New Features And Enhancements In Release 101.0.0

Enhanced the Search sites functionality to support while searching for sites with exact match of Site UID. This is in addition to the currently supported site search with prefix.

Netskope API Data Protection now supports malware detection for files and attachments in ServiceNow. You can navigate to Settings > Configure App Access > Classic > SaaS to enable this feature. Click the ServiceNow app and under the instance setup window, enable the Malware checkbox.

Netskope API Data Protection now supports audit events for Microsoft Office 365 Outlook. To enable this feature on your existing Netskope account, re-grant the Microsoft Office 365 Outlook app under Settings > Configure App Access > Classic > SaaS > Microsoft Office 365 Outlook.com. Once you re-grant, the following new Office 365 Management API permissions are available :

After re-grant, you can view the Microsoft Office 365 Outlook audit events under Skope IT > Events > Application Events. To learn more: Microsoft Office 365 Outlook Audit Events.

Recently, Netskope API Data Protection switched from using the Azure Active Directory Graph API permissions to Microsoft Graph API permissions as recommended by Microsoft. Netskope API Data Protection will no more use the following Azure Active Directory Graph API permissions:

You can view the updated list of permissions for Microsoft Office 365 OneDrive for Business & SharePoint Sites here:

To reflect this change, log in to your Netskope tenant, and re-grant the Microsoft Office 365 OneDrive for Business & SharePoint Sites apps.

Netskope API Data Protection validated support up till ServiceNow Tokyo release.

Netskope adds synthetic resource and synthetic triggers to all the resources where from_user was missing. Prior to this enhancement, there was dependency on DB lookup to extract from_user. With this update, there is no from_user in database, and same results are fetched using synthetic query.

The activity name for renaming and moving a file or folder in the Dropbox application is changed from Rename to Edit.

In Amazon S3, file uploads happen in portions when file sizes are larger than 8.3 MB and 17 MB for the CLI platform and the browser platform, respectively.

Previously, large files did not support file size policies due to limitations on handling larger file upload. Netskope addressed this issue with additional support for file size-based policies through the multipart feature.

Netskope adds an access key variable to all the activities of the AWS services. Access keys are long-term credentials for an IAM user or the AWS account root user. Access Key ID uniquely identifies an AWS User that will be displayed in the AWS events.

Previously, in Yahoo Mail, Send and Upload activities occurred in the same packet. Netskope introduces UploadAndSend activity to eliminate this occurrence.

Netskope updates the following for Zoom real-time protection:

Netskope extends support for the following activities:

Netskope updates the Minimum OS Versions dropdown list in Device Classification with new iOS versions: 14, 15, and 16.

Deprecated the option “Apply CCI Tags” from Skope IT > Applications page. CCI Tags can be applied from the CCI app management page.

Netskope adds certain usability enhancements to the CCI user interface (UI) for easy consumption of information from CCI. Some of the key enhancements are as follows:

Email from the SMTP proxy is saved to forensics as part of the original file download feature with .eml extension.

Enhanced Source Code (Any) Entity to detect incomplete portions of long code blocks.

Removed derrière and tushy from the Inappropriate Language (English; Biological) entity due to unreported but potential false positives.

Reduced multiple false positives in the Full Names Entities for Spain (ES), UK, and International as well as the Last Names entities for U.S and International.

Netskope updates the Passwords (Common) Entity with better password detection such as ‘n3t5k0pe1’. In addition to the efficacy benefits, the improvements allow for optionally less reliance in DLP Rules on Passwords (Secure) that are naturally more prone to false positives.

This also updates the Private Keys (Generic, Begin) Entity, adding support for BEGIN OPENSSH PRIVATE KEY.

Netskope adds support for Spanish domestic bank account numbers, known locally as “código cuenta cliente” or simply “CCC”. Also adds the “ccc” terms-based Entity.

Netskope enhances support for bank account number related terms for the following countries:

Added the entities supporting bank account numbers for the following countries:

Netskope adds a contextual Entity for Austria that detects konto and BLZ terms and numbers in tight proximity.

