Netskope Reviews

For now, we are scanning all the HTTP traffic with the cloud-based solution, the cloud broker solution. We are using it as a network proxy. It will detect all the data you are using. Let's say you go to Google Drive to try to upload something. In our case, we are putting up some rules or restrictions so that you can't upload PDFs or Word files, or maybe you can add Word files with limitations, like without any personal information, including name, pin number, date of birth. It's more like we are controlling the PII, the personal information with the solution, so that we restrict users from uploading whatever they want on the internet.

The solution itself is good because it categorizes many websites on its own, like the website or solution you trust. For instance, Yahoo is a good website. You can let your employees use Yahoo, but let's say a website like yandex.com is a little bit fishy, so they will put it into a category like server content. We can put in rules according to this. We can only allow the website with Netskope first.

We have to pay extra for some of those features, but we can connect our infrastructure like GCB. We can connect our instance via API so that Netskope itself scans whatever in our GCB storage or Azure Block storage. If someone is storing PII information, it can declare some alerts or restrict access to that particular file. It's mostly for this kind of solution, but there are many other things that you can do with the solution.

We have more than 30,000 workstations. The client version is 90, but we are using 87. Every three or four months, we do an installation for all the clients and workstations. That's maybe why we are not on the latest client version, but it works fine. There haven't been any problems with that. They launch one new version every month.

Normally on your side, you don't need anything. You only need to install the client on your workstation. After that, it's up to you. If you have everything already on cloud, like if you are using Azure AD, you can connect your Azure-ready account with their account for the same purposes and upload all the data of your users so that their solutions know about your environment. If you are not using cloud, you can provide an Excel list of all your users so they can register those users so you aren't paying more than you are consuming. You can install the agents on 1,000 PCs, but they are only working with the users and environment they are deployed on.

If I have 500 users and install on 1,000 PCs, I'm only paying for 500 users because now they work from home. Everyone has one Mac, one Windows device, or maybe one Linux device, but they are using the same username with the organization. We are paying the license for one user, even if we are using the client on multiple devices. The working environment is not a big mess. If you're on hybrid or 100% cloud based, or even if you are 100% in-house in your data center, you can go with the solution. There aren't any limitations.

If you implement the solution, it will give you visibility. If you have 1,000 or 50,000 people working in your environment, you don't know what solutions people are using. Personally, I'm using OneNote and Microsoft Office, but someone might be using a text file or third party software, or using a browser extension just to take notes. 

We don't know how much we can trust third party applications. The product itself provides visibility to us. When we started back in 2019, we activated the solution for everyone, but this is not the best way for 30,000 users in one shot because we started blocking people and the work environment because people were using their own solutions and software. Netskope doesn't know those softwares so we have to integrate with them and with the third party, for which we are paying the license. Netskope says, "Okay, this is the server. We are blocking the server," but we don't know if we can trust this one or not. 

After talking with the other teams, we realized, "No, we are paying the license for it. This is legit, so we don't have to block it." 

When we started deployment, each month we deployed the traffic for 1,000 people. When it was done, we could see what they were using, consuming, and what we were blocking.

This way, we can change our policies. We try to allow the legit solutions and third party applications that we are paying the license for. Then we go to the next thousand. Then we discover what these people are doing and the applications they're using. When people tell us that they don't have access to their Gmail, we tell them that we cut out Gmail because we are only using the Microsoft services, so there is no Gmail, unless there is a reason for it.

Netskope provides visibility in our case for the deployment.

In Azure, we have multiple subscriptions and with every subscription, we add some kind of instance ID. We can work with the instance ID so that we allow all of the instances containing nodules. Everything else, we block. This way, if you go to outlook.com and check your email, if you log in with your company account, the instance ID will show. The network will take action according to the instance ID and say, "You are using the enterprise email. I'll let you surf. I'll let you see your email." But when you try to log in with your own email address, like Hotmail or Gmail, the instance ID will be different.

