New Features And Enhancements In Release 108.0.0
New Features And Enhancements In Release 108.0.0
Here is the list of the new features and enhancements.
Advanced Analytics
Netskope Library Table View
The following enhancements are made in this release:
- Added a table view to the Netskope Library.
- You can sort by both table and card view and by Name, Popularity, and Last Edit.
API Data Protection
Microsoft Office 365 Teams Shared Channel Support
Microsoft recently introduced a new type of channel – shared channel. Netskope API Data Protection for Microsoft Teams can now support appropriate exposure computation for channels that are shared with an entire Microsoft Team. To enable this feature, Netskope requires a new permission to be allowed – ChannelMember.Read.All
. To allow this permission, the administrator should regrant the Microsoft Office 365 Teams instance on the Netskope tenant UI.
You can view an entry for an external team user in:
Incidents > DLP page:
Skope IT > EVENTS > Alerts page:
API-enabled Protection > Microsoft Office 365 Teams > <app-instance> page:
CASB Real-time Protection
Multipart Support For File Upload With Outlook
Inspection of chunked file attachments (greater than 16MB) is now supported for Microsoft Outlook.
Multipart Upload For Facebook Ads Manager
Inspection of chunked files (greater than 64MB) is now supported for Facebook Ads Manager.
DLP support for Share Activity In DropBox
Added support for DLP inspection on any content posted in the Add note section while sharing a file using DropBox.
Advance Constraint Support For Generative AI Apps
ChatGPT, Beautiful.ai, Jasper AI, and Google Bard dedicated CASB inline connector now supports instance detection and from user constraints.
With this feature, the enterprises can have granular policy control for these apps. They can put appropriate guardrails to manage employee interactions with corporate and non-corporate instances as well as manage access based on user (app) accounts.
App Connector Looker Enhancement
Improved connectors by mapping new user actions to existing activities for DLP support.
Support To Bypass Autopilot
Netskope’s Auth Integration Proxy is now compatible with Microsoft Autopilot for pushing default settings to un-managed device.
Activity Detection and Control for Slack Canvas
Netskope Real-time Protection policies extend support for Slack Canvas. DLP support, Instance detection, and ‘From User’ identification is supported across all activities such as POST, Uploads, Downloads, and Comments made in Slack Canvas.
Instances Tab In SkopeIT
Introduced a tab under SkopeIT > Applications > Instances. This tab provides the consolidated and filtered view of all App instances discovered in the traffic. The admin can also select App Instances from this page to configure by adding a name and an instance tag. Alternatively, the admin can also select a specific instance and a pivot to SkopeIT to view the events generated for a specific app instance.
Dedicated AODocs App Connector
AODocs dedicated app connector is now available providing admins the full visibility and control over sharing of data with the application. The following activities covered:
-
Create, Copy, and Delete
-
Edit (DLP)
-
Share and Move
-
Login related activities (supported by Google App Suite)
Reverse Proxy as a Service for AODocs
Added reverse proxy as a service (RaaS) to manage and control the usage of AODocs application by un-managed devices. Admin can define policies to control activities like share, create, and more.
Prerequisites: Google account should be configured to Netskope SAML Proxy / Reverse Proxy.
Reverse Proxy as a Service for AODocs.
Cloud Confidence Index (CCI)
App Category Update Of Amazon MemoryDB
Updated the application category for the Amazon MemoryDB app from Iaas/Paas to Cloud Storage.
Cloud Firewall
Custom DNS Server Feature Implementation
Custom DNS server configuration will allow customers configure alternative DNS servers, which can be used to either override original DNS server in DNS request, or use alternative server incase original DNS server is failing.
See DNS Profile for more information.
Endpoint Data Loss Protection (EPDLP)
Multi-User Support
Endpoint DLP now supports per-user installs of STAgent. The respective Netskope user is reported for events that are generated on systems running in multi-user mode.
Severity Threshold Support
Enhanced the alert trigger mechanism to generate alerts when severity thresholds are not met. In prior releases, policy actions were initiated when severity thresholds were met, without generating alerts below threshold.
Device Control Driver
Enhanced the end-user experience by coordinating the installation of the new driver with a system reboot. This prevents devices from being disconnected/reconnected during a driver upgrade.
EDLP Integrity Check
Added additional integrity checks to the Endpoint Protection policy editing pages to prevent creation of invalid policies.
SaaS Security Posture Management (SSPM)
Next Generation SSPM Is Now SSPM
Next Generation SaaS Security Posture Management is now renamed as SaaS Security Posture Management. SaaS Security Posture Management v1 is now deprecated and not supported by Netskope. Other name changes in the product are as follows:
- Renamed API-enabled Protection > Security Posture (Classic) in the left navigation to Security Posture IaaS.
