New Features And Enhancements In Release 108.0.0

Netskope Library Table View

The following enhancements are made in this release:

• Added a table view to the Netskope Library.
• You can sort by both table and card view and by Name, Popularity, and Last Edit.

Microsoft Office 365 Teams Shared Channel Support

Microsoft recently introduced a new type of channel – shared channel. Netskope API Data Protection for Microsoft Teams can now support appropriate exposure computation for channels that are shared with an entire Microsoft Team. To enable this feature, Netskope requires a new permission to be allowed – ChannelMember.Read.All. To allow this permission, the administrator should regrant the Microsoft Office 365 Teams instance on the Netskope tenant UI.

You can view an entry for an external team user in:

Incidents > DLP page:

Skope IT > EVENTS > Alerts page:

API-enabled Protection > Microsoft Office 365 Teams > <app-instance> page:

Multipart Support For File Upload With Outlook

Inspection of chunked file attachments (greater than 16MB) is now supported for Microsoft Outlook. 

Multipart Upload For Facebook Ads Manager

Inspection of chunked files (greater than 64MB) is now supported for Facebook Ads Manager.

DLP support for Share Activity In DropBox

Added support for DLP inspection on any content  posted in the Add note section while sharing a file using DropBox.

Advance Constraint Support For Generative AI Apps 

ChatGPT, Beautiful.ai, Jasper AI, and Google Bard dedicated CASB inline connector now supports instance detection and from user constraints. 

With this feature, the enterprises can have granular policy control for these apps. They can put appropriate guardrails to manage employee interactions with corporate and non-corporate instances as well as manage access based on user (app) accounts.

App Connector Looker Enhancement

Improved connectors by mapping new user actions to existing activities for DLP support.

Support To Bypass Autopilot

Netskope’s Auth Integration Proxy is now compatible with Microsoft Autopilot for pushing default settings to un-managed device.

Activity Detection and Control for Slack Canvas

Netskope Real-time Protection policies extend support for Slack Canvas. DLP support, Instance detection, and ‘From User’ identification is supported across all activities such as POST, Uploads, Downloads, and Comments made in Slack Canvas.

Instances Tab In SkopeIT

Introduced a tab under SkopeIT > Applications > Instances. This tab provides the consolidated and filtered view of all App instances discovered in the traffic. The admin can also select App Instances from this page to configure by adding a name and an instance tag. Alternatively, the admin can also select a specific instance and a pivot to SkopeIT to view the events generated for a specific app instance.

Dedicated AODocs App Connector

AODocs dedicated app connector is now available providing admins the full visibility and control over sharing of data with the application. The following activities covered:

• Create, Copy, and Delete

• Edit (DLP)

• Share and Move

• Login related activities (supported by Google App Suite)

Reverse Proxy as a Service for AODocs

Added reverse proxy as a service (RaaS) to manage and control the usage of AODocs application by un-managed devices. Admin can define policies to control activities like share, create, and more.
Prerequisites: Google account should be configured to Netskope SAML Proxy / Reverse Proxy.

Reverse Proxy as a Service for AODocs.

App Category Update Of Amazon MemoryDB

Updated the application category for the Amazon MemoryDB app from Iaas/Paas to Cloud Storage.

Custom DNS Server Feature Implementation

Custom DNS server configuration will allow customers configure alternative DNS servers, which can be used to either override original DNS server in DNS request, or use alternative server incase original DNS server is failing.

See DNS Profile for more information.

Multi-User Support

Endpoint DLP now supports per-user installs of STAgent. The respective Netskope user is reported for events that are generated on systems running in multi-user mode.

Severity Threshold Support

Enhanced the alert trigger mechanism to generate alerts when severity thresholds are not met. In prior releases, policy actions were initiated when severity thresholds were met, without generating alerts below threshold.

Device Control Driver

Enhanced the end-user experience by coordinating the installation of the new driver with a system reboot. This prevents devices from being disconnected/reconnected during a driver upgrade.

EDLP Integrity Check

Added additional integrity checks to the Endpoint Protection policy editing pages to prevent creation of invalid policies.