This way we are not completely blocking Outlook, but we are blocking people from accessing their Outlook. We are only allowing the enterprise-level emails, and we are not allowing user-based emails. That's the feature I love most.

Third party integration with other cloud applications could be improved. Sometimes the API won't be working, but Netskope is taking it seriously. They accept all the feature requests, and they are trying to provide whatever we ask from them.

What we are consuming right now is almost perfect. This is a cloud-based application, not in-house, so we can't change the interface. But for UI, sometimes we ask them to give us some more visualization and features. 

For instance, if you are uploading a dictionary and use that dictionary file containing anything from the dictionary blockage protection, we can't see it. Each time we have to upload a new one and override the old one. We can't visualize it, so we have asked them for a feature request and they're working on it.

There are many small things regarding feature requests that we are doing day to day, and they are working on it. Some of the features are there, but they are hard to find. 

The only thing we are looking for now is integration with the MacBook. Even with a MacBook, everything is going well. With a MacBook, the Catalina client is working fine. The new version, which releases monthly, is working fine. The only problem we are facing is with the big server, so they're working on it.

I have been using Netskope CASB for a year and a half. The solution auto updates. This is a test solution, so all we have to do on our side is upgrade the client version on workstations.

There haven't been any major issues. We had one issue on their backend, but they provided a solution very quickly. In about three hours, they moved us to another data center. This is normal. This was a major incident on their side because when traffic starts moving on their data center, they start scanning everything and it goes to their data center. If their data center goes down or there is limited bandwidth on their side, this can impact your organization. This happened once. We communicated with them and within three hours, they switched us to another data center. Everything was smooth and started working fine, but these kinds of things happen.

The solution is scalable. There haven't been any issues according to performance. On their side, scalability is good because it's a test solution. I can't tell you more about the scalability because it's mostly on their side. From our side, everything is more than fine because we are consuming their services.

We are currently paying for 30,000 users, or 30,000 workstations.

Right now, for all 30,000 users, we chose maybe 60 or 70 cloud applications. We are only streaming those applications. We have already deployed 5,000 users to all web traffic. This means we are streaming everything they are surfing. For the other 25,000 users, we are only scaling the traffic of 60 or 70 applications. This is how we are consuming more of the licenses.

Netskope takes control of maintenance. They send you an email about what is going on, and they will let you know that maintenance is occurring on Sandhill server for instance, or somewhere else. They give you brief downtime, but if there isn't any downtime, they connect you to another data center.

The incident that occurred was regarding the bandwidth on their side. They were lacking some bandwidth with their vendor. There hasn't been any downtime yet, and we have been using the solution for a year and a half.

Our organization pushed us to deploy the solution as soon as possible. They were ready to pay the license because there was an architect who did a comparison between two or three CASB solutions, and he chose Netskope. When we deployed, everyone was like, "We are blocking the work." So we had to limit it and start with a chunk of users. 

The only thing they are working on is integration with Mac. On the MacBook, the client horizon is not stable. Sometimes it goes down without any warning, but they are working on it.

Technical support is good. Normally when creating a ticket on their side, the response is between one or two business days, but we are paying premium support. In premium support, we have 24/7 support from their engineers. If we have trouble with something, we can just say, "Okay, we need you to call a third party with maybe a higher level of execution." They are ready to be there, but it comes with premium support. 

We had basic support. Response time is one business day, but it depends on your ticket. If you have critical severity, they will respond right away. With the premium, 24/7 support, everything is good. Their technical department is taking care of us. They are there for us every time we need them.

We haven't used any other solutions previously. This is the first CASB solution we are using at the enterprise. The Microsoft team is using MCAL, which might be similar to this solution but isn't providing all the aspects of it like PII and the third party vendor. Its controls are limited to Microsoft. I'm not sure if we are still paying the license for MCAL or not. If you compare Netskope with MCAL, Netskope also allows you to manage, whereas MCAL is just for Microsoft services.

