{"id":11332,"date":"2025-01-26T22:10:09","date_gmt":"2025-01-27T06:10:09","guid":{"rendered":"http:\/\/www.sumologic.com\/?post_type=resource&p=11332"},"modified":"2026-03-19T06:36:15","modified_gmt":"2026-03-19T14:36:15","slug":"netskope","status":"publish","type":"resource","link":"https:\/\/www.sumologic.com\/case-studies\/netskope","title":{"rendered":"Netskope"},"content":{"rendered":"\n
<\/div>\n\n\n\n

Results at a glance<\/h3>\n\n\n\n
<\/path><\/svg>Optimized insider threat monitoring program<\/span><\/div><\/div>\n\n\n\n
<\/path><\/svg>Minimized people, tools and time required to monitor for insider threats<\/span><\/div><\/div>\n\n\n\n
<\/path><\/svg>Gained speed and efficiency in identifying insider data exfiltration attempts<\/span><\/div><\/div>\n\n\n\n
<\/path><\/svg>Reduced security risk of insider threats<\/span><\/div><\/div>\n\n\n\n
<\/div>\n\n\n\n

Challenge<\/h3>\n\n\n\n

Knowing that threat actors can come from external and internal sources, Netskope\u2019s security team wanted to implement a practice to monitor for insider threats.<\/h5>\n\n\n\n

Maintaining a strong security posture is essential for Netskope. Referencing 2022 research from the Ponemon Institute that insider threats cost organizations $15.38 million per incident, Sean Salomon, Information Security Analyst at Netskope, commented, \u201cThat\u2019s a lot of money companies aren\u2019t going to want to lose. It’s just not good business and, as a security analyst, it\u2019s not a very pleasant thing to think about.\u201d<\/p>\n\n\n\n

As Salomon mapped out an initial standard operating procedure (SOP) for Netskope\u2019s insider threat monitoring, he could see that a manual process would require too much time, effort and resources. Salomon noted, \u201cA manual approach would have required at least five people, ten tools and a minimum of 90 minutes of human work time per investigation. That’s a lot of resources for an SOP. Plus, what if a request comes in on a weekend or after business hours where there\u2019s less coverage?\u201d<\/p>\n\n\n\n

As an important part of streamlining and automating its insider threat monitoring process, Netskope wanted to adopt a SIEM solution.<\/p>\n\n\n\n

<\/div>\n\n\n\n

Solution<\/h3>\n\n\n\n

For its insider threat monitoring program, Netskope needed rapid and accurate insights into user behaviors that can represent high-risk indicators of insider threats. And the company wanted to automate the process to alleviate resource constraints. This requires investing in real-time data analysis to gain visibility into Netskope\u2019s insider threat activity, and for that, Netskope chose Sumo Logic Cloud SIEM.<\/p>\n\n\n\n

<\/div>\n\n\n
<\/div>
\n \"Sean<\/figure><\/figure>

Sean Salomon<\/p>

Information Security Analyst<\/p><\/div><\/div>

\u201cCloud SIEM enables us to catch these insider data exfiltration attempts early so that we can address them as quickly as possible and limit the impact of a potential insider threat. We get all that information automatically, relying on zero people, zero tabs and just one tool \u2014 Sumo Logic.\n\u201d<\/div><\/div>
\"Sean<\/a><\/div><\/div><\/div><\/div><\/div>\n\n\n
<\/div>\n\n\n\n

Results<\/h3>\n\n\n\n

Automated insider threat monitoring<\/strong><\/p>\n\n\n\n

Built natively in the cloud, Cloud SIEM makes it easy to gain deep security insights with pre-built applications, including out-of-the-box dashboards, queries, and rules. Cloud SIEM ingests data and brings together Netskope\u2019s many data sources, such as endpoint detection and response (EDR), cloud storage and marketing and sales tools, to provide central security monitoring and contextualized insights.<\/p>\n\n\n\n

\u201cLeveraging Sumo Logic Cloud SIEM, the entire standard operating procedure for Netskope’s insider threat monitoring has been completely automated. It significantly cuts down our response time, reduces the chance of human errors and ensures we can make efficient and effective decisions,\u201d said Salomon.<\/p>\n\n\n\n