- Renamed API-enabled Protection > Security Posture (Classic) in the header to Security Posture IaaS.
- Renamed Policies > Security Posture > Classic tab to IaaS tab.
- Renamed API-enabled Protection > Security Posture (Next Gen) in the left navigation to Security Posture SaaS.
- Renamed API-enabled Protection > Security Posture (Next Gen) in the header to Security Posture SaaS.
- Renamed Policies > Security Posture > Next Gen tab to SaaS tab.
Enhanced Risk And Permission
Introduced Critical risk level in Risk and Permissions section in Inventory menu, Resources tab.
Netskope Private Access (NPA)
NPA Windows Registry Status
Private Access service on Netskope Windows Client now updates the status of the tunnel in the registry. To learn more, view Private Access Tunnel Status Update in Windows Registry.
DNS Resolver Query
Netskope Client using Private Access on macOS now forces OS to fallback on the regular DNS resolution regardless of whether the DNS servers are capable of using DNS-over-TLS(DOT/DOQ/DOH).
Next Generation API Data Protection
Enhancement To Remediation Actions On Incident Page
In continuation to the Remediation Action on Incident page feature that was released in version 106.0.0, following are the enhancements in this release:
- When you navigate to DLP > Incidents, click an incident, under Actions, the API Enabled Protection (Next Gen) button is now removed.
- When you navigate to DLP > Incidents, click an incident, under Actions, the API Data Protection (classic) and Next Generation API Data Protection actions are now grouped together under the Restrict Access button.
- The Change Owner to a Specific User action is now moved under the Change Ownership button.
New Dashboard For Microsoft 365 OneDrive And SharePoint
Introduced a new dashboard page for Microsoft 365 OneDrive and SharePoint. This page provides a high-level overview of total number of files, files with DLP violations, malware-infected files, internal and external users, file exposure, and file DLP violations widget categorized by DLP rule or profile.
To view the dashboard, log into the Netskope tenant UI, navigate to API-enabled Protection > SAAS (NEXT GEN) > Dashboard.
To learn more: Next Generation API Data Protection Dashboard
Next Gen Secure Web Gateway (NG SWG)
Enhanced Inline File Type Detection
The enhanced inline File Type Detection capability provides an intuitive policy workflow that allows or blocks files based on a specific file category (for example, binary or executable) or file type (for example, Android Package Kit). This feature includes a default file size of up to 256 MB. If the large file feature is enabled in the tenant, the default file size is increased up to 400 MB.
Increased File Size In Inline Policy
For inline policies using file sizes only (not file types), you can now enter up to 1024GB for the file size criteria and constraint. Prior to this update, the maximum value was 1.9GB.
Platform Services
Configurable Filter Support In Directory Importer
Directory Importer added a new capability to refine the users and groups to include in the AD response using the group_filter and user_filter options in Active Directory V2. However, it is important to note that since this process does incremental queries, any object that is modified and filtered out due to the applied filter will not be deleted. This option should be limited to attributes that remain constant.
Traffic Steering
Pagination In Devices User Interface(UI)
Updated the Devices WebUI to display the right number of total count in the Device’s pagination table. The WebUI now displays:
- Device entry count(by Unique Device ID and User)
- Unique device count(by Unique device ID)
To learn more, view Devices.
Enhanced macOS Client Performance
New tenants are now enabled with enhanced MacOS Client Performance feature. This feature is also applicable to Private Access.
User And Entity Behavior Analytics (UEBA)
Compromised Credentials Email Section
The Compromised Credentials Incidents page has a new option to select specific administrators as recipients of email notifications. This allows granular control for administrators to explicitly define recipients of this email notification versus an entire admin group.
To learn more, view Compromised Credentials.
Deprecated Features
CASB Inline Protection
Remove Object Support For Edit Activity
Object value field that corresponds to file name in Google Drive application events for Edit activity is deprecated as this value is not available in traffic deterministically.
Additional Documentation Updates
Renaming Next Generation SaaS Security Posture Management
Starting this release, Next Generation SaaS Security Posture Management is now renamed to SaaS Security Posture Management as SaaS Security Posture Management V1 is deprecated and not supported by Netskope. The documentation has been updated with the new name. Due to this, the documentation URLs for SSPM chapters will change. Navigate to the main page SaaS Security Posture Management.
Explicit Proxy over IPSec and GRE Tunnels
Explicit Proxy over IPSec and GRE Tunnels: Improved the content and structure for EPoT.