New Features And Enhancements In Release 100.0.0
New Features And Enhancements In Release 100.0.0
Here is the list of the new features and enhancements.
DLP Incidents Page Enhancements
Netskope API Data Protection updated the following:
- On the DLP Incidents page (Incidents > DLP), the Acting User field is changed to Last Modified By. This denotes the user that made the latest changes to the object/file when Netskope processed it.
- The File Owner is the creator of the object/file in the application.
To learn more: About DLP.
Note
The above changes only apply to DLP incidents generated post the roll out of this enhancement i.e., release 100.0.0. This doesn’t affect/modify DLP incidents generated before release 100.0.0.
Custom Tombstone in Quarantine Profile Enhancement
Netskope API Data Protection has added support for ms-excel (.xls) and ms-powerpoint (.ppt) MIME type as custom tombstone files. In addition, a custom tombstone text can now be applied on an ms-excel (.xls) file type.
Note
A custom tombstone text cannot be applied on an ms-powerpoint (.ppt) MIME type. Netskope applies the default tombstone text on an an ms-powerpoint (.ppt) MIME type.
Microsoft Office 365 SharePoint Site Exclusion Enhancement
Note
This is a controlled General Availability feature. Contact your Netskope sales representative/support to enable this on your tenant.
Netskope API Data Protection has added support to exclude Microsoft Office 365 SharePoint site(s) from the policy wizard page. When excluded, the policy will skip scanning the site(s).
Note
It is important to note that the site(s) added to the exclusion list will be included for policy processing within a retroactive scan. This is a known issue and a fix is on the way soon.
New Custom Table Support in ServiceNow
Note
This is a controlled General Availability feature. Contact your Netskope sales representative/support to enable this on your tenant.
In addition to default tables, API Data Protection now supports custom tables in ServiceNow. Follow the instructions in Configure ServiceNow for API Data Protection and then navigate to Policies > API Data Protection and configure a ServiceNow policy. Under Content > Select Objects, the UI should list the custom table(s).
AWS Connector Support
Enhanced AWS Connectors to provide coverage for Gov Cloud.
Google Cloud Storage Support
Prior to this release, files from Google Cloud Storage was accessed and downloaded without authentication over public links which were not mapped to any Instance ID.
To address this gap, public-link will be added as a placeholder Instance ID for cases where the downloads are happening over unauthenticated public links and Instance Identification is not possible.
This provides admin the ability to take specific enforcement actions for unauthenticated public link downloads as required.
Google Firebase Storage Connector
Netskope adds Google Firebase storage application connector with the support for the following activities:
- Create
- Edit
- Delete
- Upload
- Download
Slack Instance_id Update
This feature when enabled uses the Slack Workspace Id as the Instance in Netskope policies for Download events.
Note
For all other events except Download, the Slack Workspace Name should be used as the Instance in Netskope policies.
This is currently behind a feature flag. Contact your Sales Representative or Support for more details and enablement.
URL Categorization For Baidu Application
Netskope updates all the Baidu applications as per their category.
Response Header Support
Netskope adds x-robots-tag response header to prevent crawlers and indexers from indexing the rproxy pages.
Additional Information For SAML HTML page
The SAML HTML error page is updated to be more verbose for fast and easy resolution.
Application Category Modifications
Netskope updates the application category for:
- Acronis app from Cloud Backup to Security.
- Hightail app from Cloud Storage to Collaboration.
UN Entity Name Updates
Netskope:
- Updates the region tags for Russia and Ukraine to reflect Europe instead of Asia, in accordance with UN classification.
- Replaces the entity references for Turkey with Türkiye, as per the UN adoption of the name change. Ad hoc entity searches still continue for the term “Turkey” indefinitely.
- Detects “æ±äº¬å¸” (“Tokyo”) for the “Localities (JP; Cities)” entity.
Case Sensitive Support for File Profile
When configuring a File Profile, you can now enable the Case Sensitive switch to allow case matching for file names or extensions. Netskope enables this setting by default.
To learn more: Adding a File Profile.
UI Policy Export
The policy export button supports the ability to export the Real-time Protection policy via the CSV or JSON formats. This download exports the policy based on the current administrator’s access level.
Passport Entity Support
Netskope adds the following:
- Passport Numbers and Passport Number Terms entities for the following 17 countries:
- Belgium
- Bulgaria
- Switzerland
- China
- Czechia
- Denmark
- Greece
- Hungary
- Ireland
- Isle of Man
- Latvia
- Lithuania
- Malaysia
- Poland
- Portugal
- Romania
- Sweden
- Regional Identifier entities for each of the 27 European Union member states detecting country names and adjectival and demonymic forms such as “Germany” and “German”.
- Austria Passport Number Terms.
