Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Netskope One Unified SASE Platform Demo

netskope
04/02/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


My name is Michael Ferguson, better known as Fergo. I'm the Director of Security Transformation here at Netscope, and I'm really excited to showcase some of the capabilities of this Netscope One platform, a unified SASE platform for any device. And what this allows us to do is to manage our workdays in the way that we want to. So for myself, I like to start the day at the gym, and that doesn't mean I'm not going to get emails whilst I'm at the gym. So I need to be able to access my phone and make sure that I can do my job. And that means having a Netscope client that is sitting on every single device, whether it's laptops, desktops, but also smartphones, Androids, iOS, or even Chromebooks. So everything is going to be covered and connected. And that means that when I go to my emails, I can receive any email, and I can be protected from any potential malicious malware. Or if I get an email with a link inside of this, I'm actually going to make sure that if it's a malicious file, I can block this. But maybe if it's an uncategorized or newly registered URL, what I can do is put that through the remote browser isolation environment. So as I click on this, it opens up in the browser. But because it's a newly registered domain or it's an unknown risk to me, you can see this little border around the actual browser window, which indicates that that is now in an isolated environment. That means that whilst I can see it, it's making sure that there's no passive or active downloads from that particular website, keeping this device nice and safe. Now, another key feature that I'd want is to be able to connect to any of my private applications. So there are still some applications that are sitting inside of data centers, whether they're ours or in the public cloud, and I need to be able to access them. So you can see here that URL is a private application. It's a private IP address. But that doesn't mean I don't need to sometimes be able to access this and download certain files and view what's happening inside of here, and I can see an actual file. Then I might want to take this and share that file up through a social media application. But because all of this traffic is being sent from this device through that Netscope unified client to the Netscope cloud, I can have a single policy structure that says, should that type of data be allowed to move to a certain type of social application or a certain type of application? So I can see here that that's not allowed. I can't take this confidential file to a social media app, keeping me safe and keeping this information safe. Okay, and another thing I'd want to do is see with this file, I want to be able to upload that to a cloud storage application. So what I can do is I can click on this, select the Google Drive icon, and I can actually select a personal instance of that application. As I try to upload this, we can see that this is blocked. This is prevented from being uploaded to the wrong place. Now, if I take this and move this to my corporate Netscope instance, you can see immediately that it's actually allowed, and I can move that file to the right location. So it's making sure that we are moving the files and the information from any device to the right destinations based on the policy structure inside of your Netscope One tenant. I think that's enough of the gym. I'm going to go back to the office now. We'll pick up later. To showcase how the Netscope One's able to provide you with ultimate visibility and protection, I'm going to now look at my corporate laptop and how it has, again, that Netscope client that is able to steer any website, cloud application, private application through to the Netscope Cloud. But in the same way I was able to look at the different instances on my phone, the Netscope's patented Zero Trust engine is able to look at the different activities that I'm doing in those applications as well. So if I go to one of these apps, let's go to my corporate Google Drive. What I'm going to do here is I'm going to right-click, and you can see here that there's a lot of options that are available of what I might want to do inside of this application. That means that I can maybe delete, edit, create. They're all different activities inside this application. Netscope's Zero Trust engine has the ability to look at over 100 different activities in these various applications, and it has the ability to provide hyper-context, which means if I try to share this file to a Netscope user, this is absolutely fine. If I try to share this now to a Gmail user, you'll notice the pop-up that comes up and educates me that I'm not able to share these files to a non-corporate or non-Netscope user. That's using that Netscope Zero Trust engine to really demonstrate this. Now, the next thing I might want to do is go, well, maybe I don't want to use the corporate Google Drive. Maybe I want to use an application that I've been familiar with that I use at home. Let's say in this case it could be WeTransfer, but there's plenty of PDF converters that are out there or personal file-sharing applications. Netscope's Cloud Confidence Index is a huge library of applications that is able to tell me which applications are of a higher risk. Now, I don't want to stop my users going to these applications because they might want to assess the use of future applications, Expensify or Canva. There's just a whole world of SaaS out there. But I would want to put in place some controls on what they could do inside of these applications. So in this case, I'm going to try and upload a file to a non-corporate application, an application that I deem is having a higher risk to me. And as I do this, you'll see that what happens is I get, again, a pop-up that says, hey, Virgo, this is an unsanctioned application and perhaps we might want to use a more corporate or safer application, something that we've assessed. In this case, we're sending it back to the corporate Google Drive. So it's providing an education to our users so that they are completely covered regardless of what application they're using. Now, the next thing I might