The UI navigation for Bank Account Number Entities within “Bank Account Numbers (by Country)” has been changed in order to group Entities together for the same country.

The UI navigation has changed slightly for a few other categories, mainly “Personal Names”, “Postal Addresses”, and “Regional Identifiers”. For example, the “Personal Names (FR)” menu item has been renamed to “Personal Names (France)”. The alphabetical  order is also altered within the menu, allowing “France” to come before “Germany” and “Spain”, as opposed to the previous order of “DE”, “ES”, and “FR”.

Enable logical “AND” of a set of content inspection rules with a set of fingerprint rules for DLP profiles.

Enable logical “AND” of a set of content inspection rules with another set of content inspection rules for DLP profiles.

To learn more: Create a Custom DLP Profile.

The fields in USB Device Constraints are now AND’ed together. It is now evaluated as “Manufacturer AND Device ID AND Model AND Serial Number”.

To learn more: Constraint Profile.

Netskope updates user-alert popup dialog with checkbox labeled as Apply to the remaining files. On selecting this checkbox, any action by the same user, using the same application that results in a user-alert for the same policy is suppressed for the next 10 minutes.

Alerts, Events, and Incidents are created for the suppressed alerts, and the justification and action are copied from the original user alert.

In the Device Health page, the Endpoint DLP service may be paused for an endpoint. The intention is to allow users to have temporary exceptions to policy enforcement. The time for enforcement it is paused has been changed from 5 to 30 minutes.

To learn more: Devices.

If device control cannot initialize correctly without a reboot, the status is reported to the admin informing that a WebUI management console reboot is required.

When installing the Netskope Client, the Endpoint DLP Service is registered with Windows as Netskope DLP Service. The Netskope DLP Service is registered as Disabled in the service control manager, configure and start it to make use of this feature.

Phones (iOS and Android) do not support “Read-Only” actions when connected as USB storage devices. If an Endpoint Device Control policy with a “Read-Only” action matches on a phone device, the device is blocked. A warning has been added to the Policy Editor page to remind policy authors of this restriction.

To learn more: Endpoint Data Loss Prevention.

Netskope renamed the following fields from:

Netskope added more than 30 SSL related fields to Transaction Events format to increase the visibility of SSL policy and SSL engine actions. The following are the updated topics:

To learn more: Transaction Event Fields. 

Netskope added transaction event format 3 with approximately 60 fields.

To learn more: Transaction Event Fields

You can now connect to the on-prem hosted HSM/key manager to get the proxy emulated certificate signed for TLS decryption without uploading or providing an intermediate certificate/key to Netskope.

To learn more: Certificates

Netskope enhances the generic header insertion feature to support Inserting multiple custom headers for a given application. If an application supports more than one header, an admin can select all of them in a single flow instead of creating multiple header profile for the same application.

To learn more: Header Insertion

Block single destination IP is now available and will be enforced on all tenants in version 103.0.0.

Netskope supports applying SSL Do Not Decrypt policies and Real-time Protection policies based on destination IP addresses. Destination IP addresses can be configured in custom URL lists.

To learn more: URL Lists

Netskope adds JA3 and JA3S to Application Events and Malsite alert.

 JA3 with JA3S is a method to fingerprint the TLS negotiation between a client and server. This combined fingerprinting can assist in producing higher fidelity identification of the encrypted communication between a specific client and its server. These fields are available for TLS decrypted traffic.

Netskope improved the logic in order to detect file type efficiently.

Internet content providers (such as websites) and SaaS providers often use users geographic information to make content localization decisions.

Netskope’s ‘Localization Zones’ feature addresses this well known problem of content localization. It helps users located in countries or regions where Netskope doesn’t have an in-country data center to get content that is local to them in terms of language and relevance.

You now can exclude users, user groups, and organizational units when configuring the Source field in Real-time Protection policies.

To learn more: Real-time Protection Policies

With this release, the admin can specify up to 500 hosts in the Private Application definition.

Netskope enhances error notification to Client-less access failure cases by providing more context regarding the cause of failure.

