Netskope Reviews

We use the tool to control the use of our email going outside.  We use it to secure our data. We use it for data exfiltration, enforce policies for users who use both personal and corporate accounts, and ensure PCI compliance. We also use it to block malware by detecting and blocking any malware in cloud services immediately. Additionally, we monitor privileged accounts to prevent unauthorized access to our resources. We use it to protect our privileged accounts in Microsoft Azure.

The solution provides information about third-party applications registered to our corporate email address and alerts us when users enroll in other applications using their work email.

The tool helps us detect threats and provides insights. Then, we take necessary measures to ensure users have MFA enrolled and take other security steps.

We are an airline, so our users frequently move between locations. For example, a pilot might log in from one country in the morning and another within a few hours. Netskope helps us guard against threats by detecting if a data exfiltration attempt occurs from a specific location.

I have been using the product for three years. 

We didn't have any issues with Netskope's stability. 

The scalability has been good for us because we didn't have to pay for anything extra. We locked in the price for three years at a significantly reasonable rate. I can't provide more details because the person who handled it left the team, but I believe the decision was based on cost. Given the pandemic period, when many airlines faced financial difficulties due to closed borders, it had to be a very reasonable cost or a suitable payment plan. My company has 1500 users.

I have never used technical support yet. 

We use Microsoft Azure, specifically Microsoft's CASB solution, because most companies, including ours, already use Microsoft products like Microsoft 365. Since it's already part of our subscription, it made sense to evaluate it. If we're satisfied with Microsoft by next year, we might move to it since we already have a subscription.

I rate the tool's deployment ease a nine out of ten. It's a SaaS solution; the deployment process is straightforward, ensuring it's connected internally. For what I use it for daily, it's very accessible and user-friendly, with nothing complex involved.

I wasn't involved in the initial discussions about its cost. However, within the next year, by around June, I'll need to review the vendors' quotes. Typically, our procurement team handles the process by issuing an RFP to vendors to get quotes. From there, we evaluate based on pricing and may conduct a proof of concept to assess value.

My company is mid-size. In our country, having around 2500 employees places us in the midsize category. I rate the overall product an eight out of ten. The tool helps monitor Microsoft Azure activities, such as operational functions and user registrations. It checks if these actions align with normal practices to ensure security. This provides insights into applications integrated into our Azure environment

We use the solution to track role-based access control. We have many business-critical applications, particularly task-based applications, on the cloud.

Netskope provides audit trends for all accesses via KSP and the identification of Shadow IT.

Today, buying a server or hosting an application is very easy. Anyone can buy an instance by paying on AWS or Google. Due to this, there are many applications within the organization that IT is not even aware of because someone in business might have bought one without IT's knowledge. The perspectives of these two groups are very different, and that's the issue.

The solution’s cost is not user-friendly. If you buy the full version, it is costly.

I have been using Netskope as a customer for two or three years.

The product is stable.

3500 end users are using this solution.

I rate the solution’s scalability an eight out of ten.

We switched to Netskope since it comes with the Secure Web Gateway package.

The initial setup is simple and takes a couple of weeks to complete. The deployment requires eight people to complete.

I rate the setup a seven on a scale of ten.

We evaluated Forcepoint, Digital Guardian, and Symantec for testing.

Overall, I rate the solution a nine out of ten.

For now, we are scanning all the HTTP traffic with the cloud-based solution, the cloud broker solution. We are using it as a network proxy. It will detect all the data you are using. Let's say you go to Google Drive to try to upload something. In our case, we are putting up some rules or restrictions so that you can't upload PDFs or Word files, or maybe you can add Word files with limitations, like without any personal information, including name, pin number, date of birth. It's more like we are controlling the PII, the personal information with the solution, so that we restrict users from uploading whatever they want on the internet.

The solution itself is good because it categorizes many websites on its own, like the website or solution you trust. For instance, Yahoo is a good website. You can let your employees use Yahoo, but let's say a website like yandex.com is a little bit fishy, so they will put it into a category like server content. We can put in rules according to this. We can only allow the website with Netskope first.