want to do is say, well, I still have my old trusty USB stick here. So maybe what I want to do is see if I can move that file over to a corporate, over to that USB stick. But because the Netscope 1 unified client is covering not just external internet traffic with SaaS and web, but also looking at USBs and printers so that I can make sure that this information isn't able to move to the wrong locations, even to a physical destination. Now, from that, I might go, okay, well, how about I try and, you know, I don't need to move the physical file. I'm going to just take a quick screenshot of that file. So if I take this screenshot, what I can then try and do is see if I can just send the image. So most technologies will not be able to look at the text inside of the image or understand the context of what that image is. Netscope has a machine learning engine that has built classifiers specifically for this type of data. It covers things like NDAs, merger and acquisition documents, but also images like passports, driver's licenses, whiteboard images, and screenshots. So again, as I try to move this file, this screenshot file, I get a pop-up. That's because the machine learning engine detects that there's a screenshot, and then the OCR can look at the actual text in there and say, that's a screenshot of sensitive information. Using those two things together, keeping our data nice and safe. Now, of course, I'm starting to get a bit frustrated now. So what I'm going to try and do is use a Tor web browser. This is a web proxy anonymizer, something that usually tries to bypass traditional types of web proxies. And what it uses is non-standard ports as opposed to 80 and 443 to try to get around these traditional applications. So what I'm going to try and do here is connect. But you'll see that the unified Netscape 1 client steers all ports and protocols through to that Netscape cloud where it has a cloud firewall where we can explicitly state these applications that use specific ports would be allowed, but anything that doesn't, and you can see here now, Tor could not connect to Tor because that traffic was not explicitly stated as an allowed firewall application. Now, what we want to do here is say, okay, well, there's other ways that we can move files to cloud applications. Some applications have a thick client. So inside of Slack, you can see it's an application that sits on my desktop, but it's still a cloud application, and Netscape doesn't really mind if it's through a browser or this thick client. It could be sync clients or thick clients that we're using to move our data or access our information. So as I try to connect to a corporate instance of Slack, using this application, I can move the file across, and you can see it's nice and successful. That's the corporate instance. But again, if I try and do this on a non-corporate instance, this time to some colleagues at a third party, I get exactly the same pop-up, making sure that it doesn't matter what device you're using, what applications you're using. Netscape is going to provide you with that ultimate visibility and protection in any location. Actually, what I can see here is a OneDrive link from a colleague, but unfortunately, just based on the time here, I'm going to have to try and take a look at this when I'm outside the office. So whilst I might now be in the airport lounge, my workday hasn't finished. So I want to continue to be protected in any location. So I'm now connecting to the airport lounge Wi-Fi, and the Netscape client has established that connection and is able to protect me regardless. So I remember I've got that third-party instance of Slack where I received a link from my colleague providing me access to a OneDrive account. I go, okay, I want to take a look at this. Netscape is aware that 50% of malware is now being delivered via trusted cloud applications, so it becomes really important that we are able to decrypt all of this traffic where other vendors might want to bypass this because they feel that they might want better performance on those applications. With Netscape One and its new edge architecture, you're not getting a performance trade-off. So we can actually perform that TLS decryption on all this traffic, and as I click this link, you can see that that file is then being scanned with our static analysis, our heuristic file analysis, and our sandbox to ensure that that file is prevented from being downloaded to my machine. Now what I want to try and do is see if I can actually get that file that I was trying to exfiltrate from my phone and maybe move that to my corporate OneDrive account. And as I do this, actually, it says that I've got poor behavior. It's time to improve my behavior. What does that mean here? Well, Netscape One provides over 100 different user behavioral analytics policies that are applied against every single user in the organization, giving them a score out of 100. We look at different behaviors, whether it's insider threat, compromised credentials, to try to determine if that user's account can be trusted, and then we can embed that number, a particular threshold, into our policies so that if I dip below a certain threshold because I've been trying to exfiltrate data across different exit points or downloading malware, it now pivots and prevents me from accessing these applications. So what I'm going to do is try and open up a help desk case and see if I can get somebody to help me on this. And what they're saying is they need my TeamViewer number so that they can make an inbound client access request. So this is something that traditional SSE technologies or ZTNA technologies will struggle with because they make an outbound connection. They establish a connection to their application, and that would mean that you would have to have a secondary VPN client on the device as well. With Netscape One, you have a unified SASE client, which means that for certain applications, in this case TeamViewer, my help desk can make an inbound request and connect in and help me regain access to my applications. It is a single unified platform, giving my users the best user experience, giving me complete visibility and protection in a single client and a single policy structure. That's the power of Netscape One.

