Welcome to the Netskope One DSPM Knowledge Base

You will find your answers here!

    Sorry, we didn't find any relevant articles for you.

    Send us your queries using the form below and we will get back to you with a solution.

    Integrating Commvault with Netskope One DSPM

    Table of Contents

    Overview Integration Benefits Supported Services Setting Up Netskope One DSPM Generating Commvault Access Token Configuring Netskope One DSPM Onboard Infrastructure Connections Connect Data Stores Using the Commvault Workflow Recommended Policies Troubleshooting

    Overview

    Netskope One DSPM is a data security posture management (DSPM) platform that automates data security and governance controls, on-prem and in your cloud, to protect your data throughout its entire journey. We provide visibility, control, and remediation for structured, semi-structured, and unstructured data across cloud and on-prem databases, data lakes, and data warehouses. With Netskope One DSPM, you get robust Data Security Posture Management (DSPM), Data Access Governance (DAG), and Data Detection and Response (DDR), enhancing compliance and audit readiness.

    Follow these instructions to easily integrate Commvault and Netskope One DSPM, incorporating the latter’s DSPM insights to identify security gaps in your data protection program and ensure the safeguarding of your most sensitive assets.

    Integration Benefits

    Netskope One DSPM’s platform excels in continuous data discovery, classification, and real-time policy enforcement across cloud, on-premises, and hybrid environments. It monitors data usage and user behavior to detect and respond to threats while automating compliance and security policy enforcement. Integrating Netskope One DSPM with Commvault allows organizations to leverage automated alerts from Netskope One DSPM to trigger secure backup and recovery operations, ensuring sensitive data is consistently protected and recoverable.

    Commvault complements Netskope One DSPM by providing robust backup and recovery solutions designed to protect data from loss and cyber threats such as ransomware. It offers secure, encrypted backups and ensures rapid recovery, maintaining data integrity and availability.

    Both platforms support extensive data environments, enabling seamless data protection across various cloud and on-premises infrastructures. By integrating Netskope One DSPM’s real-time monitoring and alerting with Commvault’s backup capabilities, organizations can automate incident response and recovery processes, reducing downtime and mitigating risks.

    This combined solution offers enhanced visibility and control over data assets, ensuring comprehensive data governance and security throughout the data lifecycle. Organizations benefit from operational assurance through streamlined compliance monitoring, efficient data management, and the ability to quickly recover from data incidents. The integration of Netskope One DSPM and Commvault ultimately provides a powerful, cohesive approach to managing, protecting, and optimizing data, enhancing both security and operational performance.

    There are many key benefits:

    • Enhanced Data Discovery: automate sensitive and critical data detection across cloud, on-prem, and hybrid environments, improving oversight and control of your data landscape.
    • Resilient Data Security Posture: proactively identify and rectify vulnerabilities within cloud workloads, ensuring comprehensive data protection and swift incident recovery.
    • Comprehensive Security Coverage: ensure end-to-end protection with a unified security posture view across both applications and sensitive data.
    • Improved Risk Management: helps prioritize security efforts by focusing on critical data and application vulnerabilities.
    • Efficient Incident Response: enables swift, coordinated responses to security breaches, minimizing damage.

    …which lead to several core advantages and value outcomes:

    • Unified Data Visibility and Control: comprehensive monitoring of all data assets, enhancing governance and risk management.
    • Enhanced Data Security and Compliance: improved defense against cyber threats and simplified compliance with regulatory standards such as GDPR and CCPA.
    • Optimized Data Protection Strategies: Commvault’s scalable backup and recovery solutions complement Netskope One DSPM’s classification and protection of overlooked data assets.
    • Proactive Risk and Configuration Analysis: identification of misconfigurations and security gaps with immediate remediation capabilities, ensuring data integrity and security.
    • Streamlined Operational Efficiency: reduction in manual efforts and minimized risks, accelerating the time-to-value for data management initiatives.
    • Proactive Security: continuous monitoring and real-time alerts help prevent incidents before they occur.

    Supported Services

    The Netskope One DSPM / Commvault integration supports the following services:

    • AWS RDS
      • MariaDB
      • MySQL
      • Oracle
      • PostgreSQL
      • SQL Server
      • Aurora

    Setting Up Netskope One DSPM

    If you don't already have access to Netskope One DSPM, please email support@netskope.com and include the following information:

    • Your request for a new Netskope One DSPM-hosted application
    • The full name and email address for the user you wish to be application administrator

    Your assigned support representative will respond with the following:

    • Details on how to access your new Netskope One DSPM application.  
    • A link for accessing our private knowledge base.