It seems to be straightforward because we are using it with Azure AD. We already had all of our groups and users there, so we just added the Netskope application in our Azure AD, and it started gathering all the information and sending it to their databases. It seems pretty easy just for the load.

I would rate this solution 9 out of 10.

My advice is to just go for it. In an organization of 30,000 people, you can't just deploy one product and start deploying another product and say, "Okay, we are replacing the solution with this one," because the company has already invested millions of dollars in this. 

I like the way Netskope treats its customers. Whenever you need help, they are there. They will 100% help you. They will explain everything to you. We have a meeting with our technical assistant manager every week, and he shows us different things we can do with the roadmaps, different features we can use, and what kind of policy we can put in place to lower our false positive rates. It's very helpful.

We use Cisco Umbrella and plan to replace it with Netskope. We will start with the security model and other policies. 

We use Cisco VPN for remote access. Additionally, we have started implementing Netskope with a strong focus on security. Our primary goal is to protect users from accessing malicious sites. We also plan to implement DLP based on our data, as data security is our main concern.

The solution offers granular control over uploads and downloads. Previously, we lacked monitoring and control over downloads from malicious sites, but now, with Netskope, we can block such downloads. We are currently in the testing phase of implementing DLP, specifically for personally identifiable information data. We don't want it to be uploaded to the cloud. 

I'm currently involved in integrating Netskope with SentinelOne in our organization. The goal is to consolidate our alert monitoring by setting up a virtual machine and establishing threat exchange protocols. This integration allows us to use a single console to monitor alerts from both Netskope and SentinelOne, enabling better correlation of security incidents.

I would like to see the product improved, especially in monitoring and security monitoring. It should be more effective so we can better identify cloud access and understand how users are accessing it. We need better visibility on security and cloud storage access.

The logs in Netskope are good, similar to what I had with CrowdStrike. CrowdStrike provided full log coverage, and we need the same for cloud-based solutions like Netskope. Every action should be logged, but I've noticed some gaps with Netskope.

We faced outages a couple of times. 

I haven't faced any issues with the tool's stability. 

Before moving to Netskope, we used McAfee products. This was before COVID, when our cloud usage was minimal and remote access wasn't as prevalent. We procured McAfee's CASB solution to monitor and manage shadow IT. This allowed us to track and block access to unapproved third-party clouds.

We started the POC in December 2023 and began working on the feasibility of the migration. We have reached around 65% of our implementation, with only 35% remaining.

We have very few resources involved, around five to six people from different teams, like the infrastructure team. I am part of the IT security team and manage the platform. Other teams help with access control, which the central security team takes care of.

We use Varonis to scan files and remove broken access permissions for data at rest. We also utilize Microsoft Purview to label sensitive files on our file server. Once this process is complete, we will block access through Netskope. This is our future vision, though we are currently in the implementation phase.

I'm involved in both implementing and supporting the solution. As part of the operations team, I provide knowledge transfer sessions to team members. When implementing new policies, I discuss with team members how to handle alerts and what actions to take when alerts are triggered.

Access with Cisco Umbrella is very different compared to Netskope. Some sites accessible with Cisco Umbrella are blocked by Netskope. We had to revisit each and every policy again. We exported all the configurations from Cisco Umbrella and had to review everything.

Before implementing, go with the POC and have an extended POC session. Clarify everything during the POC because it becomes very difficult to get them on a call for critical issues after the POC. Make sure all concerns are discussed and resolved before implementation.

I rate the overall product an eight out of ten. 

Our one use case involved shadow IT. We had numerous cloud applications being used by the business without the IT team's awareness. A lot of data was being exchanged with these cloud applications. 

Another use case centered around our corporate applications, specifically Google Workspace. We integrated Google Workspace with Netskope to protect our cloud usage and data, including email IDs and Google Drive storage.

These are the use cases we applied the tools to.

The benefits revolved around effectively addressing the use cases using Netskope. Regardless of user location, as long as they were connected to the internet, their data remained protected at all times. These were the major benefits we obtained.

