Netskope Reviews

We use Cisco Umbrella and plan to replace it with Netskope. We will start with the security model and other policies. 

We use Cisco VPN for remote access. Additionally, we have started implementing Netskope with a strong focus on security. Our primary goal is to protect users from accessing malicious sites. We also plan to implement DLP based on our data, as data security is our main concern.

The solution offers granular control over uploads and downloads. Previously, we lacked monitoring and control over downloads from malicious sites, but now, with Netskope, we can block such downloads. We are currently in the testing phase of implementing DLP, specifically for personally identifiable information data. We don't want it to be uploaded to the cloud. 

I'm currently involved in integrating Netskope with SentinelOne in our organization. The goal is to consolidate our alert monitoring by setting up a virtual machine and establishing threat exchange protocols. This integration allows us to use a single console to monitor alerts from both Netskope and SentinelOne, enabling better correlation of security incidents.

I would like to see the product improved, especially in monitoring and security monitoring. It should be more effective so we can better identify cloud access and understand how users are accessing it. We need better visibility on security and cloud storage access.

The logs in Netskope are good, similar to what I had with CrowdStrike. CrowdStrike provided full log coverage, and we need the same for cloud-based solutions like Netskope. Every action should be logged, but I've noticed some gaps with Netskope.

We faced outages a couple of times. 

I haven't faced any issues with the tool's stability. 

Before moving to Netskope, we used McAfee products. This was before COVID, when our cloud usage was minimal and remote access wasn't as prevalent. We procured McAfee's CASB solution to monitor and manage shadow IT. This allowed us to track and block access to unapproved third-party clouds.

We started the POC in December 2023 and began working on the feasibility of the migration. We have reached around 65% of our implementation, with only 35% remaining.

We have very few resources involved, around five to six people from different teams, like the infrastructure team. I am part of the IT security team and manage the platform. Other teams help with access control, which the central security team takes care of.

We use Varonis to scan files and remove broken access permissions for data at rest. We also utilize Microsoft Purview to label sensitive files on our file server. Once this process is complete, we will block access through Netskope. This is our future vision, though we are currently in the implementation phase.

I'm involved in both implementing and supporting the solution. As part of the operations team, I provide knowledge transfer sessions to team members. When implementing new policies, I discuss with team members how to handle alerts and what actions to take when alerts are triggered.

Access with Cisco Umbrella is very different compared to Netskope. Some sites accessible with Cisco Umbrella are blocked by Netskope. We had to revisit each and every policy again. We exported all the configurations from Cisco Umbrella and had to review everything.

Before implementing, go with the POC and have an extended POC session. Clarify everything during the POC because it becomes very difficult to get them on a call for critical issues after the POC. Make sure all concerns are discussed and resolved before implementation.

I rate the overall product an eight out of ten. 

Our one use case involved shadow IT. We had numerous cloud applications being used by the business without the IT team's awareness. A lot of data was being exchanged with these cloud applications. 

Another use case centered around our corporate applications, specifically Google Workspace. We integrated Google Workspace with Netskope to protect our cloud usage and data, including email IDs and Google Drive storage.

These are the use cases we applied the tools to.

The benefits revolved around effectively addressing the use cases using Netskope. Regardless of user location, as long as they were connected to the internet, their data remained protected at all times. These were the major benefits we obtained.

The most valuable features were related to discovery, data protection, and ensuring compliance with regulations.

In my previous organization, we heavily used Netskope. We employed Netskope for all our cloud applications and for managing shadow IT. So, for any applications we had in the cloud, we used Netskope to retrieve details about shadow IT. On top of it, we employed it to safeguard the data on those cloud applications.

I used Netskope five months ago. I changed organizations around five months ago. But prior to that, I was using Netskope. I have used it for approximately four years. I worked with the latest version.

It is a stable solution. From a solution perspective, I didn't face any challenges. However, there were operational matters that we managed on a day-to-day basis.

It is a scalable solution.

Approximately around 30,000 end users are using this solution.

We've encountered numerous cases. Whenever we came across functional or technical issues, we raised questions with the technical support team.

