On February 25, Netskope announced details of Netskope Active Threat Protection, a platform that delivers comprehensive cloud security by identifying and remediating security threats within a cloud-based infrastructure. Netskope Active Threat Protection enables customers to identify sanctioned and unsanctioned apps within a cloud environment. In addition, the platform provides granular analytics about application usage by elaborating on whether the app in question is used to download, share or upload data. The granularity of Netskope’s analytics about app usage empowers customers to determine whether an unsanctioned app really poses a security threat, constitutes an innocuous presence with the organization’s IT landscape or lies somewhere in the middle of the spectrum between security threat and harmless insider. The platform also boasts the capability to prioritize threats by utilizing real-time threat intelligence, machine learning and predictive analytics to rank the threat posed by a specific threat vector. Moreover, Netskope Active Threat Protection features built-in remediation frameworks that take advantage of the company’s integrations with endpoint detection and response technologies to enable the timely resolution of threats before they have the opportunity to escalate. The product’s remediation activities are enabled by a rich policy framework that informs the application of policy statements to security threats. The key differentiator of Netskope Active Threat Protection, however, is the larger ability of the platform to deliver 360 degree cloud security analytics and remediation functionality from an integrated dashboard the focuses as much on internal threats within an IT infrastructure as it does with threats from the perimeter. The product’s integrations with third party threat feeds from vendors such as the FireEye and Cyphort allows it to deliver real-time analytics from data originating from multiple sources in ways that testify to its data aggregation and data integration capabilities. Netskope Active Threat Protection bolsters Netskope’s positioning with the cloud access security broker space by delivering a comprehensive cloud security solution featuring advanced analytics that not only identify and quarantine threats, but that can also prioritize and remediate threats as they arise.
Cloud Access Security Broker Netskope today announces the finalization of $75M in Series D funding led by Iconiq Capital with additional participation from existing investors Accel Partners, Lightspeed Venture Partners and the Social + Capital Partnership. The Netskope platform discovers cloud-based apps, understands the security threats specific to them and implements policies or procedures designed to guarantee the secure operation of the app in question within the larger context of the infrastructure in which it is deployed. Over the past year, Netskope has experienced 500% growth in year over year customer revenue and 600% growth in year over year revenue growth. The funding raise constitutes strong validation of the company’s platform for ensuring the security of cloud apps within enterprise environments and underscores Netskope’s leadership in the space dedicated to shadow IT and unsanctioned apps. The company’s growth has been fueled by its ability to provide an unparalleled level of granularity into cloud app usage within enterprise environments. The infusion of $75M in capital will be used to accelerate product development and expand sales, marketing and research operations.
Cloud Computing Today recently spoke to Krishna Narayanaswamy, Chief Data Scientist at Netskope, about the company’s positioning in the cloud security space in addition to his predictions for the cloud security landscape in 2015. Part of the impetus for the conversation was to understand how cloud security involves more than the monitoring of real-time system and application behavior that suggests fraudulent or abnormal activity by implementing proactive actions based on predictive analytics and machine learning. Krishna responded by elaborating on Netskope’s ability to develop security policies in conjunction with its analytics as well as the BYOD phenomenon and its attendant challenges for cloud security. As for cloud security predictions for 2015, Krishna noted an expected increase in data breaches, the use of cloud apps as a vector for the spread of malware and the way in which cloud security for apps sanctioned by enterprise IT policies will need to address the security of data at rest as well as data in motion.
1. Cloud Computing Today: How do you understand Netskope’s differentiation within the cloud security space?
K. Narayanaswamy (Netskope): The workforce of nearly every company today uses cloud apps, and as adoption has become common, it’s more likely that people will share sensitive business information via those apps. Our research shows that the average organization today has 613 cloud apps in use, 88 percent of which are not enterprise ready. Today’s companies not only need a way to discover the cloud apps that are used by their workforce — sanctioned or not — they need to be aware of the activities that happen within those apps, and set policies to prevent the activities that put confidential and sensitive information at risk.
Netskope is the only cloud app security and enablement company that offers real-time analysis and policy creation to prevent unwanted behavior, and the ability to monitor ALL cloud apps (not just those within IT’s purview). Secure cloud enablement is no longer a “one-size fits all” solution, and through Netskope’s Active Encryption, any user can tailor the creation of policies to fit their needs — large healthcare companies are going to focus more in HIPAA compliance than a music and entertainment company, for example.
2. Cloud Computing Today: What is the fundamental problem of cloud security as you see it from a business perspective?
K. Narayanaswamy (Netskope): Cloud apps are the norm in the workforce, with the vast majority being brought in by users unknown to IT, known as “shadow IT.” Today, IT grossly underestimates the number of cloud apps in use by their workforce, which presents significant data security and compliance risks. With the BYOD trend gaining momentum with no end in sight, more apps are guaranteed to make their way into organizations, and access corporate information than ever before, and CISOs are scrambling for a solution. The underlying problem with cloud app security has been that IT’s been forced to make a stark black and white decision — either block all cloud apps at the network perimeter, or let secure corporate data run rampant in unsanctioned cloud apps. Today, IT can can get the insights they need about usage, users, and activities done within apps to that they can promote secure usage. Rather than clamping down and blocking all apps, IT can embrace BYOD, rid negative connotation with the term “shadow IT,” and formulate security policies using a highly scalable approach that adapts to the cloud app economy.
3. Cloud Computing Today: What are your Cloud Security Predictions for 2015?
K. Narayanaswamy (Netskope): In 2015 we will see continued growth and adoption of cloud services in enterprises. The adoption will fall under IT sanctioned apps as well as lines of business driven procurement. The implications for security solutions are:
•Enterprise IT sanctioned cloud apps will be deployed in production only in conjunction with a suitable security solution to secure the enterprise sensitive data as it migrates to the cloud. The security solutions will cover both data at rest as well as data in motion to the cloud apps.
•Cloud security solutions will be deployed to monitor and safely enable the use of non IT sanctioned cloud applications
•We will see increased use of SSO technologies and MFA policies to access cloud applications
•Data breaches in cloud apps will start becoming prominent. App vulnerabilities will continue to be a major threat vector. Keep an eye for open source related vulnerabilities. Cloud apps rely heavily on open source components. Vulnerabilities in open source packages will imply threats to cloud apps if not addressed in a timely manner. Vulnerable cloud apps in turn lead to data breaches
•Malware – cloud apps will become a significant channel for distribution of malware. Existing URL filtering technologies do not adequately address this threat vector.
•Data driven security will become mainstream. Cloud security solutions will generate metadata that is used for detecting anomalous user behaviors and data theft.