Netskope details Cloud TAP enhancements and integrations with NDR partners

Netskope has enhanced its Cloud Test Access Points (TAP) capability within the Netskope One platform, enabling enterprises to capture and analyze egress traffic from remote users and offices via over 75 global data centers. This update facilitates integration with existing security and networking tools, providing critical visibility for troubleshooting, performance assessment, threat detection, asset discovery, and compliance.

Research overview

The Cloud TAP feature leverages the Netskope NewEdge network, which spans 220 countries, supplying security and operations teams with encrypted traffic packet captures and session keys. These captures can be decrypted within secure cloud environments, supporting third-party products such as Network Detection and Response (NDR) and Network Performance Monitoring (NPMO) (NPM).

This integration capability responds to the growing need for extended visibility into cloud-hosted and distributed enterprise networks and complements traditional on-premises (on-prem) traffic capture solutions.

Product update

Netskope has developed partnerships with several technology providers to enhance the capabilities of Cloud TAP. Integrations enable these partners to ingest high-fidelity network traffic captures, improving threat detection and response times by combining packet-level data with their analytics platforms.

These collaborations are positioned to expand, indicating Netskope's ongoing commitment to ecosystem development.

Technical breakdown

Partner integrations

Arista's Data ANalyZer (DANZ) platform integrates with Cloud TAP, enabling aggregation of client or branch network traffic with on-prem TAP solutions for comprehensive security analysis.

Corelight combines Cloud TAP's network packet evidence with its Open NDR platform to provide enriched data for threat identification and incident management.

Darktrace consumes encrypted traffic, packet captures, and session keys from Cloud TAP, applying its Artificial Intelligence (AI) models to this data for enhanced behavioral analysis.

ExtraHop receives encrypted traffic and session keys from Cloud TAP for decryption and deep analysis within its RevealX solution, with findings fed back to Netskope via Cloud Threat Exchange for enforcement.

NetWitness utilizes decrypted traffic and session keys from Cloud TAP to provide detailed visibility into Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), and web usage for security and compliance operations.

Vectra AI incorporates packet broker metadata from Cloud TAP within its Extended detection and response (XDR) platform, improving hybrid threat detection and coordinating responses with Netskope.

File management and threat sharing

Cohesity integrates with Cloud TAP to securely store encrypted traffic packet captures and session keys, facilitating resilient analysis for threat detection and compliance.

Commvault leverages Cloud TAP's secure data transmission to provide durable storage and advanced analysis capabilities, supporting cyber resilience through shared threat intelligence exchanges with Netskope.

Operational impact

The Cloud TAP integrations address gaps created by the adoption of cloud-hosted security platforms, offering enterprise teams essential data for advanced threat detection, NPMO, and regulatory compliance.

By enabling seamless interaction with established NDR and networking solutions, the integrations help unify security intelligence and improve operational efficiency in managing distributed environments.

This approach supports the development and maintenance of zero trust security architectures informed by comprehensive visibility across user activities and network traffic.

This Blog Signals brief summarizes the vendor blog factually and aims to inform enterprise IT and security decision-makers about the updates in Netskope’s Cloud TAP functionality and partner ecosystem integrations.