I would describe customer service and support as decent. Our technical account manager always got involved when we raised concerns, ensuring proper escalation so we got a timely resolution.

The first setup process was pretty simple. You just have to integrate the solution with cloud workspaces and applications and it is easily accomplished.

The deployment was a collaborative effort. We engaged both the vendor and third-party assistance. Our in-house team used relevant intelligence to ensure successful deployment.

Two major teams were primarily involved: the InfoSec team and the IT team. The InfoSec team covered the solution and helped the IT team with configuring best practices. Additionally, we had a partner team that implemented the solution for us.

For deployment, we followed a straightforward approach. First, we identified our known applications and domains and then planned how to integrate our account users with Netskope. Next, we used the discovery module to identify shadow IT instances. Finally, we configured policies, initially placing them in monitoring mode. Once the tools matured, we transitioned those policies from monitoring to protective mode.

The maintenance was easy. 

Pricing depends on customer relationships, negotiations, and partner involvement. Each product owner has their own licensing terms, which all play into the overall cost because they involve a partner. Overall, it depends on the negotiation skills.

Netskope's pricing is reasonable compared to Microsoft. Microsoft tends to sell individual licenses as bundles. For instance, if you're using licenses like E3 versus E5, E3 offers limited functionality, while E5 provides a bundle. Microsoft's pricing is somewhat higher, considering Netskope's capabilities as well.

I have experience with a few other solutions, like Symantec and Microsoft, but my involvement with those was limited. Netskope was the major focus.

If you're heavily invested in Microsoft, Microsoft KSP might be the way to go. Otherwise, you might consider Netskope. So, it is dependent on the infrastructure.

I'd suggest that any company not heavily dependent on Microsoft could consider starting with Netskope. Cloud journey also matters; if you're deeply involved in the cloud, Netskope is a good solution to safeguard your cloud data.

Overall, I would rate the solution an eight out of ten. I deduced two points: one for their feature modification and one for the feature maturity of the solution.

We use the solution to track role-based access control. We have many business-critical applications, particularly task-based applications, on the cloud.

Netskope provides audit trends for all accesses via KSP and the identification of Shadow IT.

Today, buying a server or hosting an application is very easy. Anyone can buy an instance by paying on AWS or Google. Due to this, there are many applications within the organization that IT is not even aware of because someone in business might have bought one without IT's knowledge. The perspectives of these two groups are very different, and that's the issue.

The solution’s cost is not user-friendly. If you buy the full version, it is costly.

I have been using Netskope as a customer for two or three years.

The product is stable.

3500 end users are using this solution.

I rate the solution’s scalability an eight out of ten.

We switched to Netskope since it comes with the Secure Web Gateway package.

The initial setup is simple and takes a couple of weeks to complete. The deployment requires eight people to complete.

I rate the setup a seven on a scale of ten.

We evaluated Forcepoint, Digital Guardian, and Symantec for testing.

Overall, I rate the solution a nine out of ten.

For now, we are scanning all the HTTP traffic with the cloud-based solution, the cloud broker solution. We are using it as a network proxy. It will detect all the data you are using. Let's say you go to Google Drive to try to upload something. In our case, we are putting up some rules or restrictions so that you can't upload PDFs or Word files, or maybe you can add Word files with limitations, like without any personal information, including name, pin number, date of birth. It's more like we are controlling the PII, the personal information with the solution, so that we restrict users from uploading whatever they want on the internet.

The solution itself is good because it categorizes many websites on its own, like the website or solution you trust. For instance, Yahoo is a good website. You can let your employees use Yahoo, but let's say a website like yandex.com is a little bit fishy, so they will put it into a category like server content. We can put in rules according to this. We can only allow the website with Netskope first.

We have to pay extra for some of those features, but we can connect our infrastructure like GCB. We can connect our instance via API so that Netskope itself scans whatever in our GCB storage or Azure Block storage. If someone is storing PII information, it can declare some alerts or restrict access to that particular file. It's mostly for this kind of solution, but there are many other things that you can do with the solution.

We have more than 30,000 workstations. The client version is 90, but we are using 87. Every three or four months, we do an installation for all the clients and workstations. That's maybe why we are not on the latest client version, but it works fine. There haven't been any problems with that. They launch one new version every month.

