The Customer

The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and delivers data-centric security from one of the world’s largest and fastest security networks, empowering the largest organizations in the world with the right balance of protection and speed they need to enable business velocity and secure their digital transformation journey.

Use Case 01

Automating the Creation of Tenants for Proof of Concept

The Challenge

Netskope wanted to automate configuration settings that create a new Netskope tenant to be used for POCs. These tenants needed to be optimized to look their best, based on customer responses. The pipeline had other requirements, such as including using Postman for its initial setup and exposing automation via a REST API. Foremost, the pipeline also needed to be extremely easy to use and deploy. Ideally, the Refactr pipeline would reduce cycles needed to setup the tenant by sales engineers and eliminate human interaction where possible.

The Results

Netskope built a Refactr pipeline that pulled the Postman collections from GitHub, then ran them using the Postman CLI (Newman), and finally sent status emails via AWS. This was all triggered by a simple web form that calls the Refactr API. The pipeline, including the REST triggers, were built in a few days.

Use Case 02

Automating Incident Response Investigations

Netskope is using Refactr to automate incident response investigations.

First, it is using Refactr to automate a nmap scan that is triggered off a Digital Shadows alert, which tells them when there are potential open ports in their network space. The automated scan validates and creates tickets, which an analyst then reviews.

Second, Netskope is also using Refactr for its vulnerability scans. A Refactr pipeline automatically queries and pulls information based on IP addresses. IP addresses collated from EDR tools are then collected in a single spot which an analyst can conveniently review from there.

Third, Netskope is using Refactr to automatically create tickets for net-new Digital Shadow alerts. In addition to ticket creation, Refactr triggers a basic investigation and then pre-populates a report for an analyst to consider further. In the same vein, Netskope is operating an EDR tool on Refactr; Refactr pulls vulnerabilities from the tool, kicks off the existing intelligence automation workflow, and goes the extra step of creating tickets and auto-assigning them to system owners for patching/remediation.

Finally, Netskope is using Refactr to automate third-party tool Jira Watcher, which checks against its tickets to ensure the team is meeting its SLAs. It also keeps track of tasks assigned to other teams to ensure there is progress.

All information and persons involved in case study are accurate at the time of publication.