We have to pay extra for some of those features, but we can connect our infrastructure like GCB. We can connect our instance via API so that Netskope itself scans whatever in our GCB storage or Azure Block storage. If someone is storing PII information, it can declare some alerts or restrict access to that particular file. It's mostly for this kind of solution, but there are many other things that you can do with the solution.

We have more than 30,000 workstations. The client version is 90, but we are using 87. Every three or four months, we do an installation for all the clients and workstations. That's maybe why we are not on the latest client version, but it works fine. There haven't been any problems with that. They launch one new version every month.

Normally on your side, you don't need anything. You only need to install the client on your workstation. After that, it's up to you. If you have everything already on cloud, like if you are using Azure AD, you can connect your Azure-ready account with their account for the same purposes and upload all the data of your users so that their solutions know about your environment. If you are not using cloud, you can provide an Excel list of all your users so they can register those users so you aren't paying more than you are consuming. You can install the agents on 1,000 PCs, but they are only working with the users and environment they are deployed on.

If I have 500 users and install on 1,000 PCs, I'm only paying for 500 users because now they work from home. Everyone has one Mac, one Windows device, or maybe one Linux device, but they are using the same username with the organization. We are paying the license for one user, even if we are using the client on multiple devices. The working environment is not a big mess. If you're on hybrid or 100% cloud based, or even if you are 100% in-house in your data center, you can go with the solution. There aren't any limitations.

If you implement the solution, it will give you visibility. If you have 1,000 or 50,000 people working in your environment, you don't know what solutions people are using. Personally, I'm using OneNote and Microsoft Office, but someone might be using a text file or third party software, or using a browser extension just to take notes. 

We don't know how much we can trust third party applications. The product itself provides visibility to us. When we started back in 2019, we activated the solution for everyone, but this is not the best way for 30,000 users in one shot because we started blocking people and the work environment because people were using their own solutions and software. Netskope doesn't know those softwares so we have to integrate with them and with the third party, for which we are paying the license. Netskope says, "Okay, this is the server. We are blocking the server," but we don't know if we can trust this one or not. 

After talking with the other teams, we realized, "No, we are paying the license for it. This is legit, so we don't have to block it." 

When we started deployment, each month we deployed the traffic for 1,000 people. When it was done, we could see what they were using, consuming, and what we were blocking.

This way, we can change our policies. We try to allow the legit solutions and third party applications that we are paying the license for. Then we go to the next thousand. Then we discover what these people are doing and the applications they're using. When people tell us that they don't have access to their Gmail, we tell them that we cut out Gmail because we are only using the Microsoft services, so there is no Gmail, unless there is a reason for it.

Netskope provides visibility in our case for the deployment.

In Azure, we have multiple subscriptions and with every subscription, we add some kind of instance ID. We can work with the instance ID so that we allow all of the instances containing nodules. Everything else, we block. This way, if you go to outlook.com and check your email, if you log in with your company account, the instance ID will show. The network will take action according to the instance ID and say, "You are using the enterprise email. I'll let you surf. I'll let you see your email." But when you try to log in with your own email address, like Hotmail or Gmail, the instance ID will be different.

This way we are not completely blocking Outlook, but we are blocking people from accessing their Outlook. We are only allowing the enterprise-level emails, and we are not allowing user-based emails. That's the feature I love most.

Third party integration with other cloud applications could be improved. Sometimes the API won't be working, but Netskope is taking it seriously. They accept all the feature requests, and they are trying to provide whatever we ask from them.

What we are consuming right now is almost perfect. This is a cloud-based application, not in-house, so we can't change the interface. But for UI, sometimes we ask them to give us some more visualization and features. 

For instance, if you are uploading a dictionary and use that dictionary file containing anything from the dictionary blockage protection, we can't see it. Each time we have to upload a new one and override the old one. We can't visualize it, so we have asked them for a feature request and they're working on it.

There are many small things regarding feature requests that we are doing day to day, and they are working on it. Some of the features are there, but they are hard to find. 

The only thing we are looking for now is integration with the MacBook. Even with a MacBook, everything is going well. With a MacBook, the Catalina client is working fine. The new version, which releases monthly, is working fine. The only problem we are facing is with the big server, so they're working on it.