Normally on your side, you don't need anything. You only need to install the client on your workstation. After that, it's up to you. If you have everything already on cloud, like if you are using Azure AD, you can connect your Azure-ready account with their account for the same purposes and upload all the data of your users so that their solutions know about your environment. If you are not using cloud, you can provide an Excel list of all your users so they can register those users so you aren't paying more than you are consuming. You can install the agents on 1,000 PCs, but they are only working with the users and environment they are deployed on.

If I have 500 users and install on 1,000 PCs, I'm only paying for 500 users because now they work from home. Everyone has one Mac, one Windows device, or maybe one Linux device, but they are using the same username with the organization. We are paying the license for one user, even if we are using the client on multiple devices. The working environment is not a big mess. If you're on hybrid or 100% cloud based, or even if you are 100% in-house in your data center, you can go with the solution. There aren't any limitations.

If you implement the solution, it will give you visibility. If you have 1,000 or 50,000 people working in your environment, you don't know what solutions people are using. Personally, I'm using OneNote and Microsoft Office, but someone might be using a text file or third party software, or using a browser extension just to take notes. 

We don't know how much we can trust third party applications. The product itself provides visibility to us. When we started back in 2019, we activated the solution for everyone, but this is not the best way for 30,000 users in one shot because we started blocking people and the work environment because people were using their own solutions and software. Netskope doesn't know those softwares so we have to integrate with them and with the third party, for which we are paying the license. Netskope says, "Okay, this is the server. We are blocking the server," but we don't know if we can trust this one or not. 

After talking with the other teams, we realized, "No, we are paying the license for it. This is legit, so we don't have to block it." 

When we started deployment, each month we deployed the traffic for 1,000 people. When it was done, we could see what they were using, consuming, and what we were blocking.

This way, we can change our policies. We try to allow the legit solutions and third party applications that we are paying the license for. Then we go to the next thousand. Then we discover what these people are doing and the applications they're using. When people tell us that they don't have access to their Gmail, we tell them that we cut out Gmail because we are only using the Microsoft services, so there is no Gmail, unless there is a reason for it.

Netskope provides visibility in our case for the deployment.

In Azure, we have multiple subscriptions and with every subscription, we add some kind of instance ID. We can work with the instance ID so that we allow all of the instances containing nodules. Everything else, we block. This way, if you go to outlook.com and check your email, if you log in with your company account, the instance ID will show. The network will take action according to the instance ID and say, "You are using the enterprise email. I'll let you surf. I'll let you see your email." But when you try to log in with your own email address, like Hotmail or Gmail, the instance ID will be different.

This way we are not completely blocking Outlook, but we are blocking people from accessing their Outlook. We are only allowing the enterprise-level emails, and we are not allowing user-based emails. That's the feature I love most.

Third party integration with other cloud applications could be improved. Sometimes the API won't be working, but Netskope is taking it seriously. They accept all the feature requests, and they are trying to provide whatever we ask from them.

What we are consuming right now is almost perfect. This is a cloud-based application, not in-house, so we can't change the interface. But for UI, sometimes we ask them to give us some more visualization and features. 

For instance, if you are uploading a dictionary and use that dictionary file containing anything from the dictionary blockage protection, we can't see it. Each time we have to upload a new one and override the old one. We can't visualize it, so we have asked them for a feature request and they're working on it.

There are many small things regarding feature requests that we are doing day to day, and they are working on it. Some of the features are there, but they are hard to find. 

The only thing we are looking for now is integration with the MacBook. Even with a MacBook, everything is going well. With a MacBook, the Catalina client is working fine. The new version, which releases monthly, is working fine. The only problem we are facing is with the big server, so they're working on it.

I have been using Netskope CASB for a year and a half. The solution auto updates. This is a test solution, so all we have to do on our side is upgrade the client version on workstations.