Netskope updates the following SRP information in Troubleshooting page:

Netskope introduces a feature flag to control NPA client for resolving private app hosts as CGNAT addresses 100.64.0.0/16 instead of 191.1.0.0/16.

Next Generation API Data Protection has introduced a new policy action for the Workday app – Change Owner to a Specific User. When you select this action and a policy violation occurs, Netskope changes the ownership of the file/folder to a specific user as entered in the policy wizard.

To learn more: Create a Next Generation API Data Protection Policy.

Next Generation API Data Protection can now support DLP scan on channel messages in a Zoom meeting. To learn more: Activities Monitored by Netskope.

RBI configurable settings (RBI templates) were introduced in the release 97.1.0, and required a Netskope representative to enable the feature in your tenant. From this release, RBI configurable settings (RBI templates) is enabled by default for all RBI accounts.

With Remote Browser Isolation (RBI) configurable settings (RBI templates), admins can configure isolation settings to define and apply granular controls that govern the user interaction in isolated web sites for different risk scenarios (that is, users or categories). These controls are configured defining RBI templates that can be attached to any new or existing RBI policy, which customizes end users experience in isolation.

To learn about the RBI configurable settings, view RBI templates.

Netskope enhances SkopeIT filters to include Isolate as a valid action in all events that include Action field. This feature helps to easily filter RBI related events for Page Events, Application Events and Alerts in SkopeIT.

Gen.DetectBy.NetskopeAI.Phishing is a new alert name introduced to the inline Threat Protection scanning enabled for accounts with real-time Threat Protection policies. This detects a phishing site using Netskope’s machine learning capabilities. Like malsite detections, you can open a support case and override with custom category if detection efficacy issues are encountered.

The Malware incidents page no longer displays alerts and blocking actions discovered by Netskope from third-party applications. However, these Native App alerts are still available in SkopeIT, and you can see them in Malware Incidents by searching the following malware names:

To learn more: About Malware

This enhancement reduces the occurrence of Windows Client upgrade during system shutdown

Netskope enhances internal error handling by using CoSetProxyBlanket to set correct permission for each WBEM query.

Netskope enhanced MAC block notification dialog display layout.

Netskope Client supports the following:

To learn more: Netskope Client Supported OS and Platform.

Netskope Client now validates and supports SWG/CASB feature validations for:

Added a new feature flag ‘enableAirDropException’ for AirDrop in macOS.

With this enhancement, Netskope Client bypasses the IPv6 DNS traffic.

To learn more: Netskope Client Support in Cloud Firewall

Netskope upgrades the old third-party libraries to OpenSSL 1.1.1q and cURL 7.86.0.

Firefox does not use system certificate store. It maintains separate cert database file in each Firefox profile.

Agent uses Mozilla’s NSS tool certutil for installing CA cert in Firefox certificate DB. Certutil binaries are signed and hosted on Provisioner and downloaded by Agent if required. Certutil binaries signature have expired for Windows and are re-signed using SignTool.exe with netskope cert.

Netskope enhanced the following for the Steering Configuration Preferences:

To learn more: Configuring the Steering Preferences

Netskope enhances WebUI to validate the User and Date modification for Client configuration. When dragged from top to middle it updates all the configuration that appears above the dragged one.

Renamed Traffic Steering to Tunnel Settings in Client Configuration to remove duplicity.

To learn more: Netskope Client Configuration

The Steering Configuration page is more easy to navigate through with the new action options. For each default and custom steering configuration, you can click View Steered Items to see the Steered Traffictab or click View Exceptions to see the Exceptions tab.

To learn more: Steering Configuration

Netskope renamed Client Traffic Exploit Prevention (CTEP) to Intrusion Prevention System (IPS) throughout the Netskope user interface (UI). The UI continues presenting alerts as CTEP alerts in SkopeIT until a later release.

To learn more: Intrusion Prevention System

Netskope changed the IPS event actions to match the terminology of other Netskope alert types. For example, Allowed and Blocked were changed to Allow and Block respectively.

To learn more: About Alerts

In addition to documenting all new and improved features, here is the list of articles with key documentation updates: