SBN

Automate URL and File Blacklisting with Netskope and LogRhythm

While many organizations focus on outside threats, network security shouldn’t be neglected. Having greater visibility into the websites people are searching and the files they are downloading in your network should be a priority.

To strengthen your network visibility, LogRhythm released a new SmartResponse™ plugin (SRP) for Netskope that speeds the detection of URLs and files that should be blacklisted and increases your analysts’ investigative capabilities.

Blacklist URLs and Files to Protect Your Network

With the Netskope SmartResponse, LogRhythm helps you gain control over your network. Your analysts can add URLs, files, and SHA-256 hashes that are part of a threat list to Netskope’s blacklisted files to keep your network safe from unwanted links.

For example, if an AI Engine filter detects a URL or file in the system that appears on the threat list, the Netskope SRP can automatically blacklist it, reducing your typical response time.

Automatically blacklist URLs and files

Figure 1: The Netskope SRP lets analysts automatically blacklist URLs and files

Additionally, your analysts can add URLs to Netskope’s blacklist if they discover suspicious files during an investigation, further securing your network.

Add Unwanted URLS to Netskope's Blacklist

Figure 2: Analysts can add URLs to Netskope’s blacklist to prevent unwanted URLs from entering the network

LogRhythm and Netskope in Action

How does the LogRhythm and Netskope integration work? The LogRhythm NextGen SIEM Platform collects and ingests Netskope logs using the using the Netskope API. The logs are then parsed and normalized to the LogRhythm schema. The Netskope SRP uses the Netskope RESTful API to add suspicious URLs, files, and SHA-256 hashes to Netskope’s blacklist and stores a local copy in the LogRhythm List Manager.

If a threat feed indicates questionable browsing habits in LogRhythm, your security analysts can use the Netskope SRP to add the suspicious URL or file to the LogRhythm List and Netskope’s blacklist. Netskope’s integration with LogRhythm is enabled by Netskope Cloud Log Shipper, which pulls logs from the APIs and forwards them via Syslog.

LogRhythm and Netskope integration for blacklisting URLs

Protect Your Network with LogRhythm and Netskope

With LogRhythm and Netskope, your team will have greater visibility into and control over your network and the content employees visit and access. The joint solution gives you the ability to accelerate detection of unwanted and blacklisted URLs, minimizing your organization’s risk.

The Netskope plugin is the latest integration under the LogRhythm-Netskope technology partnership. To download the plugin, visit the LogRhythm Community. To find additional plugins, check out our SmartResponse automation plugin library.

The post Automate URL and File Blacklisting with Netskope and LogRhythm appeared first on LogRhythm.

*** This is a Security Bloggers Network syndicated blog from LogRhythm authored by Angela Romero. Read the original post at: https://logrhythm.com/blog/automate-url-and-file-blacklisting-with-netskope-and-logrhythm/