There haven't been any major issues. We had one issue on their backend, but they provided a solution very quickly. In about three hours, they moved us to another data center. This is normal. This was a major incident on their side because when traffic starts moving on their data center, they start scanning everything and it goes to their data center. If their data center goes down or there is limited bandwidth on their side, this can impact your organization. This happened once. We communicated with them and within three hours, they switched us to another data center. Everything was smooth and started working fine, but these kinds of things happen.

The solution is scalable. There haven't been any issues according to performance. On their side, scalability is good because it's a test solution. I can't tell you more about the scalability because it's mostly on their side. From our side, everything is more than fine because we are consuming their services.

We are currently paying for 30,000 users, or 30,000 workstations.

Right now, for all 30,000 users, we chose maybe 60 or 70 cloud applications. We are only streaming those applications. We have already deployed 5,000 users to all web traffic. This means we are streaming everything they are surfing. For the other 25,000 users, we are only scaling the traffic of 60 or 70 applications. This is how we are consuming more of the licenses.

Netskope takes control of maintenance. They send you an email about what is going on, and they will let you know that maintenance is occurring on Sandhill server for instance, or somewhere else. They give you brief downtime, but if there isn't any downtime, they connect you to another data center.

The incident that occurred was regarding the bandwidth on their side. They were lacking some bandwidth with their vendor. There hasn't been any downtime yet, and we have been using the solution for a year and a half.

Our organization pushed us to deploy the solution as soon as possible. They were ready to pay the license because there was an architect who did a comparison between two or three CASB solutions, and he chose Netskope. When we deployed, everyone was like, "We are blocking the work." So we had to limit it and start with a chunk of users. 

The only thing they are working on is integration with Mac. On the MacBook, the client horizon is not stable. Sometimes it goes down without any warning, but they are working on it.

Technical support is good. Normally when creating a ticket on their side, the response is between one or two business days, but we are paying premium support. In premium support, we have 24/7 support from their engineers. If we have trouble with something, we can just say, "Okay, we need you to call a third party with maybe a higher level of execution." They are ready to be there, but it comes with premium support. 

We had basic support. Response time is one business day, but it depends on your ticket. If you have critical severity, they will respond right away. With the premium, 24/7 support, everything is good. Their technical department is taking care of us. They are there for us every time we need them.

We haven't used any other solutions previously. This is the first CASB solution we are using at the enterprise. The Microsoft team is using MCAL, which might be similar to this solution but isn't providing all the aspects of it like PII and the third party vendor. Its controls are limited to Microsoft. I'm not sure if we are still paying the license for MCAL or not. If you compare Netskope with MCAL, Netskope also allows you to manage, whereas MCAL is just for Microsoft services.

It seems to be straightforward because we are using it with Azure AD. We already had all of our groups and users there, so we just added the Netskope application in our Azure AD, and it started gathering all the information and sending it to their databases. It seems pretty easy just for the load.

I would rate this solution 9 out of 10.

My advice is to just go for it. In an organization of 30,000 people, you can't just deploy one product and start deploying another product and say, "Okay, we are replacing the solution with this one," because the company has already invested millions of dollars in this. 

I like the way Netskope treats its customers. Whenever you need help, they are there. They will 100% help you. They will explain everything to you. We have a meeting with our technical assistant manager every week, and he shows us different things we can do with the roadmaps, different features we can use, and what kind of policy we can put in place to lower our false positive rates. It's very helpful.

Our clients use Netskope because they want to move to a SaaS solution. They're using an increasing number of SaaS applications. An on-premises firewall or URL filter isn't sufficient anymore. Netskope is unique in recognizing different instances of SaaS applications and the activities people can do. They have more control over where their data goes.

The most valuable feature of Netskope is that it is a SaaS-delivered solution. It's somewhere running in the cloud, and there's no limitation in performance like you would have with hardware. You need to change hardware all the time.

However, this platform grows when your company grows, and you have more employees and more traffic. You don't need to think about that anymore. The solution also provides granular control over the SaaS applications that people are using.

It's like moving from URL filtering or a web proxy to a real CASB. Netskope takes it a step further by recognizing if you're logging into your corporate Office 365, a private one, or a competitor's Office 365.

