Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
April 17, 2023
In recent past, cybersecurity tools were siloed, didn’t work together, or required a SIEM to attempt to bring data and alerts together. This disjointed approach led security engineering teams to retroactively configure their tools, even from the same vendor, to stop future issues. Cybersecurity vendors eventually changed their approach and allowed tool integration within their own brand ecosystem—albeit usually using lackluster APIs and sometimes charging customers a fee to integrate the products within their portfolio. Integration with third-party tools continued to be a sensitive topic, until customers finally pushed cybersecurity vendors enough to offer better APIs and integration points.
What if there were a tool that had existing integration points with cyber and IT tools, but also allowed you to create your own integration points? Let me introduce you to a tool from Netskope called Cloud Exchange.
The Netskope Cloud Exchange tool allows customers to integrate both Netskope and third-party cybersecurity tools together, without the requirement of being a Netskope customer. Netskope currently offers 60+ prebuilt integrations, but also provides the key functionality of allowing customers to create their own integrations.
Cloud Exchange is a Docker-based solution that can be installed on-premises in a private or public cloud, or can be delivered as a service from Netskope. Cloud Exchange has four modules: Log Shipper, Ticket Orchestrator, Threat Exchange, and Risk Exchange, which enable different integration capabilities and data-sharing endpoints.
Let’s take a deeper look at each of the modules and their features and functionalities.
Cloud Log Shipper
The Cloud Log Shipper (CLS) module is used to connect to the Netskope tenant; retrieve alerts, incidents, and events; and forward them to a logging or SIEM/MDR/XDR platform to be used by security responders. CLS also offers the capability for filtering incidents, alerts, and events from Netskope in order to send relevant data into a SIM/MDR/XDR platform. This capability allows the customer to archive all the logs in a platform like S3 for compliance or audit purposes.
Netskope offers plugins with leading logging solutions such as Elastic, IBM QRadar, and Azure Sentinel. Cloud Log Shipper provides a generic Syslog export for logging platforms with no current native plugin.
Cloud Ticket Orchestrator
The Cloud Ticket Orchestrator (CTO) module allows customers to trigger alerts, emails, or tickets in collaboration or utilize notification tools for response. The CLS and CTO modules are tightly aligned to allow generation of notifications based on data obtained from the Netskope tenant, which may not necessarily be generated by a response platform like a SIEM. CTO is not limited to only generating notifications from Netskope.
Netskope currently offers plugins for common notification platforms such as PagerDuty, Slack, Jira, ServiceNow, Microsoft Teams, and email (SMTP).
Cloud Threat Exchange
Cloud Threat Exchange (CTE) is one of the most interesting and important modules. CTE allows customers to connect preventative tools such as EDR/EPP, email gateways, and threat intel platforms together to share IoC/IoA data. Integrations between these traditionally siloed protection tools strengthens a company’s defense in depth and increases the ROI of all the tools within the environment.
Netskope offers plugins for common prevention tools such as Proofpoint, Palo Alto Networks Panorama, Microsoft Defender, and STIX/TAXII.
Cloud Risk Exchange
The Cloud Risk Exchange (CRE) module is similar to CTE. However, instead of sharing threat data, CTE exchanges risk scores between platforms. CTE historically only shared user risk scores. Traditionally, security tools held their own risk engine—whether from a UEBA capability or based on another scoring algorithm. But users could never share this risk posture out to other tools. This all changed in early 2022, when applications gained the ability to exchange application risk scores within Cloud Exchange. By sharing risk scores, organizations can enable and adopt zero-trust principles across the customer ecosystem.
Netskope offers plugins for common products that have risk engines such as CrowdStrike, Okta, and Google BeyondCorp.
While the above modules utilize plugins built and supported by Netskope or their technology alliance partner, Netskope allows customers to create and build their own plugin to on-premises or other cloud platforms that offer APIs.
All the currently supported plugins are available on GitHub for reference, and Netskope provides a developer’s guide for those who want to develop their own plugin.
To get started with Cloud Exchange, follow the installation guides on Netskope’s documentation site or GitHub. If your organization is interested in the Cloud Exchange as a Service, please reach out to your Optiv account team for additional information and pricing.
Optiv Security: Secure greatness.®
Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
March 23, 2022
Netskope’s instance awareness allows customers to reduce risk by filling a void left by traditional secure web gateways and next-gen firewalls.
July 29, 2022
Threats to your security are malicious and persistent. Rubrik's guide is an overview on how to understand and implement risk protections.
November 17, 2022
With the release of the Netskope Terraform provider, complete end to end management of publishers and private applications can be integrated into an....
Let us know what you need, and we will have an Optiv professional contact you shortly.