Netskope Help

Threat Protection

As businesses move to the cloud, they are increasingly susceptible to modern day threats like malware and ransomware. One of the initial transitions to the cloud for a business has been in the cloud storage category, with a number of them using SaaS apps like Microsoft OneDrive for Business, Google Drive, Box, Dropbox, to name a few.

Files get into these cloud storage apps in a number of ways, like through third-party vendors, attachments saved from emails, files uploaded from desktops, and so on. Not all files get scanned by endpoint systems. Netskope provides threat protection for files stored in enterprise-managed applications in the cloud storage category.

When a malware file is found in a SaaS app, you have three choices based on severity: send a SkopeIT alert in Netskope, quarantine the files, or apply a malware remediation profile to a policy. With quarantine, the malware affected file is zipped and password protected so others do not click it and get infected, and then the admin defined in a quarantine profile is notified.

A malware scan is standard, but advanced threat protection that scans for ransomware is a licensed feature and is not enabled by default. Without a license, you will not be able to scan for ransomware as described in this document. Use threat protection with Real-time Protection and API Data Protection policies to detect files with malware. Use threat protection with Risk Insights to detect malicious sites.

This section presents a set of use cases that present threats and how Netskope can help mitigate the risk with each use cases and increase your cloud security maturity.


To use advanced threat protection, contact Support and get the license to enable this feature in your tenant UI.