The cloud firewall, which is one of Netskope's latest developments, could be improved further. I would like to see more threat protection in Netskope's Zero Trust Network Access. Functionality-wise, the solution's Zero Trust Network Access is a great replacement for VPNs. However, having more security functions in there would be nice.

I have been working with Netskope for around five years.

I've never encountered an outage with Netskope. Everything was always working because its points of presence were very redundant. If its processes recognize that something in one point of presence might not be running as it should, you get redirected without knowing.

I rate the solution's stability ten out of ten.

Our clients for Netskope are fairly big enterprises and government organizations. Netskope's scalability is perfect, and you don't have to think about it. It doesn't matter if you have 500 employees or 10,000 employees. The solution automatically grows. Their points of presence are overscaled and oversized, so they'll take care of that.

I rate the solution's scalability ten out of ten.

Netskope's technical support is very good, but it's similar to the technical support of most other tools like Palo Alto or Check Point.

Positive

The solution's initial setup is really easy, especially when you roll out the client. Migrating from an explicit proxy to their solution has exactly the same setup. Netskope easily integrates into any solution that you already have.

The solution's deployment time depends on what you want to include. If you need to migrate a very big web proxy configuration, Netskope has excellent professional services that will prepare configurations. So, it's ready to use directly. The slowness is not because of Netskope. It's because you need to have all your employees connected to the network, and this new software needs to be installed.

However, that can all be automated. You can have it running in minutes. Netskope already has a very good basic policy. If you're just doing the inline CASB, you roll out the Netskope Client or setup the explicit proxy and have a basic URL filtering policy that directly works.

If you have a couple of 1,000's employees, then, of course, it will take a while. You do it in bunches. People start up their laptops, install this new software, and it's there. Preparation-wise, it might take a few weeks, but the actual rollout is done as soon as people can run updates on their laptops.

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution’s initial setup an nine out of ten.

We have seen a return on investment with Netskope because everything runs in the cloud. You don't need to think of the sizing. The solution's user interface is really simple and easy to manage. You don't need many people, hardware replacements, or shipping things. The tool is very efficient and saves a lot of time.

Netskope is a premium service, and its pricing ranges from medium to expensive. Netskope is in the top range when it comes to pricing. It all depends on the functionalities you require and get the licences for. The combined solution is more cost effective than a combination of other vendors point solutions.

Netskope is a cloud-based solution. All its security functions run in a cloud. You only need to install a client to get the traffic to the cloud, set up an IPsec tunnel, or set up your explicit proxy to get the traffic through the cloud.

You don't need to install anything on-prem except when you use their SD-WAN solution. We're talking about the CASB side. They also have an SD-WAN solution. 

Overall, I rate the solution an eight out of ten.

I use Netskope in my company for data protection and governance.

The most valuable features of the solution are that the support is very good and the dashboards are easy and intuitive to use.

With Netskope in our company, we want to integrate it with the other applications in our system practically. From an improvement perspective, the aforementioned process should be made easier. The solution's implementations can be made much easier because, currently, it is complex in nature.

I have been using Netskope for three years. I use the solution's latest version.

Stability-wise, I rate the solution a nine out of ten.

Scalability-wise, I rate the solution a nine out of ten.

In our company, we have around 1,00,000 users of the solution.

I rate the technical support a nine out of ten.

Positive

I have worked with other products in the past, but I cannot discuss those products.

The implementation part takes some time due to the complexities involved. In general, our company puts in a lot of effort, especially in coordination, to manage the solution's implementation.

In our company, we did not measure the actual time taken to implement the solution, but the overall time taken to implement the solution was around six months.

The solution is deployed on a public cloud.

I cannot disclose the licensing costs attached to the solution. Netskope is a reasonably priced product, but it is not so expensive because there are other products in the market that are more expensive. I rate the product's price a six on a scale of one to ten, where one is expensive, and ten is low price.

I recommend the product to those who plan to use it.

I rate the overall product a nine out of ten.

A feature that was valuable was the built-in website classification or safety ratings. Different websites would be rated according to analyses that the Netskope team had done, and we built policies on some of those scores. If the website scored less than a certain percentage, then we would have a different user experience around how the site would interact with the clients.