The most valuable features were related to discovery, data protection, and ensuring compliance with regulations.

In my previous organization, we heavily used Netskope. We employed Netskope for all our cloud applications and for managing shadow IT. So, for any applications we had in the cloud, we used Netskope to retrieve details about shadow IT. On top of it, we employed it to safeguard the data on those cloud applications.

I used Netskope five months ago. I changed organizations around five months ago. But prior to that, I was using Netskope. I have used it for approximately four years. I worked with the latest version.

It is a stable solution. From a solution perspective, I didn't face any challenges. However, there were operational matters that we managed on a day-to-day basis.

It is a scalable solution.

Approximately around 30,000 end users are using this solution.

We've encountered numerous cases. Whenever we came across functional or technical issues, we raised questions with the technical support team.

I would describe customer service and support as decent. Our technical account manager always got involved when we raised concerns, ensuring proper escalation so we got a timely resolution.

The first setup process was pretty simple. You just have to integrate the solution with cloud workspaces and applications and it is easily accomplished.

The deployment was a collaborative effort. We engaged both the vendor and third-party assistance. Our in-house team used relevant intelligence to ensure successful deployment.

Two major teams were primarily involved: the InfoSec team and the IT team. The InfoSec team covered the solution and helped the IT team with configuring best practices. Additionally, we had a partner team that implemented the solution for us.

For deployment, we followed a straightforward approach. First, we identified our known applications and domains and then planned how to integrate our account users with Netskope. Next, we used the discovery module to identify shadow IT instances. Finally, we configured policies, initially placing them in monitoring mode. Once the tools matured, we transitioned those policies from monitoring to protective mode.

The maintenance was easy. 

Pricing depends on customer relationships, negotiations, and partner involvement. Each product owner has their own licensing terms, which all play into the overall cost because they involve a partner. Overall, it depends on the negotiation skills.

Netskope's pricing is reasonable compared to Microsoft. Microsoft tends to sell individual licenses as bundles. For instance, if you're using licenses like E3 versus E5, E3 offers limited functionality, while E5 provides a bundle. Microsoft's pricing is somewhat higher, considering Netskope's capabilities as well.

I have experience with a few other solutions, like Symantec and Microsoft, but my involvement with those was limited. Netskope was the major focus.

If you're heavily invested in Microsoft, Microsoft KSP might be the way to go. Otherwise, you might consider Netskope. So, it is dependent on the infrastructure.

I'd suggest that any company not heavily dependent on Microsoft could consider starting with Netskope. Cloud journey also matters; if you're deeply involved in the cloud, Netskope is a good solution to safeguard your cloud data.

Overall, I would rate the solution an eight out of ten. I deduced two points: one for their feature modification and one for the feature maturity of the solution.

We use the solution to track role-based access control. We have many business-critical applications, particularly task-based applications, on the cloud.

Netskope provides audit trends for all accesses via KSP and the identification of Shadow IT.

Today, buying a server or hosting an application is very easy. Anyone can buy an instance by paying on AWS or Google. Due to this, there are many applications within the organization that IT is not even aware of because someone in business might have bought one without IT's knowledge. The perspectives of these two groups are very different, and that's the issue.

The solution’s cost is not user-friendly. If you buy the full version, it is costly.

I have been using Netskope as a customer for two or three years.

The product is stable.

3500 end users are using this solution.

I rate the solution’s scalability an eight out of ten.

We switched to Netskope since it comes with the Secure Web Gateway package.

The initial setup is simple and takes a couple of weeks to complete. The deployment requires eight people to complete.

I rate the setup a seven on a scale of ten.

We evaluated Forcepoint, Digital Guardian, and Symantec for testing.

Overall, I rate the solution a nine out of ten.

Our clients use Netskope because they want to move to a SaaS solution. They're using an increasing number of SaaS applications. An on-premises firewall or URL filter isn't sufficient anymore. Netskope is unique in recognizing different instances of SaaS applications and the activities people can do. They have more control over where their data goes.

