attack patterns.

When an attack is initiated that matches one of these signatures or patterns CTEP can either alert or block depending on how it has been configured.

In blocking mode, CTEP prevents bad actors from gaining control of vital applications or systems, causing distributed denial of service (DDoS) attacks, or obtaining access to the rights and permissions of applications.

Click here for information on creating a CTEP policy in Real-time Protection policy.

Follow the below best practices while creating CTEP policy for maximizing benefits.

  • Add [CTEP] to the beginning of each CTEP policy name to make policy searches and Skope IT investigations easier.

  • Security profile is the recommended base profile and then modify/tune to your preference.

  • Be careful using “Max Detect” profile as it is likely to increase the number of false positives.

  • Add a basic CTEP policy as the last policy in the stack

    • Source: Any

    • Destination: All Categories

    • Profile: select your preferred CTEP profile

    • Action: CTEP