New Features And Enhancements In Release 110.0.0
New Features And Enhancements In Release 110.0.0
Here is the list of the new features and enhancements.
Behavior Analytics
UCI Time box Timeline
A new range selector bar allows extending the timeline view for User Confidence Index (UCI) scores to more than the default 14 days. Up to 90 days of user confidence scores can be viewed for the selected user. This allows investigating historical UCI score trends and related anomalies for a user.
Data Protection
Base64 Detection
DLP True File Type detection using File Profile now supports detection of files with Base64-encoded data with some limitations. The support is limited to the detection of files with Base64-encoded data as defined in IETF RFC 4648. The detection algorithm checks for the existence of the following 64 characters [A-Z, a-z, 0-9, + (plus), / (slash)] in the first 4096 characters of the file. Any other characters including space at the beginning of the file or within the 4096 characters will result in the file not being considered Base64 type. Files with less than 4096 characters will not be considered as Base64.
File Profile Feature
File Profile feature is available for all tenants by default.
Additional File Type Support
This release includes support for over 198 additional file types accessible through the DLP file filter. A few of which include:
-
JPEG XL image
-
Base64-encoded ASCII text file
-
Adobe InDesign v1 document
-
HP Printer Control Language XL (PCL XL)
-
Compressed ISO CD image (CISO)
-
Dzip and ESTsoft archive files
-
Open Financial Exchange files
-
Microsoft SQL Server, Microsoft OneNote and other Microsoft application files
-
MacOS keychain database
-
Puffer encrypted archive
-
Boxcryptor, CryptoForge and SecureIT encrypted files
-
InterCrypto Advanced Encrypted Package file
-
AutoCAD Slide library and AutoDesk Softimage Export Model
-
Various PEM-encoded file types
Upgraded Source Classification Model
Updated DLP ML-based Source Code Classifier to improve accuracy and reduce false positives.
Flexible Email DLP Scans
DLP rules for use in Email DLP policies now provide the ability to specify the parts of an email including headers, subject, body, and attachments that should be inspected as part of the DLP inspection.
Endpoint Data Loss Protection (EPDLP)
Alerts And Events Filter Improvement
Several Endpoint DLP fields in Alerts and Events filters are now case-insensitive
Device Classification In EPDLP Policies
Endpoint DLP Policies now use Device Classification as a policy element. This allows administrators to design policy sets that treat data on managed devices differently than on unmanaged devices.
To learn more: Endpoint Data Loss Prevention.
EndPoint DLP In Sonoma Beta Build
Tested and verified the Endpoint DLP agent on the latest macOS Sonoma pre-release build.
Intrusion Prevention System (IPS)
Incident ID For IPS Event
The Incident ID field is now available in Skope IT Alert Details for IPS events.
IPS Audit Log
Enhanced IPS audit log details to accurately display multiple signature overrides.
Next Generation API Data Protection
New App Support
As part of the Next Generation API Data Protection platform, Netskope now supports Gmail. For a list of supported features, see Next Generation API Data Protection Feature Matrix per Cloud App. To learn more: Configure Gmail for Next Generation API Data Protection.
Note the following important points:
-
If you are currently using the classic version of the Gmail app, the app will be migrated to the Next Generation platform. The migration process has already kick started as part of release 109. This transition will occur seamlessly, and we anticipate its completion within the coming weeks. Once migrated, you will no longer see the Gmail app under Configure App Access > Classic > SaaS. However, the app will be available under Configure App Access > Next Gen > CASB API.
-
If you currently do not use the classic version of the Gmail app, you can configure the Gmail app under Configure App Access > Next Gen > CASB API.
New Dashboard For Gmail
Introduced a new dedicated dashboard page for Gmail. This page provides a high-level overview of total number of emails with violations, email violation with exposure, emails with DLP violations, user details like sender and external recipients of violating emails, violating emails sent to external domains, and many more.
To view the dashboard, log into the Netskope tenant UI, navigate to API-enabled Protection > SAAS (NEXT GEN) > Dashboard. Then select the Gmail app from the Application drop-down menu.
New Clickable Widgets on Dashboard Page
Starting this release, a user can click the widgets on the Next Gen API Protection Dashboard page to get additional details. To view the dashboard, log into the Netskope tenant UI, navigate to API-enabled Protection > SAAS (NEXT GEN) > Dashboard. Then, click a widget to get additional details.
