Skip to main content

Netskope Help

New Features And Enhancements In Release 102.0.0

Here is the list of the new features and enhancements.

New Default And Custom Table Support in ServiceNow

Note

This feature is now declared General Availability (GA).

API Data Protection now supports additional default tables in ServiceNow. They are:

  • Best Configuration Item

  • Catalog Task

  • Change Phase

  • Change Request

  • Change Task

  • Feature Task

  • Group Approval

  • IMAC

  • Incident Task

  • KB Submission

  • Knowledge

  • Problem Task

  • Release Phase

  • Request

  • Request Item

  • TaskTicket

In addition to default tables, API Data Protection now supports custom tables in ServiceNow. Follow the instructions in Configure ServiceNow for API Data Protection and then navigate to Policies > API Data Protection and configure a ServiceNow policy. Under Content > Select Objects, the UI should list the custom table(s).

Restricted Reverse Proxy Flow

As part of this release, there is relaxation to the case where policies configured in a tenant to control reverse proxy application activities become void. This happens in-case the user accesses the application via Netskope Client on-boarded from a different tenant. This capability restricts the reverse proxy flow if accessed from other tenant. 

This is a security based solution to ensure there is no cross tenant impact. Explicit configuration is required to allow cross tenant access for specific tenants.

Note

This is a GA controlled functionality and disabled by default.

LinkedIn Connector Enhancement

The "From User" information for LinkedIn Connector is now available for the below events:

  • Download file from quick chat

  • Download file from messages window

  • Download profile as PDF

  • Post message from quick chat

Yammer Connector Enhancement

Creating a new community in Yammer application will now be captured under the Create activity in Netskope.

BitBucket Share Activity Coverage

Netskope adds support for Share activity mapped to Transfer repository on the BitBucket application. With this addition, you can configure advanced policy wherein the transfer repository scenario occurs.

DLP Support For FilesAnywhere

Netskope adds DLP support for Upload, Download, and Share activities in the FilesAnywhere application.

Note

Content share via a link will not be supported for DLP inspection.

Medicare Beneficiary Identifier (MBI)

Updates support for detecting US Medicare ID Numbers and the following are the new Entities added:

  • Social Insurance Numbers (US; "MBI"): Medical Beneficiary Numbers

  • Social Insurance Numbers (US; "HICN") : HICN numbers issued by the US SSA/CMS

  • Social Insurance Numbers (US; "RRB"): HICN numbers issued by the US Railroad Retirement Board

The existing "Social Insurance Numbers (US)" Entity is replaced with "Social Insurance Numbers (US; all)", which aggregates all three Entities into one. The previous version only supported SSA HICNs, the updated "all" Entity adds support for RRB and MBI numbers.

Social Security Number Entities (SSN)

Updates the following in this release:

  • Social Security Numbers (US; with hyphens)

  • Social Security Numbers (US; with spaces)

  • Social Security Numbers (US; unformatted)

Entities will use the post-2011 definition supplied by the US Social Security Administration (SSA) that eliminated the area-group-sequence (AGS) constraints of number issuance. All predefined US SSN Rules and Profiles use the “Social Security Numbers (US; all)“ Entity, and hence were not impacted by the SSA's updated issuance policy.

Additionally, the “Social Security Numbers (US; with hyphens)“ and “Social Security Numbers (US; all)“ entities are updated to include support for detecting SSNs delimited with en-dashes and em-dashes.

URL List Text

Netskope introduces help text for guidance when creating URL lists using RegEx. This is displayed on selecting the RegEx radio button under URL type.

Minimized UI Banner

The UI banner seen on the main UI landing page can now collapse to minimize window for better user experience.

Generic Header Insertion

Netskope extends the current ability to insert headers for applications, that honor specific headers to access application instances.

To learn more: Header Insertion.

RBI Policy Support

Netskope introduces complete support for URLs (that is, domain and path) in RBI (isolate) policies.

Earlier the RBI policies were only applied to specific categories, domains or subdomains. When complete URLs (domain and path) was included to the URL list of a custom category and attached them to RBI policies, these complete URLs bypassed isolation.

With this enhancement, you can now create detailed RBI policies that properly isolate complete URLs (domain and path) web pages by adding them to the URL list of a custom category attached to an RBI policy. The complete URL webpage (for example, https://docs.google.com/forms/d/e/.../viewform) remains isolated regardless of it's corresponding domain categorization.

209059-1.png
209059-2.png
209059-3.png

This enhancement can be leveraged to create RBI policies to isolate suspicious webpages hosted in well known SaaS apps (like phishing attacks abusing google forms).

Netskope Client for iOS

The new iOS Netskope Client is intended to offer all the Netskope security services in a single client for the iOS phones and tablets.

Existing two-prong solution will be decommissioned. This new App supports all the Netskope services (Cloud Access Security Brokeer (CASB), Security Web Gateway (SWG), Cloud Firewall, and Netskope Private Access (NPA) together within a single App.

To learn more: Netskope Client for iOS.

