New Features And Enhancements In Hotfix Release 97.1.0

RBI Template Name field is added to the page events collection to show that RBI profile names are applied to a policy.

A new UEBA policies page provides granular control for UEBA policies including Machine Learning based policies. For Advanced UEBA policies, it allows the ability to configure severity and corresponding User Confidence Index (UCI) deduction by a specific detection type. Policies can also be filtered by tags (for example, real-time protection, IaaS, NPA) and scenarios (such as malicious insider or compromised device).

Cloud Firewall allows you to control layer-7, non-web applications like File Transfer Protocol (FTP),  Remote Desktop Protocol (RDP), 4shared, and so on. Application detection technology is a signature-based technology that is capable of detecting applications on non-standard ports. You can choose allow or block applications based on the Real-time Protection policies.

To learn more: Real-time Protection Policies.

DNS based security stops attacks at the DNS layer by blocking DNS requests for malicious domains, DNS tunnels, and newly registered domains & DGA-generated domains. You can customize inspection by uploading domain allow or block lists or sinkholing malicious connections. You also can create exceptions to handle resource record types.

This feature is available with IPSec, GRE, or Netskope Client traffic steering methods.

To learn more: Steering Configuration and Real-time Protection Policies.

With Endpoint Data Loss Prevention (DLP), you can configure Device Control and Content Control policies under Endpoint Protection.

Device Control policies enable granular control to configure USB mass storage device access for user workstations or endpoints. Whereas, Content Control policy extends DLP capabilities to inspect and control data movement from a user workstation to a device (e.g., a USB mass storage device).

Endpoint DLP is currently only supported with the Netskope Client deployment method. You must update the Netskope Client to version 97.1.0 or later on Windows 10 or Windows 11 running 64-bit processors.

To learn more: Endpoint Data Loss Prevention.

On Windows clients, Netskope allows you to temporarily disable NPA service from the Netskope Client.

To learn more: Allow Users to Disable Private Apps Access on the Netskope Client.

Netskope Private Access now supports Windows Prelogon capability. With Prelogon, the Windows PC can access internal applications when it is authorized to do so in a policy, even if the user has not logged into Windows. NPA authenticates Prelogon access against a valid device certificate prior to access.

To learn more: Configure Client Prelogon Connectivity.

This release includes enhancements to enable on-premises user access to internal applications.

Netskope Public Cloud Security User and Entity Behavior Analytics (UEBA) helps detect anomalies in user behavior while accessing public cloud services. Key capabilities include:

Netskope introduces Real-time policies on externally-shared Slack channels for Netskope admins. Post activity supports the newly added ‘Channel-type’ and ‘Channel-name’ constraints to enforce policies on specific externally-shared channels in an organization’s Slack Workspaces. 

Slack API integrations powers this channel exposure hence Slack API for Data Protection is a prerequisite for this feature.

As part of this release, Netskope has rolled out a new policy wizard and activity scan for Citrix ShareFile, GitHub, and Workday. Now you can create a DLP policy for the supported apps by navigating to Policies > API Data Protection> Next Gen. For more information, see Next Generation API Data Protection Policy Wizard.

Netskope introduces configurable Isolation settings to provide customers a mechanism to define and apply granular controls. This governs the user interaction in isolated web sites for different risk scenarios ( for example, users or categories). These controls are configured defining RBI templates that can be attached to any new or existing RBI policy. To learn more: Create a Real-time Protection Policy for Isolation (Targeted RBI).

Configurable Controls in this release allows you to enable or disable:

To learn more: RBI Templates

Netskope RBI introduces a new Read-only isolation control that helps in preventing users from leaking credentials and drastically reducing the attack surface for the phishing threats.  

Read-Only prevents the phishing threats by blocking any text input into the isolated page (that is, typing or pasting from the clipboard) while browsing in isolation. Customers enable Read-Only leveraging RBI templates, and apply them to isolation policies.

You will be notified while browsing a Read-Only page in isolation with a warning message when text input is blocked.

To learn more: Isolation in an End User’s Browser.

Netskope RBI introduces new clipboard controls, providing granular configuration to limit the interaction of the end user’s clipboard with the isolated webpage. These controls expand Netskope RBI data protection capabilities to limit data leakage in isolation:

Customers enable clipboard controls leveraging RBI templates, and apply them to isolation policies. End users will not be able to leverage the disabled actions using the contextual menu or shortcuts.

If you have Advanced Threat Protection, Netskope supports patient zero prevention for Real-time Protection. This feature prioritizes security by blocking file downloads by policy until inspected and deemed benign. Additional scan time (up to 10 minutes) is needed for policy matching and file scanning, which is indicated by browser and Netskope Client notifications.

Netskope recommends using patient zero policies with discretion and only for high risk use cases, such as the following:

This feature complements the inline ML-based Portable Executable (PE) classifier in Standard Threat Protection that detects and prevents zero-day threats.

To learn more: Creating a Threat Protection Policy for Patient Zero.

In this release, Netskope updates API calls by extending the backoff time to one hour and adding some randomness.

This was earlier a beta feature. Netskope Client now supports Linux platforms of x86_64 CPU running Ubuntu 18.04 or 20.04. The updated features are:

To learn more: Netskope Client For Linux.

In addition to documenting all new and improved features, here is the list of articles with key documentation updates: