New Features And Enhancements In Release 109.0.0

Scan File Upload in Slack Teams

Starting this release, API Data Protection for Slack Teams can scan for DLP when a user uploads a file on Slack thread or reply.

However, it is important to note that API Data Protection cannot scan messages posted in thread or reply. This is a limitation in Slack Teams due to lack of underlying Slack API support.

Non-availability Of Exclude User Options For GitHub

The Exclude Users and Exclude User Profile options under Classic API Data Protection Policy for GitHub was incorrectly displayed and hence was not functional. Starting this release, Netskope has corrected the policy page to not show this option. 

Adv UEBA UCI Defaults For Standard UEBA Detections

Netskope periodically adjusts the default UCI score reduction for UEBA detections based on efficacy research. These default scores represent best practice recommendations and can be changed to desired number and corresponding severity at any time. Any non-default UCI configurations made will not change – only the default setting.

With this release, default UCI impact (reduction) for standard UEBA anomalies is adjusted to -5.

Bing AI Post Activity Support

Bing.ai integrated with Microsoft Bing now uses websocket’s for communication. We need to enable WebSocket support for Post activity identification. The Post activity policy needs to be set up through http header based policy.

LinkedIn Activity Coverage

Added support for Like and Unlike activities in LinkedIn application.

LinkedIn Support for Post with AI

With this release, admins can leverage Real-time Protection policies for Linkedin “Post” activities to gain visibility into AI drafts. This new feature ensures that admins can defend against enterprise data exfiltration.

DLP Support For OneDrive

Netskope has added OneDrive for Business multipart support with DLP support for files with sizes less than or equal to 128MB for uploading a file in the OneDrive root folder.

Facebook Ad Manager

The Facebook Ads Manager now includes multi-part support, enabling you to set policies for chunked file uploads.

CCI App Category Changes

Updated the app category for the following:

• Google Keep application from “Consumer” to “Technology”

• Microsoft Sway application from “Consumer” to “Technology”

• “GCP Talent Solution“ will be changed from “Business Intelligence and Data Analytics” to “Job Search/Careers”.

•  “GCP Security Token Service“ will be changed from “Development Tools” to “Security”.

•  “GCP Policy Analyzer“ will be changed from “Business Intelligence and Data Analytics” to “IT Service/Application Management”.

•  “GCP Network Management“ will be changed from “Development Tools” to “IT Service/Application Management”.

•  “Google Cloud Resource Manager“ will be changed from “Business Process Management” to “IT Service/Application Management”.

  For a comprehensive list, see Product Change Notification.

  You need a login credential to access the product change page. If you do not have one, contact Netskope support.

Updated Text Classifiers

Updated text preprocessing and added minimum text size checks for ML-based document classifiers to avoid common false positives.

US Full Names Entity False Positives

Removed several brand-related false positives from the Full Names (US) Entity, such as “Betty Crocker”, “Kimberly-Clark”, “Maxwell House”, and others.

Improve Japanese Date Format Detection

Improved all Japanese date Entities under “Dates/Language Formats (Japanese)”, including adding support for current Reiwa era.

Contextual Password Entity

Updated the “Passwords (Contextual)” Entity to reduce false positives found in Base64-encoded data.

International Passport Number Terms

International Passport Number Terms now includes support for additional languages such as:

• Arabic

• Bulgarian

• Chinese

• Czech

• Greek

• Hebrew

• Hindi

• Hungarian

• Japanese

• Korean

• Nepali

• Russian

• Ukrainian

 Printer Device Control

Endpoint DLP Printer Device Control for Windows and macOS is generally available now. Policies can be created to restrict or allow access to printers based on attributes of the printer or connection.

Justification Message

Events and Alerts generated by Endpoint DLP includes False Positive and Justification messages. If nothing is entered before the dialog expires, the text “Notification timed out. Canceling the activity” appears. If you  dismiss the dialog message, the text “Not entered by user” is used.

MIP Instance Field

Alerts and Incidents generated by Endpoint DLP include the Microsoft Information Protection (MIP) instance fields.

Updated Keyview Directories

The Endpoint DLP libraries that are downloaded from the cloud on install are retained, which prevents them from downloading again, for a new upgraded version.

Sonoma Beta Build

Tested and verified the Endpoint DLP agent on the latest macOS Sonoma pre-release build.

FileFilter Timeout Threshold

The timeout for downloading the Endpoint DLP agent libraries from the cloud on install is  increased to prevent partial downloads and restarts with slow internet connections.