To learn more about the limitations, view Netskope Client for iOS

CGNAT Address Space Update

New tenants have CGNAT address space (100.64/16) provided by the NPA client to the application client.

Note

Any application using 100.64/16 IP space will cause collision with NPA and it is advised to turn off this feature flag.

ORCA Private App ID

Netskope enhances NPA App tags of Policy Definition to Tag ID that allows Admins to rename tags without touching policies.

Client Enrollment

NPA now have the facility to auto re-enroll a client for whatever reason the client fails to connect NPA due to enrollment parameter changes.

Case Sensitive Flags

NPA now supports case sensitive groups feature for policy matching.

Netskope Client for iOS

The new iOS Netskope Client is intended to offer all the Netskope security services in a single client for the iOS phones and tablets.

Existing two-prong solution will be decommissioned. This new App supports all the Netskope services (Cloud Access Security Brokeer (CASB), Security Web Gateway (SWG), Cloud Firewall, and Netskope Private Access (NPA) together within a single App.

To learn more: Netskope Client for iOS.

To learn more about the limitations, view Netskope Client for iOS

General Availability (GA) Apps Announcement

As part of the Next Generation API Data Protection platform, the following apps are now declared General Availability (GA):

Remediation Actions

Netskope has rolled out a new set of remediation actions. They are now available as part of the Next Generation API Data Protection policy wizard page. The actions are:

  • Restrict access to owner

  • Restrict access to internal collaborators

  • Restrict access to specific domains and internal collaborators

  • Revoke organization-wide sharing

  • Revoke specific domains

NExt-Gen_Restrict-Access.png

To learn more: Create a Next Generation API Data Protection Policy.

Next Generation API Data Protection Inventory

Netskope has introduced the Next Generation API Data Protection Inventory page. The Inventory page provides deep insights on various entities supported by the SaaS apps. Administrators can use the personalized dashboard to perform ad hoc, real-time queries that can quickly group, filter, and drill-down on contextualized data and transactions across an enterprise organization’s cloud activities at a scale and granularity.

You can access the page by navigating to API-enabled Protection > SAAS (NEXT GEN) > Inventory.

Note

Currently, the Inventory page is available for Citrix ShareFile, GitHub, Microsoft 365 Yammer, Workday, and Zoom. New SaaS apps will be supported in due course.

To learn more: Next Generation API Data Protection Inventory.

Retroactive Scan

Netskope has introduced the Next Generation API Data Protection Retroactive Scan.

A retroactive policy scans all the files, folders, repositories, and entities for the app instance right from the inception of the SaaS app. A retroactive scan is decoupled from ongoing policy scan (that is activity scan).

You can access the page by navigating to Policies > API Data Protection > Next Gen > Retroactive Scans

Currently, retroactive scan is available for Citrix ShareFile, Microsoft 365 OneDrive/SharePoint (Commercial), and Workday. New SaaS apps will be supported in due course.

To learn more: Next Generation API Data Protection Retroactive Scan.

Unify Clipboard

Netskope enhances the User experience for clipboard operations in isolation:

  • All clipboard operations (that is cut, copy and paste) between isolated and not isolated environments are now supported using the context menu. Prior to this enhancement, clipboard shortcuts were relayed in some scenarios. With this enhancement RBI users can leverage the context menu in isolation to copy and paste text between their local machine (outside the isolated environment) and the isolated page.

  • Clipboard operation buttons are now presented in the RBI context menu according to the RBI template configuration. Prior to this enhancement, the edit or clipboard section was not present in the context menu if any user control (copy, paste) was disabled in the RBI template. (for example, copy to clipboard disabled)

    9958-1.png
  • RBI notifications have been simplified, as a result users will only see 2 notifications when attempting to execute clipboard actions disabled in the RBI template. 

    9958-2.png
    9958-3.png
  • Paste button is disabled in the context menu if the user’s browser does not support it (for example, http webpages, Mozilla Firefox, and Safari).

    9958-4.png

To learn more: Clipboard in RBI.

Isolable Content Validation Process

Upon an isolate policy match RBI validates if the matching URL corresponds to isolable content (webpage). RBI has enhanced the isolable content validation process, improving isolated page load time for websites that are slow in returning initial page content.

Browsers Lifecycle Update

Netskope RBI has updated the set of minimum requirements for user browsers to work properly with RBI. If the user's browser does not meet the criteria they will be presented with a  'browser not supported' error message. The end user must use a different version to proceed with isolation.

10297.png

To Learn more: RBI Supported Browsers.

Sandbox API Report

The sandbox report retrieved via REST API for files submitted via Sandbox submission REST API now displays a verdict from the analysis.

Android Client Change

Netskope Client application discontinues support for Android on devices with Android OS version 7, 7.1, 8 or 8.1.

To learn more: Netskope Client Supported OS And Platform.

Management Console Admin Account

Enhanced the Netskope management console admin accounts creation. Administrators now need to specify the new email domains for any new admin account creation. To learn more: Admin Account Domains