I have been using Netskope CASB for a year and a half. The solution auto updates. This is a test solution, so all we have to do on our side is upgrade the client version on workstations.

There haven't been any major issues. We had one issue on their backend, but they provided a solution very quickly. In about three hours, they moved us to another data center. This is normal. This was a major incident on their side because when traffic starts moving on their data center, they start scanning everything and it goes to their data center. If their data center goes down or there is limited bandwidth on their side, this can impact your organization. This happened once. We communicated with them and within three hours, they switched us to another data center. Everything was smooth and started working fine, but these kinds of things happen.

The solution is scalable. There haven't been any issues according to performance. On their side, scalability is good because it's a test solution. I can't tell you more about the scalability because it's mostly on their side. From our side, everything is more than fine because we are consuming their services.

We are currently paying for 30,000 users, or 30,000 workstations.

Right now, for all 30,000 users, we chose maybe 60 or 70 cloud applications. We are only streaming those applications. We have already deployed 5,000 users to all web traffic. This means we are streaming everything they are surfing. For the other 25,000 users, we are only scaling the traffic of 60 or 70 applications. This is how we are consuming more of the licenses.

Netskope takes control of maintenance. They send you an email about what is going on, and they will let you know that maintenance is occurring on Sandhill server for instance, or somewhere else. They give you brief downtime, but if there isn't any downtime, they connect you to another data center.

The incident that occurred was regarding the bandwidth on their side. They were lacking some bandwidth with their vendor. There hasn't been any downtime yet, and we have been using the solution for a year and a half.

Our organization pushed us to deploy the solution as soon as possible. They were ready to pay the license because there was an architect who did a comparison between two or three CASB solutions, and he chose Netskope. When we deployed, everyone was like, "We are blocking the work." So we had to limit it and start with a chunk of users. 

The only thing they are working on is integration with Mac. On the MacBook, the client horizon is not stable. Sometimes it goes down without any warning, but they are working on it.

Technical support is good. Normally when creating a ticket on their side, the response is between one or two business days, but we are paying premium support. In premium support, we have 24/7 support from their engineers. If we have trouble with something, we can just say, "Okay, we need you to call a third party with maybe a higher level of execution." They are ready to be there, but it comes with premium support. 

We had basic support. Response time is one business day, but it depends on your ticket. If you have critical severity, they will respond right away. With the premium, 24/7 support, everything is good. Their technical department is taking care of us. They are there for us every time we need them.

We haven't used any other solutions previously. This is the first CASB solution we are using at the enterprise. The Microsoft team is using MCAL, which might be similar to this solution but isn't providing all the aspects of it like PII and the third party vendor. Its controls are limited to Microsoft. I'm not sure if we are still paying the license for MCAL or not. If you compare Netskope with MCAL, Netskope also allows you to manage, whereas MCAL is just for Microsoft services.

It seems to be straightforward because we are using it with Azure AD. We already had all of our groups and users there, so we just added the Netskope application in our Azure AD, and it started gathering all the information and sending it to their databases. It seems pretty easy just for the load.

I would rate this solution 9 out of 10.

My advice is to just go for it. In an organization of 30,000 people, you can't just deploy one product and start deploying another product and say, "Okay, we are replacing the solution with this one," because the company has already invested millions of dollars in this. 

I like the way Netskope treats its customers. Whenever you need help, they are there. They will 100% help you. They will explain everything to you. We have a meeting with our technical assistant manager every week, and he shows us different things we can do with the roadmaps, different features we can use, and what kind of policy we can put in place to lower our false positive rates. It's very helpful.

We use Cisco Umbrella and plan to replace it with Netskope. We will start with the security model and other policies. 

We use Cisco VPN for remote access. Additionally, we have started implementing Netskope with a strong focus on security. Our primary goal is to protect users from accessing malicious sites. We also plan to implement DLP based on our data, as data security is our main concern.

The solution offers granular control over uploads and downloads. Previously, we lacked monitoring and control over downloads from malicious sites, but now, with Netskope, we can block such downloads. We are currently in the testing phase of implementing DLP, specifically for personally identifiable information data. We don't want it to be uploaded to the cloud. 