The most valuable feature of Netskope is that it is a SaaS-delivered solution. It's somewhere running in the cloud, and there's no limitation in performance like you would have with hardware. You need to change hardware all the time.

However, this platform grows when your company grows, and you have more employees and more traffic. You don't need to think about that anymore. The solution also provides granular control over the SaaS applications that people are using.

It's like moving from URL filtering or a web proxy to a real CASB. Netskope takes it a step further by recognizing if you're logging into your corporate Office 365, a private one, or a competitor's Office 365.

The cloud firewall, which is one of Netskope's latest developments, could be improved further. I would like to see more threat protection in Netskope's Zero Trust Network Access. Functionality-wise, the solution's Zero Trust Network Access is a great replacement for VPNs. However, having more security functions in there would be nice.

I have been working with Netskope for around five years.

I've never encountered an outage with Netskope. Everything was always working because its points of presence were very redundant. If its processes recognize that something in one point of presence might not be running as it should, you get redirected without knowing.

I rate the solution's stability ten out of ten.

Our clients for Netskope are fairly big enterprises and government organizations. Netskope's scalability is perfect, and you don't have to think about it. It doesn't matter if you have 500 employees or 10,000 employees. The solution automatically grows. Their points of presence are overscaled and oversized, so they'll take care of that.

I rate the solution's scalability ten out of ten.

Netskope's technical support is very good, but it's similar to the technical support of most other tools like Palo Alto or Check Point.

Positive

The solution's initial setup is really easy, especially when you roll out the client. Migrating from an explicit proxy to their solution has exactly the same setup. Netskope easily integrates into any solution that you already have.

The solution's deployment time depends on what you want to include. If you need to migrate a very big web proxy configuration, Netskope has excellent professional services that will prepare configurations. So, it's ready to use directly. The slowness is not because of Netskope. It's because you need to have all your employees connected to the network, and this new software needs to be installed.

However, that can all be automated. You can have it running in minutes. Netskope already has a very good basic policy. If you're just doing the inline CASB, you roll out the Netskope Client or setup the explicit proxy and have a basic URL filtering policy that directly works.

If you have a couple of 1,000's employees, then, of course, it will take a while. You do it in bunches. People start up their laptops, install this new software, and it's there. Preparation-wise, it might take a few weeks, but the actual rollout is done as soon as people can run updates on their laptops.

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution’s initial setup an nine out of ten.

We have seen a return on investment with Netskope because everything runs in the cloud. You don't need to think of the sizing. The solution's user interface is really simple and easy to manage. You don't need many people, hardware replacements, or shipping things. The tool is very efficient and saves a lot of time.

Netskope is a premium service, and its pricing ranges from medium to expensive. Netskope is in the top range when it comes to pricing. It all depends on the functionalities you require and get the licences for. The combined solution is more cost effective than a combination of other vendors point solutions.

Netskope is a cloud-based solution. All its security functions run in a cloud. You only need to install a client to get the traffic to the cloud, set up an IPsec tunnel, or set up your explicit proxy to get the traffic through the cloud.

You don't need to install anything on-prem except when you use their SD-WAN solution. We're talking about the CASB side. They also have an SD-WAN solution. 

Overall, I rate the solution an eight out of ten.

I use Netskope in my company for data protection and governance.

The most valuable features of the solution are that the support is very good and the dashboards are easy and intuitive to use.

With Netskope in our company, we want to integrate it with the other applications in our system practically. From an improvement perspective, the aforementioned process should be made easier. The solution's implementations can be made much easier because, currently, it is complex in nature.

I have been using Netskope for three years. I use the solution's latest version.

Stability-wise, I rate the solution a nine out of ten.

Scalability-wise, I rate the solution a nine out of ten.

In our company, we have around 1,00,000 users of the solution.

I rate the technical support a nine out of ten.

