What is Netskope One DSPM?
Netskope One DSPM is a data security posture management (DSPM) platform that automates data security and governance controls, on-prem and in your cloud, to protect your data throughout its entire journey. We provide visibility, control, and remediation for structured, semi-structured, and unstructured data across cloud and on-prem databases, data lakes, and data warehouses. With Netskope One DSPM, you get robust Data Security Posture Management (DSPM), Data Access Governance (DAG), Data Detection and Response (DDR), enhancing compliance and audit readiness.
What problems can Netskope One DSPM solve?
-
Little to no visibility into data sprawl, increasing the likelihood of data breaches.
- Netskope One DSPM continuously discovers data stores for complete visibility across cloud, on-prem, and hybrid environments, helping improve the organization's data security posture.
-
Manual data classification and tagging are time-consuming and error-prone.
- Netskope One DSPM continuously classifies sensitive data, then programmatically assigns sensitivity levels and business purpose tags and maps them to known regulations.
-
Sensitive data exposure due to misconfigurations.
- Netskope One DSPM performs configuration analysis to identify data stores with issues and prevent data exposure.
-
Challenges in implementing least-privilege access for hundreds of users.
- Netskope One DSPM performs privilege analysis to detect excess privilege to sensitive data automatically.
-
Inability to detect risky and privacy-violating data interactions.
- Netskope One DSPM profiles user behavior based on query analysis to help mitigate risky data interactions at scale and ensure regulatory compliance.
-
Overwhelming management of many complex data security issues.
- Netskope One DSPM’s risk scores and advanced policy engine provide workflows to help prioritize and automate remediation.
What makes Netskope One DSPM unique?
Context-Aware Data Security: Understand the context surrounding data interactions, such as who is accessing data, from where, and how they use it. Context-aware security solutions help detect and mitigate data security risks in real time by monitoring user behavior and data interactions. Netskope One DSPM offers correlated and contextualized visibility to all data interactions across the data lifecycle, providing a deep understanding of the four data variables: infrastructure, data, users, and usage.
Continuous Data Risk Monitoring: Monitors an organization's data environment to identify and mitigate risks to sensitive data. It involves continuous scanning and monitoring of all data sources, including databases, file shares, and cloud storage, to detect any unauthorized access, misuse, or suspicious activity related to sensitive data. Enables security teams to assess the effectiveness of their security controls and policies and make adjustments as necessary to maintain a secure data environment.
Core-Data Security Automation: Protect your sensitive data, rather than just the systems or infrastructure it resides in. Machine learning-powered solutions focus on implementing security controls that protect data at rest, in transit, and in use, regardless of location. This approach involves classifying data based on its sensitivity and applying appropriate security controls based on that classification. The platform provides 50 out-of-the-box, built-in Custom Sensitive Data Types across the following categories: direct identifiers, indirect identifiers, financial information, health information, and credentials. Netskope One DSPM's data-in-use monitoring tells data owners how their sensitive data is being used, which can help minimize insider threats.
On-Prem & Cloud Coverage: Netskope One DSPM's platform covers all major structured and unstructured data stores, including on-prem, IaaS, Paas, and SaaS environments. Leveraging advanced workflow creation and automation features, Netskope One DSPM empowers security teams to efficiently identify misconfigurations, optimize operational processes, and allocate resources toward strategic initiatives.
Real-Time Compliance Monitoring & Data Breach Detection: Continuous data usage and access monitoring enable organizations to identify potential compliance violations in real time. Netskope One DSPM can immediately detect suspicious or unauthorized activities by analyzing data usage patterns and user activity, quickly alerting security teams. This enables organizations to take timely corrective action, preventing potential security breaches and avoiding costly regulatory penalties. Netskope One DSPM's real-time compliance monitoring ensures that organizations remain compliant with industry regulations such as GDPR, CCPA, and HIPAA.
Data Query and Risk Analysis: Netskope One DSPM's data-in-use monitoring and risk analysis capability provides real-time monitoring and analysis of data usage to detect any potential data misuse or leaks within the organization. By continuously monitoring data interactions across the data lifecycle, from data to grave, Netskope One DSPM provides a correlated and contextualized view of all data interactions, ensuring that any unauthorized access or usage can be detected and mitigated quickly. Low-touch or snapshot-based classification support for most data stores streamlines comprehensive risk analysis.
Cross-Functional Workflows: Netskope One DSPM's cross-functional workflows automate the remediation process and notify relevant teams when potential data misuse or leaks are detected, streamlining the incident response process. This reduces the time to resolution and ensures that all relevant teams are aware of the incident and can take appropriate action to mitigate the risk.
Cross-Platform Orchestration: Enables metadata exchange for data infrastructure, SIEM, SOAR, and AD for a single pane of glass for data engineering. Supports Hybrid Clouds: Netskope One DSPM empowers customers across their entire environment, whether cloud-based, on-premises, or hybrid. Deep Privilege Analysis analyzes object-level privileges for database access control.