It needed some fine-tuning on core business sites that we used, which were sensitive to what we term a man-in-the-middle certificate by design. Some sites were not tolerant because they presented as potentially malicious. So, we just had to make some tweaks so that it would bypass or interpret it.

The features that we would like to see are available but require additional investment. We wanted more of the CASB type feature set, which was at a higher subscription cost, and we didn't have budget for it. We just went with their standard offering, which was the secure web gateway.

We used it for a little over 12 months, and it was deployed on Netskope cloud.

The stability is very good. I can't recall any outages with the product in the time that we used it.

It is easy to scale, and it's fully automated through the Azure AD integration.

The support team we were dealing with were not based onshore, and I don't think we had a premium support model at that time. As a result, we had to wait sometimes to get the outcome that we were looking for. If it was more of an immediate issue that was impacting our customers, we couldn't get support immediately. They would capture the request and then came back to us later on. The speed of their response to the support request could have been better, and I would give technical support a rating of eight out of ten.

Positive

It makes sense for us to have the gateway capabilities of a Netskope product. We retired an internal or on-premises web filter or web proxy called WebMarshal. It wasn't meeting our needs, particularly through lockdown and the increased demands on the web filter from remote users. So, we made the decision to go with a cloud-based SWG.

The initial setup was very straightforward. Our approach was to do the implementation as part of a proof of concept; it was more of a try-before-you-buy situation. Because of that, there was a lot of good support from Netskope directly to actually implement the POC. Once we did that and saw the benefits, the hard work had already been done to make it a production system for us. I would rate the initial setup at five out of five.

Deployment took a couple of weeks, maximum. The environment was set up quickly by the Netskope success manager, and the agent itself was quickly deployed by us through our system center management tool.

Being cloud based, it self- manages and doesn't require specific maintenance.

We had three technical staff and about 1,000 clients working on this solution.

I recall that the price was considerably cheaper than that of Zscaler. It was around 60,000 AUD for 1,000 users per year and included some training and some premier support offerings.
If we wanted to take advantage of the CASB capabilities, then there was an additional subscription fee, for which we didn't have the budget. On price, I would give Netskope a three or four out of five because it's quite expensive, but it offers a lot of value.

We looked at Netskope and Zscaler. Netskope came out on top.

My recommendation would be to definitely to shortlist Netskope CASB and strongly consider it because it was a very positive experience for us, particularly with the support that we got from our onshore partner.

It still deserves to be compared with other products in that sector such as Zscaler; it's probably one of the market leaders. It's definitely worth looking at others, but we were very happy with Netskope CASB, and the team continue to use it today. I would give it an overall rating of nine on a scale from one to ten.

Netskope is an efficient, reliable, and easy-to-manage solution. It goes very granular in blocking some of the features in third-party cloud solutions, like share or download.

Netskope could further onboard new SaaS-based platforms into their CASB solutions. Netskope already has its in-build capabilities, but some might be missing.

From the reverse proxy side, Netskope needs to be more reliable for Microsoft Azure customers. They are still dependent on Microsoft access control from SaaS. It would be good if they could remove this dependency because some customers don't have P1 licenses.

We need Microsoft capabilities to access reverse proxies because it depends on that. Users logging in to their SaaS solution and not using the Netskope agent cannot use this reverse proxy feature. The solution's documentation still needs to be improved.

I have been using Netskope for two years.

I rate Netskope a nine out of ten for stability.

Netskope should improve its customer support in terms of technicality and response time.

The solution’s initial setup is quick and easy.

Netskope is not as expensive as Palo Alto. On a scale from one to ten, where one is expensive, and ten is cheap, I rate the solution's pricing a six out of ten.

We usually sell Netskope because it's a unified platform for SWG, DLP capabilities, and CASB. Netskope is a strong leader in CASB and has integrated other parts like SWG and NPA. Netskope is a cloud-based solution.

Netskope is a very granular product, and you can do a lot of things with it. Microsoft doesn't onboard all the third-party SaaS-based providers. It doesn't have any granularity to build policies.

Netskope is more suitable for small to medium businesses.

Overall, I rate Netskope an eight out of ten.