Positive

I have worked with other products in the past, but I cannot discuss those products.

The implementation part takes some time due to the complexities involved. In general, our company puts in a lot of effort, especially in coordination, to manage the solution's implementation.

In our company, we did not measure the actual time taken to implement the solution, but the overall time taken to implement the solution was around six months.

The solution is deployed on a public cloud.

I cannot disclose the licensing costs attached to the solution. Netskope is a reasonably priced product, but it is not so expensive because there are other products in the market that are more expensive. I rate the product's price a six on a scale of one to ten, where one is expensive, and ten is low price.

I recommend the product to those who plan to use it.

I rate the overall product a nine out of ten.

It's one of the top-ranking solutions in the market, and it's very responsive. We are using Netskope, and Netskope provides a load of features for SQL, STP, and traffic control.

We have blocked all data-sharing websites like Gmail, Google Drive, and Dropbox. We have also blocked them globally in broadband and Capitec. We are ISO certified, so we use a bunch of tools that we use, so that's why we are using a pro product that is number one in Gartner.

If we need to allow a process that is blocked by Netskope, we have to manually check the logs to see why it is blocked. This can be time-consuming and inefficient.

So, I would like to have a feature in Netskope that allows them to manually check the logs without having to open a separate tool.  

I have been using this solution for last two years. 

It's a stable product. However, when I implemented it two years ago, it had a lot of issues for us because all things were blocked users were facing a lot of issues regarding website-related issues, and some developers were also facing some issues. 

But now it's fine. The user process has improved. Some developers are using PowerShell code to get related, and all processes are unblocked. So, we've developed an ID to allow the related process. Now, it's stable.

There are around 2,000 end users using this solution. It is a scalable solution.

The customer service and support are good. They are available on weekends.

We used Symantec before for DLP solution, device control, and proxy solution. All three things were only in Symantec, but Symantec is not a SaaS-based product. If your users come to the premises or over the VPN, that means it works, otherwise, it doesn't work or there is no control. So that's why we moved to NetScope as it's a service product, and the cost associated with it is also less.

The initial setup is very easy. 

We have deployed it on a private cloud. We have a single URL, and we have created a username and password. We have also created a load of policies like a secure web gateway and global talk. We have blocked global talk like Gmail, WhatsApp, and Yahoo. If you use a requirement, we can allow it only.

The licensing cost is good for the features. It's about $35 per user per year.

Overall, I would rate the solution a nine out of ten.

The main issue with end customers is that they are not aware of their cloud post-management and what cloud applications their users are using. With Netskope CASB, they can get a better understanding of the real scenario and identify the cloud apps that are being utilized. Most partners only know about 2% of all the cloud apps being used.

Netskope CASB also provides Data Loss Prevention (DLP) solutions with two levels, standard and advanced. The solution offers strong DLP policies.

Netskope CASB has authorized over 57,000 cloud apps and classifies them on a rating scale between zero and one hundred based on compliance with regulatory standards. With this feature, organizations can easily determine which cloud apps are compliant and which are not.

Many cloud apps are not in compliance and are at risk of being breached, but with Netskope CASB, they can be classified and better managed. These are the most valuable features according to me.

Netskope could improve the policy integration with more friendly parameters within the DLP (data loss prevention) module of the CASB product. It would make it easier for administrators to use the DLP module, and this improvement would be integrated into Netskope CASB.

It is a stable solution, and I haven't found any stability issues. Within the transfer solutions, it's quite fast, also.

The solution is quite scalable. 

The initial setup is pretty straightforward once you know where the data is located, whether in a physical data center or a cloud provider like Amazon.

There could be room for improvement in the subscription process. The current process is via an application, which requires a scan of the apps being used to determine the necessary licensing. This process could be simplified by basing the licensing on the number of users, similar to Netskope's work gateway solution. This would make it easier for the end user to request a quote without having to go through the discovery process.

I would rate it an eight out of ten, primarily due to the subscription process being confusing for end-users.