What can I customize within Netskope One DSPM?
There are several customizable elements within the platform:
- Customize Sensitive Data Types. Netskope One DSPM continuously classifies sensitive data across your environments, then programmatically assigns sensitivity levels and business purpose tags and maps them to known regulations, such as HIPAA or GDPR. Custom tags enable data identification specific to your business needs. Custom sensitive data types enable monitoring at scale for sensitive data most important for your organization.
- Customize data store scanning. Specify scan frequency, scan schedule, and sample rate of data store scans, including using regex. This keeps your data store security posture insights as accurate and up-to-date as needed.
- Customize Policies. Ensure that data is consistently protected according to organizational policies, thus reducing the likelihood of human error or oversight. This can include implementing data access controls, and data encryption policies to protect sensitive data from unauthorized access or disclosure. Netskope One DSPM includes several built-in policies to generate alerts for data policy violation events. You can also craft new policies based on customized conditions that map to existing alert workflows.
- Customize Remediation Workflows. Netskope One DSPM enables automated remediation and controls to effectively manage security risks, resulting in improved security, increased efficiency, and reduced human error. You can edit built-in workflows and craft new ones with customized notification settings that link to specific policies.
What are the deployment options available for Netskope One DSPM?
We offer two deployment options. Netskope One DSPM can be deployed as a SaaS-hosted solution where all resources run in Netskope One DSPM’s environment. In this model, Netskope One DSPM requires read-only access to the data stores. In situations where customers don't want to add Netskope One DSPM SaaS IP to their allowlist, Netskope One DSPM provides a flexible hybrid architecture consisting of a centralized SaaS application running in the Netskope One DSPM environment and one or many sidecars that customers deploy alongside their data stores. These sidecars perform discovery and computation, only sending necessary metadata to the Netskope One DSPM application. For customers who have extremely strict regulations to follow, we may offer a fully self-hosted option. Reach out to Netskope One DSPM support for details.
What type of data stores does Netskope One DSPM support?
Excerpt: What type of data stores does Netskope One DSPM support?
Netskope One DSPM currently supports the following data store types, and we regularly add support for new data stores. AWS, GCP, and Azure all require onboarded infrastructure before connecting to data stores.
Amazon Web Services (AWS)
- Amazon Redshift
- Amazon S3
-
Amazon Aurora
- MySQL
- PostgreSQL
- Amazon DynamoDB
-
Amazon RDS
- MariaDB
- MySQL
- Oracle
- PostgreSQL
- SQL Server
- Amazon Athena
- Amazon EBS
- Amazon EFS
Google Cloud Platform (GCP)
- BigQuery
-
Cloud SQL
- MySQL
- PostgreSQL
- SQL Server
- Google Cloud Storage
- Spanner
Microsoft Azure
-
Azure Database for:
- MariaDB
- MySQL
- PostgreSQL
- SQL Server
- Azure SQL Database
- Azure Synapse Analytics
- Azure Databricks
- Azure Blob Storage
- Azure Files
Cloud Data Platforms
Besides AWS, GCP, and Azure, Netskope One DSPM also supports these other popular cloud-based providers:
- Snowflake
- Databricks
- Heroku Postgres
- MongoDB
On-Prem Data Stores
Besides cloud providers, Netskope One DSPM also supports the following self-managed options:
- CIFS
- Microsoft SQL Server
- MySQL
- NFS
- Oracle
- PostgreSQL
- SMB
My organization has a large volume of data resources. How well does Netskope One DSPM scale?
You can onboard your Cloud environment in Netskope One DSPM at a Organization level. The process of onboarding the Organization is similar to that of an Account. When you onboard the Organization, Netskope One DSPM can auto-detect all the child Accounts and Data stores within them, enabling quick connection and scanning across data stores at scale.
Does Netskope One DSPM impact the performance of my data warehouse or databases?
No, Netskope One DSPM should minimally impact data performance. When data-in-use monitoring is enabled, Netskope One DSPM periodically copies queries from the data store query log to Netskope One DSPM. The query copying has minimal impact on data warehouse or database performance. Netskope One DSPM also samples new columns to determine if new fields contain sensitive data. If you're concerned about degrading your database or data warehouse performance, sampling can be limited to non-peak times of the day.
Does Netskope One DSPM store any customer data?
Netskope One DSPM only stores metadata and does not retain copies of sensitive data samples. This allows us to ensure that customer data remains secure and private. Some customers deploy via Sidecar to keep computing and sampling within their environment.
Which file types can Netskope One DSPM find sensitive data in? Does it support image files?
