Docy

New Features And Enhancements In Release 101.0.0

New Features And Enhancements In Release 101.0.0

Here is the list of the new features and enhancements.

API Data Protection
Enhanced SharePoint Site Search

Enhanced the Search sites functionality to support while searching for sites with exact match of Site UID. This is in addition to the currently supported site search with prefix.

Malware Detection for ServiceNow

Netskope API Data Protection now supports malware detection for files and attachments in ServiceNow. You can navigate to Settings > Configure App Access > Classic > SaaS to enable this feature. Click the ServiceNow app and under the instance setup window, enable the Malware checkbox.

ServiceNow_Malware.png
Audit Support For Outlook Using O365 Management Activity API

Netskope API Data Protection now supports audit events for Microsoft Office 365 Outlook. To enable this feature on your existing Netskope account, re-grant the Microsoft Office 365 Outlook app under Settings > Configure App Access > Classic > SaaS > Microsoft Office 365 Outlook.com. Once you re-grant, the following new Office 365 Management API permissions are available :

APIPermission TypePermission NameDescriptionNetskope Use Case
Office 365 Management APIDelegatedActivityFeed.ReadRead activity data for your organization.Audit logs.
ApplicationActivityFeed.ReadRead activity data for your organization.
ApplicationActivityFeed.ReadDlpRead DLP policy events including detected sensitive data.
ApplicationServiceHealth.ReadRead service health information for your organization.

After re-grant, you can view the Microsoft Office 365 Outlook audit events under Skope IT > Events > Application Events. To learn more: Microsoft Office 365 Outlook Audit Events.

Change in Microsoft Office 365 OneDrive for Business and SharePoint Sites Apps Permission

Recently, Netskope API Data Protection switched from using the Azure Active Directory Graph API permissions to Microsoft Graph API permissions as recommended by Microsoft. Netskope API Data Protection will no more use the following Azure Active Directory Graph API permissions:

APIPermission NameDescription
Azure Active Directory Graph APIDirectory.Read.AllRead directory data.
User.ReadSign in and read user profile.

You can view the updated list of permissions for Microsoft Office 365 OneDrive for Business & SharePoint Sites here:

To reflect this change, log in to your Netskope tenant, and re-grant the Microsoft Office 365 OneDrive for Business & SharePoint Sites apps.

Support ServiceNow Tokyo Version

Netskope API Data Protection validated support up till ServiceNow Tokyo release.

CASB Real-time Protection
Synthetic Resource And Triggers

Netskope adds synthetic resource and synthetic triggers to all the resources where from_user was missing. Prior to this enhancement, there was dependency on DB lookup to extract from_user. With this update, there is no from_user in database, and same results are fetched using synthetic query.

Name Change For Rename Activity

The activity name for renaming and moving a file or folder in the Dropbox application is changed from Rename to Edit.

Amazon S3 Connector Side Changes

In Amazon S3, file uploads happen in portions when file sizes are larger than 8.3 MB and 17 MB for the CLI platform and the browser platform, respectively.

Previously, large files did not support file size policies due to limitations on handling larger file upload. Netskope addressed this issue with additional support for file size-based policies through the multipart feature.

App Connector Changes For Access Key ID

Netskope adds an access key variable to all the activities of the AWS services. Access keys are long-term credentials for an IAM user or the AWS account root user. Access Key ID uniquely identifies an AWS User that will be displayed in the AWS events.

Yahoo Mail UploadAndSend Activity

Previously, in Yahoo Mail, Send and Upload activities occurred in the same packet. Netskope introduces UploadAndSend activity to eliminate this occurrence.

Instance ID Changes

Netskope updates the following for Zoom real-time protection:

  • instance_id logic extraction for non-signed in users
  • When an unautheticated user performs any activity, then the instance_id value is “unauthenticated”.
  • For an unauthenticated user, currently supporting activities are File Upload and Download from chat or meeting option.
Olark Application Update

Netskope extends support for the following activities:

  • Post Message
  • Edit User
  • Delete Group
  • Create Group
Cloud Confidence Index (CCI)
New iOS Versions in Device Classification For iOS

Netskope updates the Minimum OS Versions dropdown list in Device Classification with new iOS versions: 14, 15, and 16.