    Generating Commvault Access Token

    Within your Netskope One DSPM instance, click on AdministrationIntegrations from the left-hand navigation. Click on the Commvault option. A drawer will open with instructions for connecting with Commvault.

    Follow the links to the Commvault console to sign in and access the Access Tokens tab. After inputting a name and generating a token, copy and paste the value into the Commvault Access Token field pictured above. 

    The Commvault tenant URL field value includes everything in your tenant URL before /commandcenter. For example, if your tenant was https://example.commvault.com/commandcenter, the value you would enter here is https://example.commvault.com.

    Click Connect to complete the connection and start integrating with Commvault. You can also disconnect at any time by editing the connection and clicking Disconnect from the Integrations page. You'll see a popup to confirm Commvault data removal upon disconnecting.

    Configuring Netskope One DSPM

    Once you have access, there are two main configuration activities to perform in Netskope One DSPM. Once complete, information will flow between systems:

    1. Onboard your AWS Infrastructure Connections
    2. Connect your data stores

    Links to specific knowledge base articles are included below, or you can email support@netskope.com for assistance.

    Onboard Infrastructure Connections

    Unlike Commvault, which connects to AWS using AWS KMS keys, Netskope One DSPM connects to AWS using IAM roles. This is necessary to provide us with the full permissions necessary to fully-analyze your data stores and provide accurate classification. These roles can be created using either CloudFormation or Terraform.

    Each AWS account you onboard as a Commvault Database Instance must also be onboarded as a matching Netskope One DSPM Infrastructure Connection. See the following articles for specific steps, depending on your preferred tool (be sure to first authenticate to our KB using the link provided by Netskope One DSPM support):

    Once your AWS accounts are connected, Netskope One DSPM will then auto-discover your AWS data stores and ingest any associated AWS tags.  

    Connect Data Stores

    Each data store you wish to monitor in the Commvault Command Center must also be connected as a matching Netskope One DSPM Data Store. See the following articles for specific steps (be sure to first authenticate to our KB using the link provided by Netskope One DSPM support):

    Once your data stores are connected, Netskope One DSPM will analyze and classify their fields based on a number of different signals and inputs. This activity includes applying Data Tags to better describe your data stores. For example, if we detect healthcare-related data, we might tag the data store with “HIPAA” and “PHI.”

    More information on how classification works is available in our Classification Management article. 

    Using the Commvault Workflow

    When the Commvault integration is active, a new system-controlled workflow called “Send to Commvault” is newly-available:

    When this workflow is assigned to a policy, each generaated alert will also be forwarded to the Commvault Command Center as an anomaly alert that shows within the Monitoring > Threat Indicators section.  From there, users can make decisions to recover data stores from specific point-of-time backups, depending on the alert's context:

    If you don't see anomaly alerts being generated for your Netskope One DSPM alerts, confirm that the data store in question is supported (see above) and has been enrolled in Commvault backup protection.  To verify within the Commvault Command Center:

    1. Navigate to the Protect > Databases screen
    2. Select the matching instance record
    3. Once the instance displays, click the Instance Groups tab
    4. Review the Backup content column.  If the data store is missing:
      1. Click the + button and add the data store
      2. Run a full backup job to completion
     

    Data Modified

    In this scenario, Netskope One DSPM will notify Commvault that a specific set of users have performed an unexpected delete operation on a sensitive data store.  In response, users could perform one or more of the following actions:

    1. Locate copies of data
    2. Trigger removal of backups
    3. Revoke access (specific user(s) or all)
    4. Apply masking

    This could be easily-modified to check for employee tags vs. specific users, sensitivity levels vs. compliance tags, etc.

     
     

    Misconfiguration

    In this scenario, Netskope One DSPM will notify Commvault that one or more misconfiguration risks have been detected for a data store, specifically encryption and public inaccessibility. 

     
     

    Data Exfiltration

    In this scenario, Netskope One DSPM will notify Commvault that an unexpectedly large number of rows have been selected, which should be investigated for possible data exfiltration.   In response, users could perform one or more of the following actions:

    1. Locate copies of data
    2. Trigger removal of backups
    3. Revoke access (specific user(s) or all)
    4. Apply masking
     
     

    Troubleshooting

    If you don't see your latest tag assignments represented in Commvault, please open a support ticket by emailing support@netskope.com.

    Was this article helpful?

    Still can't find what you are looking for?

    Contact Netskope Technical Support