New Features And Enhancements In Release 99.0.0

UEBA bulk upload and bulk download detection includes the count of files in a single archive file such as zip.

The Policies page under Behavior Analytics displays View pending changes that shows the policy configuration changes that have not yet been applied. This feature allows the administrator to review one or multiple changes made to the behavior analytics policies prior to applying the changes.

With this release, UEBA policies allows selection by the sanctioned applications configured for the tenant along with applications and application instances.

Netskope added DLP support in SuccessFactors application for Edit, Create, Share, Send and Post activities under Goals, Activity, Performance, Feedback, Recognize, and Absence modules. With this feature you can apply DLP Policies followed by DLP Inspection.

Netskope adds support for the following Google Calendar activities in mobile browser view:

Netskope adds a new field in S3 application events with access_type = third-party-app. This field shows up in events when third party apps try to upload or download files on S3.

Dropbox now allows you to access publicly shared documents, Upload and Download files without sign-in. The instance_id for these activities are identified as “public-link” without a sign in.

Netskope adds instance identification capability for YouTube videos embedded in third party apps.

Updated the GET method by replacing “custom” to “tags” in the /cci/tags output.

Send activity is deprecated for LinkedIn Application.

Netskope updated DLP incidents with forensics to highlight 500 entities.

Netskope adds DLP Support for detecting National ID Numbers for the following 22 countries:

With this release, the Alert & Continue evaluation feature is enabled by default for all tenants. This feature makes it possible to configure Real-time Protection policies with DLP profiles and select a Continue policy evaluation after match option to continue policy evaluation even after a policy match. This feature enables the Netskope Cloud to continue evaluating Real-time Protection policies for additional DLP violations, instead of terminating and exiting policy evaluation after a match.

In order to use the Continue policy evaluation after match option, a Real-time Protection policy must have one or more DLP profiles with one or more actions set to Alert. For policies using this feature, any DLP profile matches with actions other than Alert will result in the termination of policy processing.

Also, given the possibility of multiple DLP profile matches occurring across policies when using this feature, any incidents generated will list all the matched DLP profiles and related policies. In addition, a single policy alert will continue to be generated, however, it’ll also list all the policies that matched.

For Email DLP, you now can configure generic email server types or mail submission agents (MSA’s), such as an on-prem server like Microsoft Exchange. To configure a generic email server, you can add and verify a new MSA in the SMTP settings as well as create Email Outbound policies for it.

To learn more: Configure Netskope SMTP Proxy with a Custom MSA.

Netskope added the following enhancements:

To learn more: Endpoint Data Loss Prevention.

This enhancement allows Netskope Support personnel to access the tenant UI through Netskope IDP when you grant the tenant access.

To learn more: Create a Netskope Support Admin

Netskope includes value for the following fields in the SSL bypass scenario:

Currently many URL lists can be created by admins, but not all of them are used or linked to a custom category. The current behavior is that we evaluate all used and unused URL list causing categorization challenges.

With this change, any unused URL list that is not linked to a category and a policy is not be taken into policy evaluation.

Netskope extends the existing ability to insert headers for applications that honor specific headers to access application instances.

To learn more: Header Insertion

From this release Netskope Private Access supports Publisher Auto-Updates capabilities. This capability is only offered on Ubuntu based publishers.

Some of the device posture criteria are not applicable if the user is a prelogon user. Admin should consider additional controls such as device cert validation or CRL validation for prelogon access.

From this release onwards, newly created tenants get a new ID format for Clients. This ID is reflected in the Admin UI under the Client registration page and is not expected to have any user impact.

With this feature, Netskope Private Access supports the ability to logically group Private Apps with light weight Tags. These Tags are available for consumption in Policy and App definitions.

Role Based Access Control v2 (RBACv2) allows large distributed enterprises to operationalize the administration of Netskope security services with regional or divisional delegation for the Netskope service and implementation to scale.

RBACv2 allows administrators access into different functional areas depending on their role and scope. For example, Firewall (FW) versus Secure Web Gateway (SWG) versus Netskope Private Access (NPA), versus API Protection.

Large enterprise customers have cross functional security and compliance teams that manage different aspects of security functionality. Administration and segregation of duties can be broken down into the following functional access areas:

Netskope Targeted RBI has expanded the list of supported categories to include Newly Observed Domain (NOD). Targeted RBI customers will be able to leverage RBI for safely expanding web access to Domains observed as active in the last 30 days. These domains are potentially malicious, as bad actors use them for malicious activities such as malware hosting and phishing.

NOD has been added to the list of recommended categories in RBI real-time protection policies. It is now available by default in any RBI policy created leveraging the RBI policy creation wizard. You can edit existing RBI policies to add NOD to your isolation real time protection policies.

Netskope RBI enhances RBI template names. Template names are only allowed if the RBI template is not attached to any existing RBI policy.

Prior to this change, you could change the name of an RBI template which was currently assigned to an existing Real Time Protection policy, and the template name was not being updated in the RTP policy.

Netskope enhances the creation of RBI templates from the Real Time Protection policy edition page. This allows you to create a new RBI template inside the policy edition page and attach it directly to the policy.

In an RBI policy you can select + Create RBI Template from the dropdown menu. After creating it is available in RBI template list which can be attached to RBI policy. This limits user interaction while browsing a web page in isolation.

Prior to this change, you could create a new RBI template in an Isolate policy by selecting + Create RBI Template from the dropdown menu. However, it was not possible to attach it to the policy until the changes were applied to the RBI template.

Netskope modifies the list of controls in the RBI template creation to remove File upload and File Download from the list. These controls are now disabled and not editable.

Users can now filter using, ‘Other Categories’, from Skope IT > Events > Page Events.

Malicious URLs are now modified from their original forms in the Netskope UI to prevent inadvertent user detonation.

From this release, Netskope Client supports Android OS version 13. For more information, see Netskope Client Supported OS and Platform

Override access method detection feature flag allows to skip detection of other steering method such as GRE, IPSEC, Secure Forwarder from Netskope Client. Client establishes tunnel regardless of the presence of other steering method.

Netskope Client can bypass DNS traffic for the local or public DNS servers only in All Traffic mode. Other modes such as All Web Traffic is not supported.

In addition to documenting all new and improved features, here is the list of articles with key documentation updates: