Skip to main content

Netskope Help

About Netskope Secure Web Gateway

Netskope Secure Web Gateway enables you to govern web usage and provide a safe experience for your users with comprehensive web classification and content filtering.  By steering web traffic through Netskope, you can distill web activity into user sites, page visits, and other web activities in order to analyze usage and protect your enterprise. 

Netskope Secure Web Gateway Features

Feature

Description

Web traffic steering

  • Use the Netskope Client to steer web traffic for remote and mobile users.

  • Use GRE or IPSec to steer web traffic for on-premises users.

  • Use Secure Forwarder to steer traffic for on-premises users.

  • Use the data plane on Netskope on-premises appliance to steer traffic for on-premises users.

Web classification and filtering

  • Covers 99.9% of active web traffic, with real-time updates of newly categorized URLs.

  • Acceptable Use Policy (AUP) focused classification covering productivity loss, bandwidth loss, and general loss.

  • Custom categories and flexible policies by user, group, or location.

Advanced data loss prevention (DLP)

  • Real-time protection against sensitive data loss.

  • 1,000+ file types and 3,000+ data identifiers.

  • 25+ compliance templates including GDPR, PCI, and HIPAA.

  • Advanced DLP features, such as fingerprinting, proximity analysis, exact match, and more.

Remote Browser Isolation

  • Integrated in Netskope’s admin console

  • Targeted RBI: Isolation of uncategorized and security risk web sites

  • Malware protection and data exfiltration prevention

  • In-flight rendering of isolated web pages into a safe pixel streaming. No active content reaches the endpoint hardware

  • No software or plug-ins required to be installed by users

  • Native mobile browsing experience for mobile devices

Risk-focused classification

  • Malicious site identification, including C&C, botnets, phishing, and spam sites.

  • Identify torrent repositories and evasive services, such as anonymizers and proxy services.

  • Identify newly registered and newly observed domains.

Advanced threat protection

  • Provides real-time, full file inspection to detect and block malware.

  • Zero-day protection using advanced heuristic analysis and dynamic sandbox analysis.

  • Backed by Netskope Threat Research Labs, a dedicated team researching cloud and web threats.

  • Detects threats quickly to provide shared collective protection.

Transport Layer Security (TLS) decryption

Decrypt and inspect TLS traffic at cloud-scale with no impact to end user experience.

Use Cases

Netskope Secure Web Gateway applies the benefits of CASB to the entire web. By adding specific category classifications to a Real-time Protection policy, you can prohibit users from inappropriate sites, plus protect your organization from data loss and potential malware. Here are some examples of how to use Netskope Secure Web Gateway.

  • Prohibit users from sites that violate your Acceptable Use Policy (AUP). Custom categories can be created to find prohibited sites not already specified in one of our predefined categories. The URL Lookup feature can tell you whether or not a category contains a particular URL to help ensure full coverage.

  • Prohibit users from possibly inappropriate sites, but allow access if justification can be provided by the user, or a site exception is configured using a URL list in a custom category. Users are notified when they can justify access and when they are denied access due to a policy violation.

  • Protect your users and organization from data loss and malicious sites by adding DLP or Threat Protection profiles to a Real-time Protection policy. Remediate threats by blocking sites with multiple layers of threat detection including static and dynamic anti-virus inspection, user behavior anomaly detection, heuristic analysis, sandbox analysis, and more.

iOS Profile Use with Netskope Secure Web Gateway and Netskope Private Access

For Netskope Secure Web Gateway (and CASB), the iOS profile created uses an on-demand VPN on iOS devices. For Netskope Private Access installing the Client creates another always on VPN profile. You can only use one of these profiles at a time on an iOS device.

Both of the profiles are independent and can be created on the same device. Depending on the resource the you want to access, you'll need to go to iOS settings and switch between the iOS profiles.

Prerequisites

In order to use Netskope Secure Web Gateway, you must:

  • Purchase the Netskope Secure Web Gateway license and contact Support to have it enabled in your tenant.

  • Use version 66 or later when using the Netskope Client for traffic steering. 

Workflow

Netskope Secure Web Gateway includes these primary steps:

  1. Determine which traffic steering method you want to use: Netskope Client, Generic Routing Encapsulation (GRE) or IP Security (IPSec) tunneling, Secure Forwarder, or Data Plane On-Premises appliance.

  2. Create custom categories to use in a Real-time Protection policy. Use the URL list feature to include or exclude specific URLs in a custom category. 

  3. Create a Real-time Protection policy that uses the custom categories and profiles you created to protect your web traffic activity.

  4. Review the Skope IT Site and Page Events to get specifics about your web traffic, and then create web summary reports to compile web usage analytics.