TL;DR

  • Netskope One deploys a single unified client across all device types including laptops, smartphones, and Chromebooks, maintaining consistent SASE protection regardless of user location or device.
  • The Zero Trust engine monitors over 100 different activities within cloud applications and provides instance-aware controls that distinguish between personal and corporate accounts for the same service.
  • Machine learning classifiers detect sensitive content in screenshots and images using OCR, while the Cloud Confidence Index guides users toward sanctioned applications rather than blocking outright.
  • User behavioral analytics assign risk scores based on 100+ indicators, automatically restricting access when users exhibit suspicious patterns like repeated exfiltration attempts or malware downloads.

Unified SASE Architecture Across All Devices

This demonstration showcases Netskope One's unified SASE platform capabilities across multiple device types and locations. The platform deploys a single client across laptops, desktops, smartphones, Android devices, iOS, and Chromebooks, ensuring consistent security policies regardless of where users work. The demo follows a realistic workday scenario starting at the gym, moving to the office, and ending at an airport lounge, illustrating how the platform maintains protection throughout. Key capabilities include remote browser isolation for unknown URLs, instance-aware application controls that distinguish between personal and corporate cloud accounts, and real-time data loss prevention that blocks sensitive file transfers to unauthorized destinations.

Zero Trust Engine and Granular Activity Controls

Netskope's patented Zero Trust engine provides deep visibility into over 100 different user activities within cloud applications, enabling hyper-contextual policy enforcement. The demonstration shows how the platform differentiates between sharing files with corporate users versus external Gmail accounts, blocking unauthorized sharing while allowing legitimate collaboration. The Cloud Confidence Index library assesses application risk levels, enabling organizations to coach users toward sanctioned alternatives rather than simply blocking access. Additional controls extend to USB devices, printers, and screenshot detection using machine learning classifiers that can identify sensitive content within images through OCR analysis.

Advanced Threat Protection and User Behavior Analytics

The platform addresses modern threat vectors including malware delivered through trusted cloud applications, which Netskope notes represents 50% of current malware delivery. Unlike vendors that bypass decryption for performance, Netskope One's edge architecture performs TLS decryption on all traffic without performance trade-offs, enabling static analysis, heuristic file analysis, and sandboxing. The demonstration highlights user behavioral analytics that assign risk scores based on over 100 behavioral indicators, automatically restricting access when users exhibit suspicious patterns like repeated data exfiltration attempts. The unified client also supports inbound connections for scenarios like help desk remote access via TeamViewer, eliminating the need for secondary VPN clients.

Chapters

0:00 - Introduction and Mobile Device Protection
1:37 - Private Application Access
3:23 - Corporate Laptop and Zero Trust Engine
4:49 - Cloud Confidence Index and App Controls
6:01 - USB and Screenshot DLP
7:22 - Cloud Firewall and Tor Blocking
8:16 - Thick Client Application Controls
9:18 - Airport Lounge and Malware Protection
10:24 - User Behavioral Analytics
11:19 - Inbound Remote Access Support

Key Quotes

0:15 "... a unified SASE platform for any device ..."
4:15 "Netskope's Zero Trust engine has the ability to look at over 100 different activities in these various applications, and it has the ability to provide hyper-context ..."
9:45 "Netscape is aware that 50% of malware is now being delivered via trusted cloud applications ..."
10:02 "With Netscape One and its new edge architecture, you're not getting a performance trade-off ..."

Categories:
  • » Webinar Library » Netskope
  • » Cybersecurity » Data Security
  • » Cybersecurity » Zero Trust
  • » Cybersecurity » Cloud Security
  • » Data Protection
Channels:
News:
Events:
Tags:
  • SASE
  • SSE
  • Zero Trust
  • Data Privacy
  • Cloud Security
  • Demo
  • Technical Deep Dive
  • SASE architecture
  • Zero Trust Network Access
  • Cloud Access Security Broker
  • Data Loss Prevention
  • Remote Browser Isolation
  • User Behavioral Analytics
  • Cloud Firewall
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Netskope One Unified SASE Platform Demo

              Upcoming Webinar Calendar

              • 07/02/2026
                10:00 AM
                07/02/2026
                Resilience Insights from Hybrid Threats: When the Cloud Goes Dark
                https://www.truthinit.com/index.php/channel/2011/resilience-insights-from-hybrid-threats-when-the-cloud-goes-dark/
              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting an Elite Security Team to Achieve Championship-Level Defense
                https://www.truthinit.com/index.php/channel/2025/crafting-an-elite-security-team-to-achieve-championship-level-defense/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in AI Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-ai-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/21/2026
                01:00 PM
                07/21/2026
                HUMAN Dialogue: Insights from Attackers During the FIFA World Cup
                https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-during-the-fifa-world-cup/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Strategies for Mastering the DPDP Framework
                https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-mastering-the-dpdp-framework/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                02

                Resilience Insights from Hybrid Threats: When the Cloud Goes Dark

                07/02/202610:00 AM ET
                • Jul
                  09

                  The HUMAN Experience: Empowering Agentic Trust in Practice

                  07/09/202601:00 PM ET
                  • Jul
                    14

                    Crafting an Elite Security Team to Achieve Championship-Level Defense

                    07/14/202601:00 PM ET
                    • Jul
                      14

                      Understanding the Crucial Role of Context in AI Data

                      07/14/202602:00 PM ET
                      • Jul
                        21

                        Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                        07/21/202604:00 AM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version