New Features And Enhancements In Release 114.0.0
New Features And Enhancements In Release 114.0.0
Here is the list of the new features and enhancements.
CASB Real-time Protection
Microsoft Co-pilot (Free): New Generative AI Connector Supported
With this feature, enterprises have granular policy control by creating Microsoft Co-pilot based policies. This helps to make sure an employee’s productivity is not impacted and at the same time limits AI capabilities to enterprise internal employees for better access control. In addition, you can use this feature with Generative AI category based policies as well as Microsoft Co-pilot based policies.
- DLP Policies should be created for Microsoft Copilot Post activity
- The domain for Post activity is bing.com. As bing.com is part of Microsoft Bing application, the steering configuration should have the Microsoft Bing application along with Microsoft Copilot application.
Enhancement for ChatGPT Connector to Support Anonymous Application Usage
Enhancement to the existing ChatGPT connector to provide control via Real-time Protection policies for anonymous users using ChatGPT. Only Post is allowed by ChatGPT without user log in.
Cloud Confidence Index (CCI)
URL Recategorization request
App Categories are updated as part of the CCI Database update. Refer to the Product Change Notification Portal for updated category details.
SSPM Score
Added a field under the “Attack Surface Management” section in Netskope CCI which shows the SSPM Posture Score for apps supported and onboarded through Netskope SSPM.
Cloud Firewall (CFW)
HTTPs Traffic Auto-detection
We are introducing auto detection of HTTP(s) traffic on non-standard ports for further policy evaluation. Currently you are required to provide Custom HTTP(s) ports to identify HTTP(s) traffic on non-standard ports.
With this feature, Firewall can detect HTTP(s) traffic on non-standard ports and send them for web policy evaluation. There is no need to specify custom ports in the steering configuration.
UI Phase-2 Enhancement
With this release, the following features are added:
-
“Block the identified HTTP on non-standard port” is shown in “Identify HTTP Traffic On Non-standard Port” configuration.
-
Realtime protection (RTP) pages shows the block status when “Block the identified http on non-standard port” is enabled.
Data Protection
Additional Filetype Support
This release includes support for over 88 additional file types accessible through the DLP file filter. A few of these are as follows:
-
Python Wheel/WHL package
-
Altium Circuit files
-
HTTP Archive (HAR) Files
-
Microsoft Windows Clipboard files
-
Android App Bundle
-
Android XAPK installer
-
Planetary Data System data version 2/3/4
-
ConceptDraw fileformats
Predefined Classifiers
DLP administrators can now customize predefined file classifiers by adjusting threshold levels and improve detection efficacy by uploading false-positive images and documents.
See DLP File Classifiers for more information.
Email Subject and Search Feature
The Record Subject line feature will enable Email DLP (SMTP) administrators to seek consent and record the email subject line. This makes it available for search across Events, Alerts and Incidents and Notifications.
For more information, see Subject Line Recording.
Content Encryption for Forensic Folder
Starting with this release, Netskope’s Incident Management System supports encrypting the forensic content when uploading it to SaaS or IaaS destination. When viewing the forensic snippet on Netskope’s DLP Incident Management UI, Netskope’s Incident Management System decrypts the encrypted forensic content.
Additionally, if the original file feature is enabled, the file will be encrypted when it is stored and decrypted when it is downloaded.
To learn more: Forensics
Endpoint Data Loss Protection (EPDLP)
Network File Share Device Control
Network File Share Device Control is now available for the Windows Endpoint DLP agent upon request.
Netskope Private Access (NPA)
Multi Search Domains for Wildcard Application Access
Private Access now provides access to internal applications when App request is using a PQDN by eliminating access attempts to non existent applications. This feature is supported on Windows and macOS clients.
Filter and Export Feature
Filter and Export option is now available for Private Application definitions on the Web UI and its now enabled by default.