CCI Tagging Update

Deprecated the option “Apply CCI Tags” from Skope IT > Applications page. CCI Tags can be applied from the CCI app management page.

CCI App Page Update

Netskope adds certain usability enhancements to the CCI user interface (UI) for easy consumption of information from CCI. Some of the key enhancements are as follows:

  • Granular App details: Activity, DLP, and Threat Protection coverage.
  • Context on discovered Instances for an app.
  • Improved free flowing intuitive navigation across all attributes.
  • Improved navigations and workflow for app comparisons and score customisation.
  • Capability to submit requests for new app, app info updates, and reporting an app breach.

Note

App HQ Location and Pricing is deprecated and removed from the App Information page.

This is a Controlled General Availability (formerly known as Limited Availability) feature. Contact your Netskope sales representative or support to enable this on your tenant.

Data Protection
File Extension Update

Email from the SMTP proxy is saved to forensics as part of the original file download feature with .eml extension.

Source Code Entity Detection Enhancement

Enhanced Source Code (Any) Entity to detect incomplete portions of long code blocks.

Removed Terms From Profanity Entity

Removed derrière and tushy from the Inappropriate Language (English; Biological) entity due to unreported but potential false positives.

Updated Name Entity

Reduced multiple false positives in the Full Names Entities for Spain (ES), UK, and International as well as the Last Names entities for U.S and International.

Updated Password Entity

Netskope updates the Passwords (Common) Entity with better password detection such as ‘n3t5k0pe1’. In addition to the efficacy benefits, the improvements allow for optionally less reliance in DLP Rules on Passwords (Secure) that are naturally more prone to false positives.

This also updates the Private Keys (Generic, Begin) Entity, adding support for BEGIN OPENSSH PRIVATE KEY.

Spanish Bank Account Number Entity

Netskope adds support for Spanish domestic bank account numbers, known locally as “código cuenta cliente” or simply “CCC”. Also adds the “ccc” terms-based Entity.

Bank Account Number Entities

Netskope enhances support for bank account number related terms for the following countries:

  • Austria
  • Belgium
  • Bulgaria
  • China
  • Czechia
  • Denmark
  • Greece
  • Hungary
  • Ireland
  • Isle of Man
  • Latvia
  • Lithuania
  • Malaysia
  • Poland
  • Portugal
  • Puerto Rico
  • Romania
  • Russia
  • Sweden
  • Switzerland

Added the entities supporting bank account numbers for the following countries:

  • Belgium
  • Czechia
  • Denmark
  • Finland
  • Greece
  • Hungary
  • Ireland
  • Isle of Man
  • Malaysia
  • Poland
  • Portugal
  • Puerto Rico
  • Russia
  • Sweden

Netskope adds a contextual Entity for Austria that detects konto and BLZ terms and numbers in tight proximity.

The UI navigation for Bank Account Number Entities within “Bank Account Numbers (by Country)” has been changed in order to group Entities together for the same country.

The UI navigation has changed slightly for a few other categories, mainly “Personal Names”, “Postal Addresses”, and “Regional Identifiers”. For example, the “Personal Names (FR)” menu item has been renamed to “Personal Names (France)”. The alphabetical  order is also altered within the menu, allowing “France” to come before “Germany” and “Spain”, as opposed to the previous order of “DE”, “ES”, and “FR”.

AND Logic Support For Fingerprint And DLP Profiles

Enable logical “AND” of a set of content inspection rules with a set of fingerprint rules for DLP profiles.

Note

This is a Controlled General Availability (formerly known as Limited Availability) feature. Contact your Netskope sales representative or support to enable this on your tenant.

