Netskope’s SASE upgrade targets user experience, network forensics

The defining functions of a SASE platform are to provide security and network access. Another aspect that’s important is digital experience management, which is all about making sure that user experience is optimal.

Netskope today announced updates to its SASE platform, Netskope One, that focus on improving network visibility, user experience management, and security capabilities. Key additions include:

• A digital experience management tool that’s aimed at proactively identifying and resolving problems before users even notice them; and
• Netskope Cloud TAP, a network traffic feature that’s designed to capture the full packet payload for forensic analysis in a cloud-centric environment.

Gerry Plaza, field CTO at Netskope, explained to Network World that it’s critical for organizations to provide a good network experience for all users. “Without a good user experience, you’re going to have a challenge,” he said.

How Netskope is taking a proactive approach to DEM

The ability to monitor and be aware of network quality and access inside of an organization is not a new thing. But today’s distributed environments require IT teams to manage and monitor the network experience for all of an organization’s users, whether they are on-premises, at home or in a coffee shop, in a unified approach.

That’s where Netskope’s Proactive Digital Experience Management (PDEM) comes into play. Plaza said that the PDEM feature is designed to seamlessly integrate with Netskope’s SASE architecture.

“The SASE architecture is all about bringing the idea of security and the network together,” he said. “Well, if I can give you visibility to the network, I can now start to understand what’s happening throughout the whole entire lifecycle of my packets.”

The PDEM feature is integrated into the Netskope agent on the user’s device. This allows it to gather detailed telemetry data, including: 

• Device-level metrics like CPU, memory and disk usage
• Network performance metrics like round-trip time (RTT) and packet loss
• Visibility into each “hop” in the network path, from the user’s device to the internet and cloud applications

Plaza emphasized that the hop-by-hop inspection provides a comprehensive view of the user’s experience, even when they are outside the corporate network. He also stressed that Netskope is taking a proactive approach. Rather than just monitoring for issues and alerting, PDEM is designed to proactively identify and resolve problems before users even notice them. For example, if a user is experiencing slow performance due to high CPU usage on their laptop or poor Wi-Fi signal, PDEM can detect these underlying issues and provide guidance to the user or IT help desk on how to resolve them. 

Going a step further, as part of a complete SASE architecture, Netskope can also manage the experience. Plaza noted that Netskope has its own private security cloud, and the company owns and manages its interconnection strategy, meaning it owns the network connectivity that goes to the various applications.

“We own the interconnection strategy, meaning I own the BGP relationship between Netskope and Microsoft, Netskope and Google, Netskope and Workday,” Plaza said. “We monitor that using our digital experience management platform.”

 If Netskope identifies a problem, let’s say, in the central US going to Gmail for some reason, the company can proactively inject BGP routing prioritization changes to the network to go around those problems.

Cloud Tap for forensics analysis 

In addition to the PDEM capabilities, Netskope introduced its Cloud Tap feature, which addresses the need for full packet capture and forensics analysis in a cloud-centric environment. 

In a traditional on-premises environment, network taps are a common part of deployment, providing access to network data for forensic analysis. In the cloud, getting that type of access is more difficult, which is the challenge that the Cloud TAP aims to solve.

Cloud TAP creates a virtual tap that forwards a copy of the packet data to a customer-owned storage destination, such as an AWS S3 bucket. This allows organizations to retain the full packet payload for detailed forensics analysis, without Netskope ever storing the data, Plaza explained.

Netskope already has a service called Cloud Log Shipper that provides access to logs. The network data coming from the Cloud TAP is somewhat different. Plaza said that cloud log shipper service provides metadata about user activity and security events. However, the cloud logs do not contain the actual packet data or payload of what the user was doing. 

In contrast, the Cloud TAP feature is designed to capture the full packet payload for forensic analysis. This allows customers to replay and analyze the actual network traffic, rather than just the metadata, for purposes like malware investigation or compliance.

Overall, Plaza noted that for most organizations, moving to SASE is an iterative process for organizations, rather than a single “flip the switch” implementation. 

“SASE is not something I can flip the switch, install and say, I’m all SASE today,” he said. “It’s going to take a long journey to get there, because you iteratively replace, enhance and build to fill gaps, solve challenges, reduce risks and enhance visibility. And then [you] continue, kind of rinse and repeat, as you go about this journey of ultimately moving towards a cloud-enabled security model.”

Read more about SASE

• Fortinet expands security lineup with sovereign SASE
• Buyer’s guide: SASE and SSE
• Palo Alto extends SASE security, performance features
• Why is the transition from SD-WAN to SASE so painful?
• Enterprises turn to single-vendor SASE for ease of manageability
• Cato Networks launches managed SASE partner platform