Enhanced Windows Client Tunnel Status
Enhanced Netskope Client on Windows to share Private Access tunnel status on Client icon, Mouse hover and on the Menu. Updated status includes:
-
Enabled/Disabled
-
Re-authentication Time
-
Grace period warning
-
Error due to re-authentication.
To learn more: Using Netskope Client.
REST API Support for Real-time Policies
Netskope Private Access API’s now support CRUD operations and version control for real-time policies.
Publisher Selection Based on the Latency
Private Access will now select the Publisher that is closest to the user, from the pool of configured Publishers based on Latency.
Next Generation API Data Protection
Extended App Support for Email Notification in Policy Wizard
Next Generation API Data Protection has now extended email notification for events, policy violations, and alerts to following apps:
-
Atlassian Confluence
-
GitHub
-
Microsoft Yammer
-
Zoom
You can set an email notification under Policies > API Data Protection > SAAS > Next Gen > New Policy. Under Profile & Action, click + Email Notification.
You can define an email notification for events in the policy wizard. These notifications, triggered by events like policy violations or alerts, provide administrators and designated user groups with timely information about important activities. You can send a notification to:
-
Owner: Creator of the message or file.
-
Admin: Admin email that was configured as part of the instance setup.
-
Collaborators: Everyone with whom the message or file is shared.
-
Selected Users: Specified users.
You can either use the default email template or create a new template for the notification.
This enhancement is extended to:
-
Incidents > DLP page: Click an app incident. Under the Restrict Access drop-down, select an option. A pop-up window opens. Select the Notify Users checkbox and the available options to send an email notification.
-
API-enabled Protection > CASB API (Next Gen) > Inventory page: Click an app entry. In the details page, under the Take Action drop-down, select an option. A pop-up window opens. Select the Notify Users checkbox and the available options to send an email notification.
To learn more: Create a Next Generation API Data Protection Policy
Support Delete Action in Incidents > DLP Page
Starting this release, Next Generation API Data Protection now supports the Delete action in Incidents > DLP page.
Once you click Delete, you can notify user(s) and proceed. The object in the SaaS gets deleted.
General Availability (GA) of Microsoft 365 Outlook
As part of this release, Next Generation API Data Protection for Microsoft 365 Outlook is now qualified as GA. With this qualification, Next Generation API Data Protection for Microsoft 365 Outlook can now support policy creation, DLP, threat protection using ongoing scan, alerts and more. To learn more:
-
For features supported, see Next Generation API Data Protection Feature Matrix per Cloud App.
-
To configure Microsoft 365 Outlook, see Configure Microsoft 365 Outlook for the Next Generation API Data Protection.
-
For a list of activities monitored by Netskope, see Activities Monitored by Netskope.
Netskope Secure Web Gateway (NG SWG)
Case Insensitive custom URL list matching
This feature will allow case insensitive matching for incoming URLs against custom URL lists. A toggle was added to Settings > Security Cloud Platform > Configuration page to enable the feature.
To learn more: Security Cloud Platform Configuration
SSL Decryption by OS and Access Method
Introduced the ability to create SSL Decryption policies based on specific Access Methods and OS. In addition, we added OS Family and Access Method filtering capabilities to the SSL Decryption Page.
Administrative option for forcing reauthentication
Introduced an API to withdraw IP surrogacy entry of an end device for IPsec, GRE and EPoT deployments.
Increased OU/groups for Inline Customers
Extended the limit of unique user groups/OU’s that can be used from 1024 to 4096 in Real-Time policies and SSL decryption policies.
Platform Services
RBAC Support
Added RBAC support for the account homepage dashboards. The visibility of the individual widgets on the dashboard and widget selection menu is dynamic based on the data permission assigned to the logged in user. For example, if the user does not have view/edit permission for Incidents, widgets created based on the Incidents dataset are not visible to the user.
Remote Browser Isolation (RBI)
Extended RBI License Enhancement
With this release, additional categories are added for the Extended RBI license.
