In the exhibit, a user is uploading a file containing PCI-DSS data to the corporate Google Drive instance.
Despite the policy that blocks DLP (Data Loss Prevention) uploads being active, the upload is not blocked.
This indicates that the policy is not applied in the correct order.
Netskope applies policies in a top-down manner. If there are multiple policies that could apply to an action, the order in which the policies are evaluated is crucial. In this case, another policy might be allowing the upload before the DLP policy can block it. Ensuring that the DLP policy is higher in the order can resolve this issue.
References:
* Netskope policy configuration and enforcement documentation.
* Details on how Netskope processes and applies policies based on their order in the policy list.

To provide a quick view under the Skope IT Applications page showing only risky shadow IT cloud applications being used, you can use two filter combinations: Sanctioned = No and CCL = Medium, Low, Poor. The Sanctioned filter allows you to select whether you want to see only sanctioned or unsanctioned apps in your organization. Sanctioned apps are those that are approved and managed by your IT department, while unsanctioned apps are those that are used without authorization or oversight by your employees. Shadow IT refers to the use of unsanctioned apps that may pose security or compliance risks for your organization. The CCL filter allows you to select the Cloud Confidence Level (CCL) ratings of the apps you want to see. The CCL rating is a measure of how enterprise-ready a cloud app is based on various criteria such as security, auditability, business continuity, etc. The CCL rating ranges from Excellent to Poor, with Excellent being the most secure and compliant and Poor being the least. Risky cloud apps are those that have a low CCL rating, such as Medium, Low, or Poor. By applying these two filters, you can narrow down the list of apps to only those that are unsanctioned and have a low CCL rating, which indicates that they are risky shadow IT cloud applications being used in your organization. Reference: SkopeIT ApplicationsNetskope Cloud Confidence Index

Three security controls that are offered by the Netskope Cloud platform are: C. cloud security posture management, E. threat protection, and B. data loss prevention for SMTP.
* Cloud security posture management is a service that provides continuous assessment and remediation of
* public cloud deployments for risks, threats, and compliance issues. Netskope CSPM leverages the APIs available from cloud service providers such as AWS, Azure, and GCP to scan the cloud infrastructure for misconfigurations, such as insecure permissions, open ports, unencrypted data, etc. Netskope CSPM also provides security posture policies,profiles, and rules that can be customized to match the security standards and best practices of the organization or industry.
* Threat protection is a capability to detect and block malware, ransomware, phishing, and other cyber threats that may compromise cloud data or users. Netskope threat protection uses advanced techniques such as machine learning, sandboxing, threat intelligence, and behavioral analysis to identify and prevent malicious activities in real time.Netskope threat protection also integrates with third-party solutions such as antivirus engines, firewalls, SIEMs, etc., to provide comprehensive defense across the cloud and web1.
* Data loss prevention for SMTP is a feature that allows you to protect sensitive data that is sent or received via email. Netskope DLP for SMTP can scan email messages and attachments for predefined or custom data patterns, such as credit card numbers, social security numbers, health records, etc., and apply appropriate actions, such as block, quarantine, encrypt, notify, etc., based on the DLP policies.Netskope DLP for SMTP can also support multiple email domains and routing rules for different groups of users2.

In the scenario where a user is connected to a SaaS application through Netskope's Next Gen Secure Web Gateway (SWG) with SSL inspection enabled, the following information is available in SkopeIT:
* User activity, CCL: SkopeIT provides detailed logs of user activities, including actions taken within SaaS applications, and uses the Cloud Confidence Level (CCL) to rate the trustworthiness of cloud applications.
* Account instance, category: It logs information about the specific instance of the account being accessed and categorizes the type of service or application in use, which helps in identifying the context of the user's activities.
* Username, source location: The username of the user accessing the SaaS application and their source location (such as IP address or geographic location) are logged for audit and compliance purposes.
References:
* Netskope documentation on SSL inspection and SkopeIT logging.
* Detailed configuration guides on using Next Gen SWG and the types of data collected by SkopeIT.

To locate information pertaining to a DLP violation on a file in your sanctioned Google Drive instance, you can use the Incidents dashboard in Netskope. The Incidents dashboard provides a comprehensive view of all the incidents that have occurred in your cloud environment, such asDLP violations, malware infections, anomalous activities, etc. You can filter the incidents by various criteria, such as app name, incident type, severity, user name, etc. You can also drill down into each incident to see more details, such as file name, file path, file owner, file size, file type, etc. The Incidents dashboard can show DLP violations for files that are in a deleted state, as long as they are still recoverable from the trash bin of the app. If the file is permanently deleted from the app, then the incident will not be visible in the dashboard. References: Netskope Incidents Dashboard