NPA Status Time Stamp

Private Access service on Netskope Windows Client now updates the time of last change of status in registry.
To learn more: Private Access Tunnel Status Update in Windows

Support For Handling DNS type65 (HTTPS)

The Netskope Client using Private Access on MacOS and IOS now forces the OS to fail DNS resolution with type65 ( HTTPS). This option is now enabled by default on new tenants.

Gmail Migration Notification

Netskope has initiated the transition of the current Gmail app from the classic API Data Protection to the Next Generation API Data Protection. During this ongoing migration, the existing Gmail app utilizing the classic API Data Protection will remain fully operational without any immediate action needed. This transition will occur seamlessly, and we anticipate its completion within the coming months. Further details will be provided once the migration is finalized. If you require additional information, please reach out to your dedicated Netskope sales representative.

Support Remediation Action In GitHub From Incidents Page

Next Generation API Data Protection now supports Restrict Access to Internal Collaborators remediation action in GitHub from the Incidents page. This action restricts the access of the file to users within the organization and domains as defined under Settings > Administration > Internal Domains.

You can navigate to Incidents > DLP. Identify a GitHub incident, click it. Click the Remediation Actions drop-down menu, then select Restrict Access > Restrict Access to Internal Collaborators.

Large File DLP and Threat Protection Support

Next Generation API Data Protection supports files up to 128 MB for DLP and threat protection. A few points to consider before enabling this enhancement:

• With large files, there may be increased end to end latency for policy remediation actions.

• Increase in forensics data store size.

Support Email Notification in Policy Wizard

Next Generation API Data Protection now supports email notification in policy wizard. This option is now available under Policies > API Data Protection > SAAS > Next Gen > New Policy. Under Profile & Action, click + Email Notification.

With this enhancement, you can now define an email notification for events in the policy wizard. These notifications, triggered by events like policy violations or alerts, provide administrators and designated user groups with timely information about important activities. You can send a notification to:

• Owner: Creator of the message or file.

• Admin: Admin email that was configured as part of the instance setup.

• Collaborators: Everyone with whom the message or file is shared.

• Selected Users: Specified users.

You can either use the default email template or create a new template for the notification.

This enhancement is extended to:

• Incidents > DLP page: Click an app incident. Under the Restrict Access drop-down, select an option. A pop-up window opens. Select the Notify Users checkbox and the available options to send an email notification.

• API-enabled Protection > CASB API (Next Gen) > Inventory page: Click an app entry. In the details page, under the Take Action drop-down, select an option. A pop-up window opens. Select the Notify Users checkbox and the available options to send an email notification.

To learn more: Create a Next Generation API Data Protection Policy

GitHub Policy Enhancement

Originally, certain data protection policy exposure options were unavailable for GitHub, like User Profile/Internal Domains/External Domains & Anonymous Users/Domain Profiles/Exclusions. This limitation stemmed from Netskope’s inability to retrieve users’ email IDs from GitHub. With the latest update, Netskope can now retrieve users’ email IDs from GitHub, opening up a world of possibilities for improved data protection. But there are some prerequisites:

• SAML SSO Configuration: To unlock this functionality, you must have SAML Single Sign-On (SSO) configured in your GitHub organization.

• Email as NameID: Ensure that the NameID for your SAML configuration is set to an email address.

• Enforced SSO: It’s crucial to enforce SSO for all members within your organization.

Once you’ve met these criteria, Netskope seamlessly retrieves users’ email IDs from GitHub. This breakthrough empowers you to leverage advanced policy exposure options, enhancing your GitHub data protection strategy.

SAML Authentication Refresh Interval

You can now lower the SAML Authentication Refresh Interval to less than a day.

To learn more: Forward Proxy Authentication

Inline Advanced File Scanning Settings

This feature enhances the Netskope settings to support the Large File Support (LFS) related options, enabling users to select their preferred large file and time-out values.

Support For Source IP (Egress) and Source IP (User)

This feature allows users to  create Real-time Protection and SSL Decryption policies based on the User Source IP and Egress Source IP simultaneously.  

To learn more: Real-time Protection Policies and Add a Policy for SSL Decryption

BYOK Support In China DC

This features allows users in China to use their own encryption keys to sign certificates that are used by Netskope to trust devices. 

Disabled Longest Prefix Match For Custom URL Lookup

We can now disable longest prefix match in NG-SWG when matching incoming URLs against URL lists. As a result, the incoming URL will match against all URL lists with a positive match criteria. This is different from the current behavior of matching with the URL list with the longest prefix match.