National ID Entity Support
Netskope adds the following:
- 27 new National ID Number Terms entities to the following countries:
- Austria
- Bulgaria
- Croatia
- Czech Republic
- Denmark
- Estonia
- Finland
- Greece
- Hungary
- Iceland
- Indonesia
- Latvia
- Lithuania
- Macau
- Malaysia
- Norway
- Poland
- Portugal
- Romania
- Serbia
- Slovenia
- Sri Lanka
- Sweden
- Switzerland
- Thailand
- UAE
- Venezuela
- English updates to the existing National ID Number Terms entities for the following 11 countries:
- Belgium
- Chile
- China
- Colombia
- Dominican Republic
- Hong Kong
- India
- South Korea
- Spain
- Taiwan
- Türkiye
- A new generic Nonspecific ID Numbers entity, which detects various forms of “id” with optional number indicators, such as “id#”, “id no.”, “id num”, and “id number”. Netskope recommends only using this entity for rules with extremely close proximity to other entities or for custom entities.
Enhanced Behavior for Endpoint Content Control Policy Alerts
Netskope enhances Content Control policies behavior that does not contain a File Profile, File Origin, or DLP profile with the Action set to Alert. Before, these policies generated alerts and incidents for all files copied to a USB device, now these policies generate alerts and not incidents.
Block WebDAV Access
Netskope Cloud Real-Time Protection policies now provide the ability to control access to WebDAV traffic, by providing the ability to configure WebDAV extension methods and headers under HTTP Header Profiles.
HTTP Header Profiles
Netskope enhances the HTTP Header Profile feature with new capabilities, such as new header support, regex, etc.
To learn more: HTTP Header Profile
Inline Policy File Size Update
You can create file-size-only Real-time Protection policies for files up to 1024 GB. Prior to this update, the limit was 1.9 GB.
Note
This is a Controlled General Availability feature. Contact your Netskope sales representative or support to enable this on your tenant.
NPA AOAC Support
When NPA Windows Prelogon from WebUI is enabled, Client treats AOAC support as enabled. If prelogon is not enabled, AOAC support is controlled by the feature flag AOAC Support for Windows 10.
Policy Wizard Enhancements
Netskope has rolled out the following policy wizard enhancements:
- User profile filter: A set of users as defined in the user profile. User profiles allow you to upload a CSV file with all the users email addresses to include or exclude in a scan for policy violations.
- Number of internal collaborators: To set thresholds for when content sharing triggers a policy violation, select the More Than or Less Than radio button and enter the number of internal collaborators that need to be detected for a policy violation to occur.
- File type: Apply the policy for a specific file type category. A few file type category examples are audio, image, word processor, presentation, video, etc.
Isolation Indicators
Netskope enables all isolation indicators by default in an RBI template when Read-Only user action control is enabled, reflecting the expected behavior for end users. These Isolation indicators are not editable (greyed out) if Read-Only is enabled.
Warning Message
Netskope removed the “has not been extensively tested” warning message.
To learn more: RBI Supported Browsers
WebView2 IdP Enrollment
Netskope Client supports user IdP enrollment using WebView2 that requires a minimum version: 106.0.1370.52.
Note
Configure the feature flag HKCUsoftwareNetskope with key: webview2 and value DWORD 1 while using GPO during the user login.
This feature is in Beta currently. Contact your Sales Representative or Support to enable this feature.
To learn more, view Deploy Netskope Client via IdP.
ProgramData Folder Access
Netskope enhances Client self-protection mechanism for ProgramData folder.
To learn more, view Netskope Client Hardening.
Note
This feature is behind a self-protection feature flag. Contact your Sales Representative or Support to enable this for your account.
Disable Netskope Client
With macOS Ventura v13.0, a new Mobile Device Management (MDM) setting is required to enforce tamper proofing to Netskope Client.
To learn more, view Netskope Client for macOS.
Support for iOS 16
With this release, Netskope extends its support for iOS version 16.
To learn more, view Netskope Client Supported OS and Platform.
NewEdge Traffic Management 2.0
Netskope announces controlled GA of NewEdge Traffic Management 2.0 in the Netskope Client. This release provides improvements to both performance in resiliency. From a performance perspective, the Netskope Client will perform latency measurements to ensure the data center(DC) selected is optimized for low last-mile latency while preferring in-region DCs. Additional resiliency is provided by the Netskope Client being aware of the 10 nearest DCs, providing extremely in-depth failover capabilities.
To learn more, view Netskope Client Network Configuration.
SAML Authentication Refresh Interval
You can now lower the SAML Authentication Refresh Interval to less than one day.
To learn more: Forward Proxy Authentication
Note
This is a controlled General Availability feature. Contact your Netskope sales representative/support to enable this on your tenant.
In addition to documenting all new and improved features, here is the list of articles with key documentation updates:
- Renamed Arirwatch to VMware Workspace ONE: The mobile device management tool Airwatch is now renamed to VMware Workspace ONE and is now available under Netskope Client > Netskope Client Deployment Options.
- Netskope Client for macOS: New document under Netskope Client Deployment Options that describes the methods to install Netskope Client on a macOS device and how to configure and steer traffic to the Netskope Cloud.
- Netskope IPSec with Fortinet FortiGate: Updated the IPSec tunnel configuration for Fortinet FortiGate and content structure.