AND Logic Support For Two DLP Rules

Enable logical “AND” of a set of content inspection rules with another set of content inspection rules for DLP profiles.

Note

This is a Controlled General Availability (formerly known as Limited Availability) feature. Contact your Netskope sales representative or support to enable this on your tenant.

To learn more: Create a Custom DLP Profile.

Endpoint DLP (EDLP)
Device Constraint Fields

The fields in USB Device Constraints are now AND’ed together. It is now evaluated as “Manufacturer AND Device ID AND Model AND Serial Number”.

To learn more: Constraint Profile.

Mute Similar User Alerts

Netskope updates user-alert popup dialog with checkbox labeled as Apply to the remaining files. On selecting this checkbox, any action by the same user, using the same application that results in a user-alert for the same policy is suppressed for the next 10 minutes.

Alerts, Events, and Incidents are created for the suppressed alerts, and the justification and action are copied from the original user alert.

Updated Default Pause Time

In the Device Health page, the Endpoint DLP service may be paused for an endpoint. The intention is to allow users to have temporary exceptions to policy enforcement. The time for enforcement it is paused has been changed from 5 to 30 minutes.

To learn more: Devices.

System Reboot Status

If device control cannot initialize correctly without a reboot, the status is reported to the admin informing that a WebUI management console reboot is required.

Netskope DLP Service

When installing the Netskope Client, the Endpoint DLP Service is registered with Windows as Netskope DLP Service. The Netskope DLP Service is registered as Disabled in the service control manager, configure and start it to make use of this feature.

Device Control Policy Enhancement

Phones (iOS and Android) do not support “Read-Only” actions when connected as USB storage devices. If an Endpoint Device Control policy with a “Read-Only” action matches on a phone device, the device is blocked. A warning has been added to the Policy Editor page to remind policy authors of this restriction.

To learn more: Endpoint Data Loss Prevention.

Netskope Secure Web Gateway (NG SWG)
Transaction Field Event Name Change

Netskope renamed the following fields from:

  • x-headers-name to x-sr-headers-name
  • x-headers-value to x-sr-headers-value
Transaction Event Format 2

Netskope added more than 30 SSL related fields to Transaction Events format to increase the visibility of SSL policy and SSL engine actions. The following are the updated topics:

  • SSL policy: The decision of the policy engine or SSL error settings.
  • SSL Certificate : Details of the certificate and whether it is valid.

    Note

    x-r-cert-revocation-check is reserved and is always empty.

  • SSL Engine: Details on the analysis performed by the SSL Engine:
    • Errors found in SSL negotiation.
    • The action done and reason in SSL communication.
    • The TLS and cipher versions.
    • JA3 and JA3S fingerprints.
  • – x-cs-tunnel-src-ip: Public IP of the user

To learn more: Transaction Event Fields

Note

This feature is in Beta currently. Contact your Sales Representative or Support to enable this feature.

Transaction Event Format 3

Netskope added transaction event format 3 with approximately 60 fields.

  • Connection: IPs and ports of the user and remote server.
  • HTTP:
    • XFF headers in Connect and other methods
    • Host, Port, and User-Agent in Connect method
    • Http full URL and HTTP version
  • Application and File topics: The information in Application Event is visible in Transaction Event.
  • General: Add general error notification `x-error` and local time `x-c-local-time`.
  • 5 Real Time Policy: The information about Realtime Policy evaluation.

To learn more: Transaction Event Fields

Note

Some fields are not populated currently.

This feature is in Beta currently. Contact your Sales Representative or Support to enable this feature.

On-Premises Central Authority Support for TLS Decryption

You can now connect to the on-prem hosted HSM/key manager to get the proxy emulated certificate signed for TLS decryption without uploading or providing an intermediate certificate/key to Netskope.

To learn more: Certificates

Note

This is a Controlled General Availability (formerly known as Limited Availability) feature. Contact your Netskope sales representative or support to enable this on your tenant.