New Error Page Default Limits

Netskope RBI has introduced a new feature to enhance the user experience when users hit any of the predefined limits that prevent them from opening a webpage in isolation in a new tab.

RBI will show an error page warning the user about the problem and allowing user actions to open an isolated webpage in a new tab, such as closing existing individual isolated tabs or groups of isolated tabs.

RBI has 3 different default limits. Error page appearance and behaviour depends on the limit reached:

Resource consumption limit:

When the RBI container assigned to the user is using more than 80% of its resources, it will prevent opening an isolated webpage in a new tab. Instead, it will show an error page presenting all the tabs the user is currently browsing in isolation, grouped by user’s browser

To free resources and allow opening a new tab, the user can:

• Close individual isolated tabs.

• Close all isolated tabs from the same user’s browser

Sessions limit

A user can browse up to three different sessions simultaneously. A session groups all tabs corresponding to the same user’s browser engine. If a user wants to isolate a webpage in a 4th distinct browser, a warning page will be displayed to close active sessions before opening a new one.

Tabs Limit

Currently, RBI limits to 10 the number of isolated tabs for the same user’s browser (that is, 10 tabs per session).

If a user tries to open an isolated webpage in a new (eleventh) tab, it shows a warning page listing the current isolated tabs in the present session, so user can close one of then to open a new one.

It shows the tabs open in the present session, so the user can close one of then and so, making space to open a new one.

Session and Page Load Improvements

RBI has introduced a new feature to improve RBI session startup time and initial web page load time. RBI has introduced a cache mechanism for the RBI resources required to set up the session. Caching these files will significantly improve page load time (expected 20-25% faster) and bandwidth usage when browsing subsequent webpages in isolation .

Updated menus In SPM UI

SaaS Security Posture Management UI is now updated with separate menus and pages for CSPM and SSPM.

Okta Support

SaaS Security Posture Management now supports Okta app in the product. With this Netskope can help you assess and manage the security posture of Okta. It also comes with set of predefined rules.

To learn more: SaaS Security Posture Management for Okta.

Intune App Support For Microsoft 365

SaaS Security Posture Management now supports Intune as a new resource type for Microsoft 365 app in the product.

Email Notification For Configured SaaS Apps

SaaS Security Posture Management will notify SaaS app administrator via an email whenever SSPM isn’t able to reach the respective configured SaaS app instances.

New Predefined Rules In SSPM

Added 40 new predefined rules. These are for the following categories:

• Apps:

  • Google workspace: 1
  • Zoom: 37
  • Microsoft Entra ID: 1
  • Salesforce: 1

• MITRE ATT&CK:

  • Impact: 1
  • Discovery: 1

• Security Domains:

  • Application: 2
  • Collaboration: 29
  • Authentication: 3
  • Data & File Security: 5
  • Threat Protection: 1

Google Workspace 3rd party app support

SaaS Security Posture Management now provides visibility into and risk profiling of Google Workspace 3rd party apps.

For more information, see SPM Risk Levels – Netskope Knowledge Portal

Crowdstrike EDR Integration

In this release, Crowdstrike EDR integration API call is updated to API v2. The API call for /devices/entities/devices/v1 is migrated to /devices/entities/devices/v2.

Malware Page Improvements

The Malware page (Incidents > Malware) has a new look. You can filters and search for detected threats using various fields including MD5 and detection engine. A separate Detection Engine tab shows all the detections specific to the engine (such as, Cloud Sandbox) as well as the files detected by the specific threat engine.

To learn more: About Malware.

Support For iOS v17

Netskope Client for iOS devices now supports iOS V17 and extends it support for Secure Web Gateway(SWG) and Netskope Private Access(NPA). 

To learn more: Client Supported OS and Platform.

External Browser Based Authentication

Added new external browser base IDP authentication mode based on recommended Apple API. This adds support for FIDO2 authentication.

To learn more: External Browser-Based Authentication.

IPSec in China Data Center

IPSec steering method is now generally available in China DC’s (PVG1, PVG2, PEK1, SZX1).

• Added new topics Netskope Client for Android and Google Workspace under Netskope Deployment options.

• Enhanced content for Android and iOS with zero-touch capabilities using VMware Workspace ONE and Intune.

  • VMware Workspace ONE

    • iOS

    • Android

  • Microsoft Intune

    • iOS

    • Android

• Added new content for Uninstall clients automatically when users are removed from Netskope option available under Client Installation and Troubleshooting in Client Configuration.