Excerpt: Supported File Types for Unstructured Data Store Scanning
Supported File Types for Unstructured Data Store Scanning
The below file types are currently supported for unstructured data classification:
Image file types:
".png",".jpeg",".jpg"
Archive types:
".zip",".tar",".tar.gz"
Plain text file types:
".txt",".pem", ".crt", ".cer", ".key", ".p7b", “.p7c”
Other file types:
".csv",".json",".eml", ".htm", ".html", ".jsonl", ".tsv", ".xml", ".doc",".docx",".pdf",".xls",".xlsx", ".avro", ".parquet", ".js", ".yaml", “.yml”
How does Netskope One DSPM classify my data?
Netskope One DSPM scans your data stores to discover and classify sensitive data. Classification is performed via machine learning with a combination of heuristic signals. Scanned data is matched against relevant heuristic signals to determine if the data store contains sensitive data, its type and sensitivity level, and the resulting confidence score. This approach is fully configurable by scan frequency, schedule, and sampling rate (for unstructured data only). Read more about Classification.
What types of risks can Netskope One DSPM detect? How are the Risk Scores calculated?
Netskope One DSPM supports the following types of risks, each with an automatically assigned risk score in the platform.
- Misconfiguration risk: a score out of 100 describing how vulnerable data is based on a possible suboptimal security configuration.
- Overprivileged risk: an aggregated score out of 100 assigned to data stores with multiple users and users with stale privileges.
- Data store sensitive access risk: an aggregated score assigned to a data store with multiple users that have access to sensitive data.
- User behavior risk rating: score assigned based on the severity of a user's policy violations, including data-in-use policy violations, in a data store over the last 30 days.
- User sensitive data access risk: score assigned based on access to sensitive data, with higher sensitivity resulting in more points.
Risk scores allow for prioritized remediation strategies and targeted actions. They are calculated primarily based on the Last Accessed date (e.g., how long since the username has queried a data store). If a certain number of days have passed and the user has access to a large amount of sensitive data, they are flagged as OverPrivileged Risk. Focusing on the most critical issues streamlines your security approach, enhancing your organization's overall data security management posture.
Can Netskope One DSPM determine which users have access to sensitive data? How?
Yes. Netskope One DSPM can go beyond basic role retrieval to detect field or file-level user access, offering granular insights into what sensitive data a user can access. This helps prioritize identified access issues based on true sensitive data access.
Can Netskope One DSPM detect violations in real time? What type and how?
Violation detection time depends on the scan frequency of the scanned data store, which can be customized from every hour to monthly. For query analysis-based policy violations, detection time will vary based on when a query is issued and when it can be executed upon the next scan.
How does Netskope One DSPM provide remediation?
Netskope One DSPM supports remediation in a few different ways. First, our automated and customizable workflows can send notifications directly to Slack, Pager Duty, SNS, Google Pub/Sub, and email. Second, Netskope One DSPM integrates natively with many SOAR (Security Orchestration, Automation, and Response) solutions, including Splunk and Sumo. Netskope One DSPM can also alert ticketing systems like Jira and ServiceNow. These remediation features enable security teams to respond quickly to incidents.
How does Netskope One DSPM help achieve regulatory compliance?
Netskope One DSPM enables, automates, and integrates with existing tools to satisfy audits and compliance frameworks for major regulations like HIPAA, GDPR, CCPA, and others.
How can Netskope One DSPM integrate with my product or systems?
You can review all current platform integrations here. In addition to standard integrations with several leading data warehouses, data lakes, BI tools, SEIM solutions, alerting systems, and SSO providers, custom workflows with many systems can be configured via open APIs, webhooks, and using lambda functions. Please contact your account representative for questions about custom integrations with a specific tool.
Which certifications does Netskope One DSPM hold?
Netskope One DSPM has achieved the SOC 2 Type 2 attestation and demonstrated HIPAA compliance. Read more about Netskope One DSPM approach to Trust and Security.
What kind of support will I get for onboarding and long-term success?
Netskope One DSPM is excited to offer our new Premium Onboarding and Long-Term Success Plan to ensure you achieve maximum value with our product through an ongoing partnership. Your personalized success team includes a dedicated Customer Success Manager, Solutions Engineer, and Account Manager who work closely with you from day one and beyond. The process begins with a kickoff to understand your unique priorities and needs. Your success team will then develop a tailored success plan focused on driving product adoption, answering questions, and achieving your desired business outcomes both in the short and long term. Key components of the plan include:
- A prioritized roadmap customized to your use cases and goals.
- Ongoing training, 1:1 coaching, and support to drive user adoption across your organization.
- Proactive account reviews at 90 days and 6 months to evaluate progress and identify new opportunities for value.
- Optimization of workflows, integrations, and custom configurations for maximum impact.
- Executive stakeholder updates to showcase ROI and progress towards objectives.
With the Premium Onboarding and Long-Term Success Plan, your success team becomes an extension of your organization. Together, we'll ensure high user adoption, continuous optimization, and sustained value to meet the evolving needs of your business.