New Features And Enhancements In Release 113.0.0
New Features And Enhancements In Release 113.0.0
Here is the list of the new features and enhancements.
Advanced Analytics
Netskope Library Dashboard Performance Improvement
Removed ‘contains’ dashboard filters from the Netskope Library dashboards to improve performance. These dashboards are modified to use exact value searches and/or ‘starts with’ filters:
-
DLP Incidents Monitoring Dashboard
-
IaaS CSA Dashboard
-
IaaS DLP Scan Dashboard
-
IaaS Malware Scan Dashboard
-
Insider Threat Dashboard
-
SaaS Visibility Report
-
SSL Inspection
-
Unsanctioned IaaS Summary
IaaS dashboards were updated with the new app names for storage scan in release 112. To view events prior to this release, filter using the old names:
PRIOR TO RELEASE 112 | AFTER RELEASE 112 |
---|---|
Amazon Web Services | Amazon S3 |
Microsoft Azure | Azure Blob Storage |
Google Cloud Platform | GCP Storage |
Behavior Analytics
User Watchlists for Advanced UEBA
A new UEBA user watchlists feature allows selection and monitoring of specific users (or users imported from a list) such as employees flagged by security or HR systems.
Each watchlist can be configured with its own UCI threshold alert level in addition to the global UCI threshold alert.
To learn more: User Watchlist
CASB Real-time Protection
Instagram Connector Development
Added a new connector for Instagram with support for the following activities:
-
Login Attempt
-
Login Failed
-
Login Successful
-
Logout
-
View
-
Comment
-
Delete
-
Upload
-
Like
-
Create
-
Edit
Additionally, the following activities are now supported with DLP:
-
Comment
-
Upload
-
Create
-
Delete
Endpoint Data Loss Protection (EPDLP)
Endpoint DLP Status Improvement
The Endpoint DLP section of the NSClient configuration dialog now contains information about the service status, the network connectivity state, and the enforced policy version.
USB Storage Policy Evaluation Progress Dialog
The macOS Endpoint DLP agent now displays a progress dialog while files copied to USB mass storage are evaluated. This should warn users the danger of data loss if they unplug their USB devices before evaluation is completed.
Network File Share Device Control
Network File Share Device Control is available for the Windows Endpoint DLP agent. This feature allows policy-based decisions about which file shares an endpoint is allowed to use.
Printer Content Control for Windows
Printer Content Control is available for the Windows Endpoint DLP agent. This feature allows policy-based decisions about what data is allowed to be printed.
To learn more: Endpoint Data Loss Prevention.
IaaS Storage Scan v2
Enhanced App Names for IaaS Storage Scan
The app names for storage scan have been updated and the new values (as displayed in SkopeIT), respectively for each app are:
-
from Amazon Web services to Amazon S3
-
from Microsoft Azure to Azure Blob Storage
-
from Google Cloud Platform to GCP Storage
Next Generation API Data Protection
Support for Restore and Block Actions
Starting this release, you can now restore and block quarantined incidents from the Incidents > DLP page. Netskope has introduced two new action buttons – Restore and Block.
Support Notify User Option
Netskope has introduced the Notify User option when you take an action to restore or block a quarantine incident. This new option is available under Incidents > Quarantine > Next Gen, select a quarantined file, then click Take Action > Restore or Block. Select the Notify User check box. You can send a notification to:
-
Custodian: The quarantine administrator.
-
Owner: Creator of the email, message, or file.
-
Admin: Admin email that was configured as part of the instance setup.
-
Collaborators: Everyone with whom the email, message, or file is shared.
-
Selected Users: User-defined email addresses.
To learn more: Quarantine.
DLP Quarantine for Google Drive
Starting this release, Next Generation API Data Protection supports DLP quarantine for the Google Drive app.
You can define a quarantine action when you create a Next Generation API Data Protection policy. When a policy matches, Netskope isolates the affected file and tombstones it, and the administrator can take appropriate action on the quarantined file. Few of the salient features are:
-
Define a quarantine action with or without a DLP profile on the policy wizard page.
-
Create a retroactive scan with quarantine action.
-
Ability to apply a default or custom tombstone text/file.
-
Take action on a quarantined incident like restore, block, contact owner, or download the original file.
-
DLP incidents page will now include reporting of quarantine actions.
To learn more:
-
View quarantine incidents: Incidents > Quarantine page
Netskope Secure Web Gateway (NG SWG)
Audit Log Details
Audit log was enhanced with the following details:
-
Added Policy name for Inline Policy Deletion
-
Enhanced inline policy creation to show JSON content.
-
Captures the previous and new policy position information along with the policy name
Support Multiple Certificate Hierarchies for SSL interception
Network admins can now see two new controls in the SSL Decryption page – “SSL Certificate” and “Force SSL Certificate on NS Client”. With these two new controls, admins can now define a certificate chain to use for SSL interception based on all attributes available in SSL policy.
This is a controlled General Availability feature. Contact your Netskope sales representative or Netskope support team to enable this for your tenant.