I'm currently involved in integrating Netskope with SentinelOne in our organization. The goal is to consolidate our alert monitoring by setting up a virtual machine and establishing threat exchange protocols. This integration allows us to use a single console to monitor alerts from both Netskope and SentinelOne, enabling better correlation of security incidents.

I would like to see the product improved, especially in monitoring and security monitoring. It should be more effective so we can better identify cloud access and understand how users are accessing it. We need better visibility on security and cloud storage access.

The logs in Netskope are good, similar to what I had with CrowdStrike. CrowdStrike provided full log coverage, and we need the same for cloud-based solutions like Netskope. Every action should be logged, but I've noticed some gaps with Netskope.

We faced outages a couple of times. 

I haven't faced any issues with the tool's stability. 

Before moving to Netskope, we used McAfee products. This was before COVID, when our cloud usage was minimal and remote access wasn't as prevalent. We procured McAfee's CASB solution to monitor and manage shadow IT. This allowed us to track and block access to unapproved third-party clouds.

We started the POC in December 2023 and began working on the feasibility of the migration. We have reached around 65% of our implementation, with only 35% remaining.

We have very few resources involved, around five to six people from different teams, like the infrastructure team. I am part of the IT security team and manage the platform. Other teams help with access control, which the central security team takes care of.

We use Varonis to scan files and remove broken access permissions for data at rest. We also utilize Microsoft Purview to label sensitive files on our file server. Once this process is complete, we will block access through Netskope. This is our future vision, though we are currently in the implementation phase.

I'm involved in both implementing and supporting the solution. As part of the operations team, I provide knowledge transfer sessions to team members. When implementing new policies, I discuss with team members how to handle alerts and what actions to take when alerts are triggered.

Access with Cisco Umbrella is very different compared to Netskope. Some sites accessible with Cisco Umbrella are blocked by Netskope. We had to revisit each and every policy again. We exported all the configurations from Cisco Umbrella and had to review everything.

Before implementing, go with the POC and have an extended POC session. Clarify everything during the POC because it becomes very difficult to get them on a call for critical issues after the POC. Make sure all concerns are discussed and resolved before implementation.

I rate the overall product an eight out of ten. 

I use Netskope in my company for data protection and governance.

The most valuable features of the solution are that the support is very good and the dashboards are easy and intuitive to use.

With Netskope in our company, we want to integrate it with the other applications in our system practically. From an improvement perspective, the aforementioned process should be made easier. The solution's implementations can be made much easier because, currently, it is complex in nature.

I have been using Netskope for three years. I use the solution's latest version.

Stability-wise, I rate the solution a nine out of ten.

Scalability-wise, I rate the solution a nine out of ten.

In our company, we have around 1,00,000 users of the solution.

I rate the technical support a nine out of ten.

Positive

I have worked with other products in the past, but I cannot discuss those products.

The implementation part takes some time due to the complexities involved. In general, our company puts in a lot of effort, especially in coordination, to manage the solution's implementation.

In our company, we did not measure the actual time taken to implement the solution, but the overall time taken to implement the solution was around six months.

The solution is deployed on a public cloud.

I cannot disclose the licensing costs attached to the solution. Netskope is a reasonably priced product, but it is not so expensive because there are other products in the market that are more expensive. I rate the product's price a six on a scale of one to ten, where one is expensive, and ten is low price.

I recommend the product to those who plan to use it.

I rate the overall product a nine out of ten.

Netskope is an efficient, reliable, and easy-to-manage solution. It goes very granular in blocking some of the features in third-party cloud solutions, like share or download.

Netskope could further onboard new SaaS-based platforms into their CASB solutions. Netskope already has its in-build capabilities, but some might be missing.

From the reverse proxy side, Netskope needs to be more reliable for Microsoft Azure customers. They are still dependent on Microsoft access control from SaaS. It would be good if they could remove this dependency because some customers don't have P1 licenses.

We need Microsoft capabilities to access reverse proxies because it depends on that. Users logging in to their SaaS solution and not using the Netskope agent cannot use this reverse proxy feature. The solution's documentation still needs to be improved.

I have been using Netskope for two years.

I rate Netskope a nine out of ten for stability.

Netskope should improve its customer support in terms of technicality and response time.