Netskope Secure Web Gateway (NG SWG)
XFF header Insertion
Earlier proxy did not support including XFF header based on XFF configuration for Discovery apps. Proxy now supports XFF config for Discovery apps as well.
Suppress Repeat Notification
With this feature, you can now suppress repeat notifications after the initial notification for upto 48 hours (extended from 12 hours)
Advanced File scanning settings
This feature enables the UI settings for Advanced file scanning to select preferred file sizes, time-out values for scanning DLP, Threat Protection and File Profile as well as fallback actions (such as alert, block) when content inspection cannot be performed.
Tenant Exception List For Domain Fronting Feature
REST APIs to configure per tenant domain fronting exceptions are now available in SIN2 in addition to other management planes. These provide wildcard domain or full-domain match to domain fronting protection.
Remote Browser Isolation (RBI)
Private Navigation Load Time Improvement
RBI has achieved a significant reduction in the loading time for isolated webpages where the private navigation setting is disabled. This feature enhancement improves the loading process for cookies subdomains, achieving a significant load time reduction of its client application, consequently reducing the load time before the initial isolated image is displayed to the end user.
Extended RBI License
Extended RBI is a new license that expands RBI support to new risk scenarios such as browsing of personal websites and cloud apps, not related to the business.
Extended RBI is a new license that expands the RBI offering to support new risk scenarios in addition to the current ‘Targeted RBI’ license: personal browsing of additional web categories and unmanaged cloud apps not related to the business (i.e. web pages and cloud apps not managed by IT or integrated with the corporate IdP).
Netskope customers use Extended RBI to protect corporate users’ browsing activity and their browser when these users browse unmanaged websites and web apps (for example, personal webmail, social, chat and IM)
Extended RBI entitles customers to isolate up to 25% web traffic processed by NG-SWG, considering the above description and limited to 1.5GB isolated traffic per user per month.
To learn more: Extended RBI
SaaS Security Posture Management (SSPM)
Support For Workday Front-end
SSPM now supports onboarding of Workday instance which would be front-ended by SSO.
Note that the option to configure Workday instance on SSPM has been moved from Settings > Configure App Access > Classic > SaaS to Settings > Configure App Access > Next Gen > Security Posture.
Save, Reuse And Share Filters in Findings and Inventory Page
With this release, you can now save and share filters in API-enabled Protection > Findings(SaaS) and Inventory(SaaS) pages. We can also save and share NGL filters on the Inventory(SaaS) > Resources tab.
Learn more on Security Posture Findings and Inventory articles.
New Predefined Rules Added in SSPM
Added 36 new predefined rules. These are for the following categories:
-
Apps:
- Google workspace: 1
- Microsoft Entra: 18
- Okta: 17
-
MITRE ATT&CK:
- Initial Access: 13
- Defense Evasion: 17
- Privilege Escalation: 1
-
Security Domains:
- Application: 1
- Device Security: 18
- IAM: 16
- Authentication: 13
Threat Protection
STIX Report For API Endpoint
A new REST API endpoint allows the ability to retrieve the Malware Details report in STIX json format using the MD5 hash of the file.
Traffic Steering
Reduced Log Bundle Size
Reduced log bundle size for web upload by ignoring installer files.
To support auto-upgrade, installer file is downloaded to Netskope config/data folder. Without introducing this fix, it will cause web UI collect log failing to upload the log due to the log is too big to upload in time.
Device Classification Custom Label
Netskope Client supports custom device classifications that can be leveraged to configure multiple device classification labels and assign rules under them.
A device is validated against classifications configured from top to bottom order and when it matches to the classification policy the respective label is assigned.
- This feature is currently under Beta. Contact your Netskope Support or Sales Representative to enable this feature for your tenant.
- Netskope Private Access(NPA) is currently not supported for Custom Device Classification.
To learn more: Device Classification.
Android v14 Support
Netskope Client now supports Android v14. To learn more: Netskope Client Supported OS and Platform.
Client Configuration Beacon
Removed the beacon beside Client Configuration navigation, this beacon indicates to the user that Client Configuration page is moved out from Devices page.
Netskope Client Supports DNS Traffic Over TCP
The evolving applications are using DNS over TCP mode in the recent times and hence Netskope introduced a new feature that supports processing DNS requests/responses over TCP.