Netskope Cloud Exchange Debuts
November 2, 2021
Netskope Cloud Exchange is a suite of integration modules from Netskope and strategic partners that make customers' existing security infrastructure much more efficient at stopping cloud security threats. Cloud Exchange, which is free to Netskope customers, successfully enables cloud-based data and intelligence sharing across security and IT operations teams, helping those teams act faster and more effectively.
Cloud security risks continue to grow, a trend further accelerated by the pandemic-driven shift to remote work. According to Netskope Threat Labs research, cloud-delivered malware has reached an all-time high as of the second half of 2021, accounting for nearly 70% of malware delivery overall. Solving myriad web and cloud security challenges requires teams to proactively share actionable threat intelligence and use tools that draw on the best of multi-vendor integrations to shorten time-to-value, reduce friction in the delivery of security services, and increase the overall effectiveness of infrastructure.
"Teams endure security operations complexity and often struggle to operationalize the valuable telemetry and threat intelligence that would make their security infrastructure more efficient," said Andy Horwitz, Vice President, Business Development, Netskope. "With Cloud Exchange, we're removing complexity and helping all customers get more out of the investments they've made in their security stack. We're very pleased to collaborate with important partners in security and workflow management to make this easy today."
New or enhanced Cloud Exchange integration modules announced today include exporting logs, automating service tickets, sharing indicators of compromise (IOCs), and exchanging risk scores, delivered by Netskope with integrations for well-known technology partners and domain specialists.
Cloud Exchange modules include the following:
Cloud Threat Exchange (CTE) enables automated bi-directional IOC sharing of file hashes and malicious URLs, such as between Netskope and CrowdStrike for the latest in ransomware and threat intelligence. CTE has plug-ins for multiple security vendors, industry standards STIX and TAXII, plus customers can create their own CTE plug-ins.
Cloud Ticket Orchestrator (CTO), new this year, automatically creates service tickets from Netskope alerts within IT service management and collaboration tools such as those from Atlassian, PagerDuty, ServiceNow, and Slack, helping to automate response workflows.
Cloud Risk Exchange (CRE) enables the exchange and normalization of risk ratings between security solutions, such as Zero Trust Assessment (ZTA) for devices from CrowdStrike and user confidence index (UCI) risk ratings from Netskope. CRE enables adaptive policy controls to support zero trust principles, and can automatically invoke CTO service tickets to trigger investigations.
Cloud Log Shipper (CLS) exports Netskope logs to preferred SIEMs and data lakes, smoothly enabling security operations or XDR/MDR services with rich details of web and cloud activity including data flows.
Cloud Exchange integration modules support high availability deployments and are available free to Netskope customers via Netskope, Github, and AWS Marketplace.
"Today's complex threat landscape requires a modern security strategy that includes shared telemetry between solutions, providing actionable intelligence to joint customers. This allows security teams to more effectively defend their organizations from sophisticated cyber actors," said Matthew Polly, Vice President of Worldwide Alliances, Channels and Business Development, CrowdStrike. "We are excited to participate in Netskope's Cloud Exchange by sharing our IOCs and contextual device assessment, enabling customers to more easily implement a Zero Trust framework and protecting their applications, data and users from cyber attacks."
"Cloud Log Shipper adds rich, contextual, expansive, and detailed Netskope event and alert data to Rapid7, enabling SOC teams to quickly understand and investigate customers' cloud applications, data, users, and devices," said David Beaver, Director of Strategic Alliances & Partner Programs, Rapid7. "Rapid7 InsightIDR is also able to share actionable information back to Netskope via Cloud Threat Exchange, closing the feedback loop and reducing the potential for successful attacks."
"At Mimecast, we understand the importance of collaboration and intelligence sharing in cybersecurity," said Jules Martin, Vice President, Ecosystem & Alliances, Mimecast. "The Netskope Cloud Threat Exchange will make it easy for joint customers to process incidents of compromise from their various security vendors, and we're thrilled to be an inaugural partner."
"The integration between Netskope's Cloud Ticket Orchestrator and the PagerDuty digital operations management platform allows for efficient incident resolution for Security teams of any size," said Steve Gross, Senior Director, Global Technology Ecosystem, PagerDuty.