New Features And Enhancements In Release 102.0.0

API Data Protection now supports additional default tables in ServiceNow. They are:

In addition to default tables, API Data Protection now supports custom tables in ServiceNow. Follow the instructions in Configure ServiceNow for API Data Protection and then navigate to Policies > API Data Protection and configure a ServiceNow policy. Under Content > Select Objects, the UI should list the custom table(s).

As part of this release, there is relaxation to the case where policies configured in a tenant to control reverse proxy application activities become void. This happens in-case the user accesses the application via Netskope Client on-boarded from a different tenant. This capability restricts the reverse proxy flow if accessed from other tenant. 

This is a security based solution to ensure there is no cross tenant impact. Explicit configuration is required to allow cross tenant access for specific tenants.

The “From User” information for LinkedIn Connector is now available for the below events:

Creating a new community in Yammer application will now be captured under the Create activity in Netskope.

Netskope adds support for Share activity mapped to Transfer repository on the BitBucket application. With this addition, you can configure advanced policy wherein the transfer repository scenario occurs.

Netskope adds DLP support for Upload, Download, and Share activities in the FilesAnywhere application.

Netskope adds certain usability enhancements to the CCI user interface (UI) for easy consumption of information from CCI. Some of the key enhancements are as follows:

Updates support for detecting US Medicare ID Numbers and the following are the new Entities added:

The existing “Social Insurance Numbers (US)” Entity is replaced with “Social Insurance Numbers (US; all)”, which aggregates all three Entities into one. The previous version only supported SSA HICNs, the updated “all” Entity adds support for RRB and MBI numbers.

Updates the following in this release:

Entities will use the post-2011 definition supplied by the US Social Security Administration (SSA) that eliminated the area-group-sequence (AGS) constraints of number issuance. All predefined US SSN Rules and Profiles use the “Social Security Numbers (US; all)“ Entity, and hence were not impacted by the SSA’s updated issuance policy.

Additionally, the “Social Security Numbers (US; with hyphens)“ and “Social Security Numbers (US; all)“ entities are updated to include support for detecting SSNs delimited with en-dashes and em-dashes.

Netskope introduces help text for guidance when creating URL lists using RegEx. This is displayed on selecting the RegEx radio button under URL type.

The UI banner seen on the main UI landing page can now collapse to minimize window for better user experience.

Netskope extends the current ability to insert headers for applications, that honor specific headers to access application instances.

To learn more: Header Insertion.

Netskope introduces complete support for URLs (that is, domain and path) in RBI (isolate) policies.

Earlier the RBI policies were only applied to specific categories, domains or subdomains. When complete URLs (domain and path) was included to the URL list of a custom category and attached them to RBI policies, these complete URLs bypassed isolation.

With this enhancement, you can now create detailed RBI policies that properly isolate complete URLs (domain and path) web pages by adding them to the URL list of a custom category attached to an RBI policy. The complete URL webpage (for example, https://docs.google.com/forms/d/e/…/viewform) remains isolated regardless of it’s corresponding domain categorization.

This enhancement can be leveraged to create RBI policies to isolate suspicious webpages hosted in well known SaaS apps (like phishing attacks abusing google forms).

The new iOS Netskope Client is intended to offer all the Netskope security services in a single client for the iOS phones and tablets.

Existing two-prong solution will be decommissioned. This new App supports all the Netskope services (Cloud Access Security Brokeer (CASB), Security Web Gateway (SWG), Cloud Firewall, and Netskope Private Access (NPA) together within a single App.

To learn more: Netskope Client for iOS.

To learn more about the limitations, view Netskope Client for iOS

New tenants have CGNAT address space (100.64/16) provided by the NPA client to the application client.

Netskope enhances NPA App tags of Policy Definition to Tag ID that allows Admins to rename tags without touching policies.

NPA now have the facility to auto re-enroll a client for whatever reason the client fails to connect NPA due to enrollment parameter changes.

NPA now supports case sensitive groups feature for policy matching.

The new iOS Netskope Client is intended to offer all the Netskope security services in a single client for the iOS phones and tablets.

Existing two-prong solution will be decommissioned. This new App supports all the Netskope services (Cloud Access Security Brokeer (CASB), Security Web Gateway (SWG), Cloud Firewall, and Netskope Private Access (NPA) together within a single App.

To learn more: Netskope Client for iOS.

To learn more about the limitations, view Netskope Client for iOS

As part of the Next Generation API Data Protection platform, the following apps are now declared General Availability (GA):

Netskope has rolled out a new set of remediation actions. They are now available as part of the Next Generation API Data Protection policy wizard page. The actions are:

To learn more: Create a Next Generation API Data Protection Policy.

Netskope has introduced the Next Generation API Data Protection Inventory page. The Inventory page provides deep insights on various entities supported by the SaaS apps. Administrators can use the personalized dashboard to perform ad hoc, real-time queries that can quickly group, filter, and drill-down on contextualized data and transactions across an enterprise organization’s cloud activities at a scale and granularity.

You can access the page by navigating to API-enabled Protection > SAAS (NEXT GEN) > Inventory.

To learn more: Next Generation API Data Protection Inventory.

Netskope has introduced the Next Generation API Data Protection Retroactive Scan.

A retroactive policy scans all the files, folders, repositories, and entities for the app instance right from the inception of the SaaS app. A retroactive scan is decoupled from ongoing policy scan (that is activity scan).

You can access the page by navigating to Policies > API Data Protection > Next Gen > Retroactive Scans

Currently, retroactive scan is available for Citrix ShareFile, Microsoft 365 OneDrive/SharePoint (Commercial), and Workday. New SaaS apps will be supported in due course.

To learn more: Next Generation API Data Protection Retroactive Scan.

Netskope enhances the User experience for clipboard operations in isolation:

To learn more: Clipboard in RBI.

Upon an isolate policy match RBI validates if the matching URL corresponds to isolable content (webpage). RBI has enhanced the isolable content validation process, improving isolated page load time for websites that are slow in returning initial page content.

Netskope RBI has updated the set of minimum requirements for user browsers to work properly with RBI. If the user’s browser does not meet the criteria they will be presented with a  ‘browser not supported’ error message. The end user must use a different version to proceed with isolation.

To Learn more: RBI Supported Browsers.

The sandbox report retrieved via REST API for files submitted via Sandbox submission REST API now displays a verdict from the analysis.

Netskope Client application discontinues support for Android on devices with Android OS version 7, 7.1, 8 or 8.1.

To learn more: Netskope Client Supported OS And Platform.

Enhanced the Netskope management console admin accounts creation. Administrators now need to specify the new email domains for any new admin account creation. To learn more: Admin Account Domains