Netskope Private Access (NPA)
FIDO2 Authentication
Netskope Private Access Client supports Fast Identity Online (FIDO) authentication for macOS devices through external browser support. To learn more External Browser Based Authentication
New Netskope Client UI Indicator For NPA
Enhanced the Netskope Client for Windows to show Internet Security and Private Access tunnel statuses on:
-
The system tray client icon tooltip
-
On-click menu
-
Netskope Client icon colors
To learn more :Using Netskope Client
Remote Browser Isolation (RBI)
Extended RBI Supported Categories
RBI added support for the following categories in the Extended RBI license:
-
File Converter
-
Pay to Surf
To learn more: RBI Category Definitions
RBI Policy Recommendations
RBI policies now present a banner to assist admins creating isolate policies including “Cloud Apps” that require a “sidecar” application to be functional. It will prompt admins to add the suggested applications to make sure required authentication flows also happen in isolation.
To learn more: Extended RBI Categories
Modified Out of Scope Warning Messages
Modified the warning banner text displayed when an out of scope category or cloud app is added to an isolate policy to align with the license enabled for the account.
To learn more: RBI Extended Category Warning Messages
SaaS Security Posture Management (SSPM)
Predefined rules for R113 in SSPM
Added 6 new predefined rules. These are for the following categories:
-
Apps:
-
Microsoft Entra: 5
-
Microsoft 365: 1
-
-
MITRE ATT&CK:
-
Discovery: 2
-
Defense Evasion: 3
-
Initial Access: 1
-
-
Security Domains:
-
Device Security: 4
-
IAM: 2
-
With this release, SSPM also supports M365 3.0 CIS benchmark and ISO27002-2022 standard.
Templates to Create New Rules
SSPM now supports creating new rules using templates with predefined rule definition, remediation steps, and description. You have to only modify the custom variable values into the template.
Added 10 new predefined templates. These are for the following apps:
-
Microsoft Entra: 5
-
Okta: 1
-
Salesforce: 2
-
Workday: 2
Threat Protection
Policy Action in Malware Incident Details Window
On the Malware page, the #Incident Details window now shows the Policy Action for each incident ID of the file. You can use this information to investigate past incidents and policy actions for the same file and correlate events, such as patient zero alerts with policy actions for malware detection.
To learn more: About Malware.
New Alert for Patient Zero Protection Policy Hits
A new Skope IT malware alert called Patient Zero Protection Policy Hit indicates when a patient zero protection policy is implemented and hit. This policy is a Threat Protection inline policy with the block till benign verdict by dynamic threat analysis option selected. The alert indicates that your user will see patience screens while Advanced Threat Protection engines scan the files.
The existing Patient Zero alert (that is, Alert Name: Patient Zero and Alert Type: Malware) only triggers when the file isn’t blocked and a patient zero case might have occurred.
Both the alerts now indicate the policy name to help with faster investigation.
Traffic Steering
AppConfiguration Support For iOS
Added support for MDM App Profile based enrollment with the same keys supported with VPN Profiles based enrollment. App Profile enrollment happens only on the initial Netskope Client UI launch.
New Log Level: Dump
Added a new Log Level Dump on the Netskope Client UI and Client Configuration tenant UI. You can set the log level as Dump when the log file size increases due to the presence of multiple files. Setting Dump level can suppress the debug level logs and move many unwanted logs that cannot be used for debugging to Dump.
Since the Dump option is available only from version 113.0.0, the log level on the Netskope Client UI fallback to Info if the Client Configuration in the tenant webUI is configured with the Dump option.
To learn more: Client Configuration.
Access Restriction on %ProgramData%
In Windows, Reveal Logs in the Advanced Debugging window displays:
-
%appdata%/netskope/stagent/logs folder if Protect Client configuration and resources is enabled in Client Configuration > Tamperproof.
-
%programData%/netskope/stagent/logs folder if Protect Client configuration and resources is disabled in Client Configuration > Tamperproof.
This behavior is due to the access restriction on %ProgramData% folder when Protect Client configuration and resources is enabled.
To learn more: Using Netskope Client.
Netskope Client Log Enhancement
Log enhancement involves new log Dump level, log file location changes, each process writes its own log file, and so on.
Tunnel Mode Option For Android Cert-Pinned App Exception
The Tunnel Mode option is now available on the webUI for the Android Cert-Pinned App exception. With the tunnel mode, the client tunnels the traffic from apps / domains but the Netskope proxy will bypass it. This option is useful for domains associated with an SSO authentication service, since these services use the source IP of the Netskope cloud to determine if access to the cloud app is protected by Netskope.
WSLv2 Support
Added Netskope Client support for WSLv2 (Windows Sub-System for Linux 2) and is available as beta in version 113.0.0. Users can deploy Netskope Client using WSLv2 CLI interface (UI support to be added in the future) and seamlessly enforce Netskope policies.
To learn more: Netskope Client for Windows.
- Check WSL version and
systemd
enable flag to warn users during the client install. Ifsystemd
is disabled, need to turn on the flag and reboot the distro. - This is a Beta feature. Contact Netskope support or your sales representative to enable this feature.
- Netskope Private Access is not supported.
Gateway Certificate Verification
Earlier, the Gateway certificate verification logic was disabled and it is now enabled.