The solution’s initial setup is quick and easy.

Netskope is not as expensive as Palo Alto. On a scale from one to ten, where one is expensive, and ten is cheap, I rate the solution's pricing a six out of ten.

We usually sell Netskope because it's a unified platform for SWG, DLP capabilities, and CASB. Netskope is a strong leader in CASB and has integrated other parts like SWG and NPA. Netskope is a cloud-based solution.

Netskope is a very granular product, and you can do a lot of things with it. Microsoft doesn't onboard all the third-party SaaS-based providers. It doesn't have any granularity to build policies.

Netskope is more suitable for small to medium businesses.

Overall, I rate Netskope an eight out of ten.

It's one of the top-ranking solutions in the market, and it's very responsive. We are using Netskope, and Netskope provides a load of features for SQL, STP, and traffic control.

We have blocked all data-sharing websites like Gmail, Google Drive, and Dropbox. We have also blocked them globally in broadband and Capitec. We are ISO certified, so we use a bunch of tools that we use, so that's why we are using a pro product that is number one in Gartner.

If we need to allow a process that is blocked by Netskope, we have to manually check the logs to see why it is blocked. This can be time-consuming and inefficient.

So, I would like to have a feature in Netskope that allows them to manually check the logs without having to open a separate tool.  

I have been using this solution for last two years. 

It's a stable product. However, when I implemented it two years ago, it had a lot of issues for us because all things were blocked users were facing a lot of issues regarding website-related issues, and some developers were also facing some issues. 

But now it's fine. The user process has improved. Some developers are using PowerShell code to get related, and all processes are unblocked. So, we've developed an ID to allow the related process. Now, it's stable.

There are around 2,000 end users using this solution. It is a scalable solution.

The customer service and support are good. They are available on weekends.

We used Symantec before for DLP solution, device control, and proxy solution. All three things were only in Symantec, but Symantec is not a SaaS-based product. If your users come to the premises or over the VPN, that means it works, otherwise, it doesn't work or there is no control. So that's why we moved to NetScope as it's a service product, and the cost associated with it is also less.

The initial setup is very easy. 

We have deployed it on a private cloud. We have a single URL, and we have created a username and password. We have also created a load of policies like a secure web gateway and global talk. We have blocked global talk like Gmail, WhatsApp, and Yahoo. If you use a requirement, we can allow it only.

The licensing cost is good for the features. It's about $35 per user per year.

Overall, I would rate the solution a nine out of ten.

Our primary use case for the solution is data and DLP production. We deploy the solution on cloud via AWS. It is direction-based on the reduction capability, good direction capability, control prevention, data prevention based on the user activities, like upload and download. These things are based on particular user activity. We can control the data through results.

The UB and the Reverse Proxy are valuable.

The Reverse Proxy could be improved as it currently has limitations. I rate the pricing as five out of ten, with one being inexpensive and ten being very expensive. Additionally, the configuration and user behaviour analytics can be improved. For example, it's either completely blocked or unlocked, so there should be conditional consideration, which can be done on their proxy.

We have been using the solution for a year and a half.

The stability is almost 100%. I rate it a nine out of ten.

I rate the scalability an eight out of ten. Approximately 5,000 users are utilizing the solution. 

We have had a good experience with customer service and support. However, I rate them a seven out of ten because they take a long time to escalate tickets. It takes one week to escalate regular incidents while they respond to incidents for follow-ups. It should take a maximum of one to two days, and within 48 hours, everything should be addressed. So even though it is a low-priority issue, they should assist within 48 hours.

Neutral

The initial setup was a bit complex at first, but it got easier. I rate it a ten out of ten. The deployment is a continuous process because people joined and left the organization. So to get the solution to at least 60%, or 70%, it took about two months. Approximately two people are required for deployment.

The solution is affordable, and a licensing fee is charged yearly. Access to customer service and support is included in the licensing charges. I rate the licensing fees an eight out of ten.

I rate the solution an eight out of ten. The solution is good, but the configuration and user analytics can be improved. I recommend the solution to new users because it is a good tool, and the detection capability is very nice and lightweight. Additionally, I recommend they use the solution if it aligns with the requirements.