Generic Header Insertion

Netskope enhances the generic header insertion feature to support Inserting multiple custom headers for a given application. If an application supports more than one header, an admin can select all of them in a single flow instead of creating multiple header profile for the same application.

To learn more: Header Insertion

Note

This is a Controlled General Availability (formerly known as Limited Availability) feature. Contact your Netskope sales representative or support to enable this on your tenant.

Block Single Destination IP

Block single destination IP is now available and will be enforced on all tenants in version 103.0.0.

Netskope supports applying SSL Do Not Decrypt policies and Real-time Protection policies based on destination IP addresses. Destination IP addresses can be configured in custom URL lists.

To learn more: URL Lists

Updated Application Event And Malsite Alert

Netskope adds JA3 and JA3S to Application Events and Malsite alert.

 JA3 with JA3S is a method to fingerprint the TLS negotiation between a client and server. This combined fingerprinting can assist in producing higher fidelity identification of the encrypted communication between a specific client and its server. These fields are available for TLS decrypted traffic.

File Type Detection

Netskope improved the logic in order to detect file type efficiently.

Localization Zones

Internet content providers (such as websites) and SaaS providers often use users geographic information to make content localization decisions.

Netskope’s ‘Localization Zones’ feature addresses this well known problem of content localization. It helps users located in countries or regions where Netskope doesn’t have an in-country data center to get content that is local to them in terms of language and relevance.

Note

Contact your local sales team or Netskope support to enable this feature in your account.

User/User-Group/Organization Unit(OU)/ Exclusion In Real-Time Protection Policies

You now can exclude users, user groups, and organizational units when configuring the Source field in Real-time Protection policies.

Netskope-Real-Time-Protection-Policy-Exclusions.png

To learn more: Real-time Protection Policies

Netskope Private Access (NPA)
Host Limit Update

With this release, the admin can specify up to 500 hosts in the Private Application definition.

Client-less Access Failure Error Notification

Netskope enhances error notification to Client-less access failure cases by providing more context regarding the cause of failure.

SRP Information

Netskope updates the following SRP information in Troubleshooting page:

  • SRP Size
  • Number of host definitions in the SRP
  • Number of publishers in the SRP
  • Private app tags referenced in the SRP
CGNAT Address Space

Netskope introduces a feature flag to control NPA client for resolving private app hosts as CGNAT addresses 100.64.0.0/16 instead of 191.1.0.0/16.

Next Generation API Data Protection
Support New Policy Action on Workday

Next Generation API Data Protection has introduced a new policy action for the Workday app – Change Owner to a Specific User. When you select this action and a policy violation occurs, Netskope changes the ownership of the file/folder to a specific user as entered in the policy wizard.

Workday_Change-Ownership-Specific-User.png

To learn more: Create a Next Generation API Data Protection Policy.

Support DLP Scan on Zoom Channel Message

Next Generation API Data Protection can now support DLP scan on channel messages in a Zoom meeting. To learn more: Activities Monitored by Netskope.

Remote Browser Isolation (RBI)
Enabled RBI configurable settings

RBI configurable settings (RBI templates) were introduced in the release 97.1.0, and required a Netskope representative to enable the feature in your tenant. From this release, RBI configurable settings (RBI templates) is enabled by default for all RBI accounts.

221204-1.png
221204-2.png

With Remote Browser Isolation (RBI) configurable settings (RBI templates), admins can configure isolation settings to define and apply granular controls that govern the user interaction in isolated web sites for different risk scenarios (that is, users or categories). These controls are configured defining RBI templates that can be attached to any new or existing RBI policy, which customizes end users experience in isolation.

221204-3.png

To learn about the RBI configurable settings, view RBI templates.

Action Isolate Filter

Netskope enhances SkopeIT filters to include Isolate as a valid action in all events that include Action field. This feature helps to easily filter RBI related events for Page Events, Application Events and Alerts in SkopeIT.