Robust analysis for data exfiltration attempts<\/strong><\/p>\n\n\n\n

During an insider threat investigation, Sumo Logic enables Netskope to analyze historical data and monitor a user\u2019s current activity. \u201cThere\u2019s always the potential that a user will act against the organization\u2019s best interests when they\u2019re planning to offboard, and Cloud SIEM helps us alleviate this risk,\u201d said Salomon.<\/p>\n\n\n\n

Netskope uses Cloud SIEM’s content management API to detect when users initiate mass data downloads or attempt to share data externally with a personal or competitor’s email address. Of course, there\u2019s also the possibility a user might attempt to copy data to an external USB, and Cloud SIEM monitors for this activity as well. Leveraging the solution\u2019s Search API, Salomon has set up a search job that checks every five seconds to detect if a user has transferred any data to an external USB drive.<\/p>\n\n\n\n

This workflow can take 200-300 actions to automate gathering all the required information. The team no longer needs to connect and share credentials to a variety of API endpoints or a range of different tools.<\/p>\n","protected":false},"excerpt":{"rendered":"

Netskope\u2019s security team wanted to implement a practice to monitor for insider threats. Learn how they reduced risk and minimized the people, tools, and time required to monitor for insider threats.<\/p>\n","protected":false},"author":4,"featured_media":58271,"template":"","meta":{"_acf_changed":true,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","show_popup":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","place_holder_image_url":"","post_reading_time":"2","notification_enabled":false,"notification_text":"","notification_logo":"","notification_expiration_time":0,"is_enable_transparent_header":false,"selected_taxonomy_terms":{"resource-type":[29],"resource-solution":[45,46,56],"translation_priority":[221]},"selected_primary_terms":{"resource-type":[],"resource-solution":[]},"learn_more_link":[],"featured_page_list":[],"notification_enabled_post_list":[],"_gspb_post_css":"#gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList .gspb_iconsList__item__text{margin-left:15px}#gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList .gspb_iconsList__item{display:flex;flex-direction:row;align-items:center;position:relative}#gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList .gspb_iconsList__item svg path,#gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList .gspb_iconsList__item svg path,#gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList .gspb_iconsList__item svg path,#gspb_iconsList-id-gsbp-a617356.gspb_iconsList .gspb_iconsList__item svg path{fill:#2184f9!important}#gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList [data-id='0'] svg,#gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList [data-id='0'] svg,#gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList [data-id='0'] svg,#gspb_iconsList-id-gsbp-a617356.gspb_iconsList [data-id='0'] svg,body #gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList .gspb_iconsList__item img,body #gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList .gspb_iconsList__item svg,body #gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList .gspb_iconsList__item img,body #gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList .gspb_iconsList__item svg,body #gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList .gspb_iconsList__item img,body #gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList .gspb_iconsList__item svg,body #gspb_iconsList-id-gsbp-a617356.gspb_iconsList .gspb_iconsList__item img,body #gspb_iconsList-id-gsbp-a617356.gspb_iconsList .gspb_iconsList__item svg{margin:0!important}#gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList .gspb_iconsList__item__text{margin-left:15px}#gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList .gspb_iconsList__item{display:flex;flex-direction:row;align-items:center;position:relative}#gspb_iconsList-id-gsbp-a617356.gspb_iconsList .gspb_iconsList__item__text{margin-left:15px}#gspb_iconsList-id-gsbp-a617356.gspb_iconsList .gspb_iconsList__item{display:flex;flex-direction:row;align-items:center;position:relative}#gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList .gspb_iconsList__item__text{margin-left:15px}#gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList .gspb_iconsList__item{display:flex;flex-direction:row;align-items:center;position:relative}","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"3185,3180,3170","_relevanssi_noindex_reason":"","inline_featured_image":false},"resource-type":[29],"resource-solution":[45,46,56],"class_list":["post-11332","resource","type-resource","status-publish","has-post-thumbnail","hentry","resource-type-case-studies","resource-solution-case-study","resource-solution-cloud-siem","resource-solution-secops-and-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/resource\/11332","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/resource"}],"about":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/types\/resource"}],"author":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/users\/4"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/media\/58271"}],"wp:attachment":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/media?parent=11332"}],"wp:term":[{"taxonomy":"resource-type","embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/resource-type?post=11332"},{"taxonomy":"resource-solution","embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/resource-solution?post=11332"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}