Next Generation SSPM Is Now SSPM

Next Generation SaaS Security Posture Management is now renamed as SaaS Security Posture Management. SaaS Security Posture Management v1 is now deprecated and not supported by Netskope. Other name changes in the product are as follows:

• Renamed API-enabled Protection > Security Posture (Classic) in the left navigation to Security Posture IaaS.
• Renamed API-enabled Protection > Security Posture (Classic) in the header to Security Posture IaaS.
• Renamed Policies > Security Posture > Classic tab to IaaS tab.
• Renamed API-enabled Protection > Security Posture (Next Gen) in the left navigation to Security Posture SaaS.
• Renamed API-enabled Protection > Security Posture (Next Gen) in the header to Security Posture SaaS.
• Renamed Policies > Security Posture > Next Gen tab to SaaS tab.

Enhanced Risk And Permission

Introduced Critical risk level in Risk and Permissions section in Inventory menu, Resources tab.

NPA Windows Registry Status

Private Access service on Netskope Windows Client now updates the status of the tunnel in the registry. To learn more, view Private Access Tunnel Status Update in Windows Registry.

DNS Resolver Query

Netskope Client using Private Access on macOS now forces OS to fallback on the regular DNS resolution regardless of whether the DNS servers are capable of using DNS-over-TLS(DOT/DOQ/DOH).

Enhancement To Remediation Actions On Incident Page

In continuation to the Remediation Action on Incident page feature that was released in version 106.0.0, following are the enhancements in this release:

• When you navigate to DLP > Incidents, click an incident, under Actions, the API Enabled Protection (Next Gen) button is now removed.
• When you navigate to DLP > Incidents, click an incident, under Actions, the API Data Protection (classic) and Next Generation API Data Protection actions are now grouped together under the Restrict Access button.
  
• The Change Owner to a Specific User action is now moved under the Change Ownership button.
  

New Dashboard For Microsoft 365 OneDrive And SharePoint

Introduced a new dashboard page for Microsoft 365 OneDrive and SharePoint. This page provides a high-level overview of total number of files, files with DLP violations, malware-infected files, internal and external users, file exposure, and file DLP violations widget categorized by DLP rule or profile.

To view the dashboard, log into the Netskope tenant UI, navigate to API-enabled Protection > SAAS (NEXT GEN) > Dashboard.

To learn more: Next Generation API Data Protection Dashboard

Enhanced Inline File Type Detection

The enhanced inline File Type Detection capability provides an intuitive policy workflow that allows or blocks files based on a specific file category (for example, binary or executable) or file type (for example, Android Package Kit). This feature includes a default file size of up to 256 MB. If the large file feature is enabled in the tenant, the default file size is increased up to 400 MB.

Increased File Size In Inline Policy 

For inline policies using file sizes only (not file types), you can now enter up to 1024GB for the file size criteria and constraint. Prior to this update, the maximum value was 1.9GB.

Configurable Filter Support In Directory Importer

Directory Importer added a new capability to refine the users and groups to include in the AD response using the group_filter and user_filter options in Active Directory V2. However, it is important to note that since this process does incremental queries, any object that is modified and filtered out due to the applied filter will not be deleted. This option should be limited to attributes that remain constant.

Pagination In Devices User Interface(UI)

Updated the Devices WebUI to display the right number of total count in the Device’s pagination table. The WebUI now displays:

• Device entry count(by Unique Device ID and User)
• Unique device count(by Unique device ID)

To learn more, view Devices.

Enhanced macOS Client Performance

New tenants are now enabled with enhanced MacOS Client Performance feature. This feature is also applicable to Private Access.

Compromised Credentials Email Section

The Compromised Credentials Incidents page has a new option to select specific administrators as recipients of email notifications. This allows granular control for administrators to explicitly define recipients of this email notification versus an entire admin group.

To learn more, view Compromised Credentials.

CASB Inline Protection

Remove Object Support For Edit Activity

Object value field that corresponds to file name in Google Drive application events for Edit activity is deprecated as this value is not available in traffic deterministically.

Renaming Next Generation SaaS Security Posture Management

Starting this release, Next Generation SaaS Security Posture Management is now renamed to SaaS Security Posture Management as SaaS Security Posture Management V1 is deprecated and not supported by Netskope. The documentation has been updated with the new name. Due to this, the documentation URLs for SSPM chapters will change. Navigate to the main page SaaS Security Posture Management.

Explicit Proxy over IPSec and GRE Tunnels

Explicit Proxy over IPSec and GRE Tunnels: Improved the content and structure for EPoT.