209843.png
Threat Protection
Detection for Phishing URLs & Domains

Gen.DetectBy.NetskopeAI.Phishing is a new alert name introduced to the inline Threat Protection scanning enabled for accounts with real-time Threat Protection policies. This detects a phishing site using Netskope’s machine learning capabilities. Like malsite detections, you can open a support case and override with custom category if detection efficacy issues are encountered.

Hiding Native App Alerts

The Malware incidents page no longer displays alerts and blocking actions discovered by Netskope from third-party applications. However, these Native App alerts are still available in SkopeIT, and you can see them in Malware Incidents by searching the following malware names:

  • Gen.Malware.Detect.By.App
  • Gen.Malware.Detect.By.App-abuse

To learn more: About Malware

Traffic Steering
Client Upgrade Occurrence

This enhancement reduces the occurrence of Windows Client upgrade during system shutdown

WBEM Query Permission

Netskope enhances internal error handling by using CoSetProxyBlanket to set correct permission for each WBEM query.

Block Template

Netskope enhanced MAC block notification dialog display layout.

Linux Client Support

Netskope Client supports the following:

  • Linux Mint versions: 19, 20, and 21
  • Ubuntu 22.04 LTS

To learn more: Netskope Client Supported OS and Platform.

Client Support For New Versions Of Windows 10 and 11

Netskope Client now validates and supports SWG/CASB feature validations for:

  • Windows 10, version 22H2
  • Windows 11, version 22H2
enableAirDropException flag

Added a new feature flag ‘enableAirDropException’ for AirDrop in macOS.

Bypass IPv6 Traffic

With this enhancement, Netskope Client bypasses the IPv6 DNS traffic.

Note

This enhancement is applicable only for DNS security feature.

To learn more: Netskope Client Support in Cloud Firewall

Netskope Client Library Updates

Netskope upgrades the old third-party libraries to OpenSSL 1.1.1q and cURL 7.86.0.

certutil.exe Binary Update

Firefox does not use system certificate store. It maintains separate cert database file in each Firefox profile.

Agent uses Mozilla’s NSS tool certutil for installing CA cert in Firefox certificate DB. Certutil binaries are signed and hosted on Provisioner and downloaded by Agent if required. Certutil binaries signature have expired for Windows and are re-signed using SignTool.exe with netskope cert.

Steering Configuration Preferences

Netskope enhanced the following for the Steering Configuration Preferences:

  • Removed the Skip this updateoption from the new predefined certificate-pinned application notification.
  • Renamed the Skip option to Default only (bypass) in Review Updates For Certificate-Pinned Apps window.
  • Removed the New word in the Review Updates For Certificate-Pinned Apps window.

To learn more: Configuring the Steering Preferences

User And Date Modification

Netskope enhances WebUI to validate the User and Date modification for Client configuration. When dragged from top to middle it updates all the configuration that appears above the dragged one.

Traffic Steering Tab Rename

Renamed Traffic Steering to Tunnel Settings in Client Configuration to remove duplicity.

TunnelSettings_101.png

To learn more: Netskope Client Configuration

Steering Configuration Enhancements

The Steering Configuration page is more easy to navigate through with the new action options. For each default and custom steering configuration, you can click View Steered Items to see the Steered Traffictab or click View Exceptions to see the Exceptions tab.

To learn more: Steering Configuration

Intrusion Prevention System (IPS)
Client Traffic Exploit Prevention Renamed to Intrusion Prevention System

Netskope renamed Client Traffic Exploit Prevention (CTEP) to Intrusion Prevention System (IPS) throughout the Netskope user interface (UI). The UI continues presenting alerts as CTEP alerts in SkopeIT until a later release.

To learn more: Intrusion Prevention System

IPS Action Name Changes

Netskope changed the IPS event actions to match the terminology of other Netskope alert types. For example, Allowed and Blocked were changed to Allow and Block respectively.

To learn more: About Alerts

Additional Documentation Updates

In addition to documenting all new and improved features, here is the list of articles with key documentation updates:

Share this Doc
In this topic ...