-
Advocacy Groups & Trade Associations
-
Alcohol
-
Arts
-
Automotive
-
E-Commerce Tools
-
Fashion
-
Generative AI
-
Technology
-
Web Hosting
Enhanced Page Titles and History Entries
Currently, page titles and history entries always reflected the nature of the current state of the page, including an expired isolated web page due to inactivity (as indicated in the warning template).
With this release, to make user navigation and history as seamless and natural as regular browsing, RBI is now letting the isolated chromium browser update the title at all times, without any external modification by RBI.
Page title updates in isolated navigation are transported to the user’s browser, so it always reflects the title of the target webpage. If there were none, then the browser shows one derived from the URL, as it happens with non-isolated navigation.
SaaS Security Posture Management (SSPM)
Predefined rules for R114 in SSPM
Added 15 new predefined rules. These are for the following categories:
-
Apps:
-
Microsoft Entra: 4
-
Microsoft 365: 11
-
-
MITRE ATT&CKS:
-
Initial Access: 4
-
-
Security Domains:
-
Authentication: 4
-
Email Security: 11
-
Workday and ServiceNow now Supports 3rd Party App Feature
With this release, the 3rd Party App feature is now supported for Workday and ServiceNow apps. For the same, additional permissions are needed.
Refer Configure Workday Instance for SaaS Security Posture Management and Configure ServiceNow Instance for SaaS Security Posture Management article to see the list of permissions required by Workday and ServiceNow respectively.
Traffic Steering
Audit Log Enhancements
Using Audit Logs, you can log all intentional or accidental changes (Create/Modify/Delete) done in the Netskope Client Configuration and Steering Configuration, including Steering Exceptions.
With this enhancement, you can have a better understanding regarding who, when and what details of modifications in the logs.
You can now capture the following details in the Audit Log:
-
Create/Clone/Edit/Delete client/steering config
-
Disable/Enable steering config
-
Reorder client/steering config
-
Switch OU/Group for client/steering config
-
Create/Edit/Delete firewall application, cloud application, cert pinned application, category, domain, country, source network, and destination network exceptions
-
Bulk edit cert pinned application exceptions
-
Create User
To learn more: Steering Configuration
Log Bundle Support
Improved support to save log bundle to wide character file path.
Enhancements In Certificate-Pinned Applications
Enhanced the Certificate Pinned Application tab under Settings > Security Cloud Platform > App Definition. With this enhancement, you can:
-
Enable direct assignment of Steering Configurations to Certificate-Pinned Applications.
-
Allow changes to Certificate-Pinned Application exception and advanced options directly from the new Steering Configuration Exception modal which would make the exception options management easier and more efficient.
-
Display which Certificate-Pinned Applications are configured for each Steering Configuration all in one place.
To learn more: Creating a Custom Certificate Pinned Application
DEM Configuration Services
Starting with version 114.0.0, the Netskope Client makes use of the P-DEM Netskope Client Configuration Service (CCS) by which users subscribed to P-DEM Professional can control the collection of the network and device health information at various granularity including organizational unit, group, and individual user. With the release of version 114.0.0, all existing users of P-DEM Professional will have their current configuration seamlessly migrated to the CCS.
Master Password Support for NS Client disablement
Introduced an option for the administrators that enables them to set a to set a Master Password while configuring “Allow disabling of all Client Services together” under Settings > Security Cloud Platform > Client Configuration > Tamperproof on the WebUI. This is optional and if enabled by the administrators, makes it mandatory for the end-users to enter the password while disabling Netskope Client.
The main purpose to add a Master Password is for the business continuity in the event of any disaster and users can continue disable Netskope Client.
To learn more, view Client Configuration.
Tunnel Steering
IPSec/GRE Enhancements
Added the following enhancements with this release:
-
On the IPSec/GRE table listing page, the Primary and Failover POPs are now visible by default. If additional POPs are added, they are initially hidden, with an option to expand them by clicking on a button.
-
Updated the tooltip message for status on the IPSec/GRE table listing page to use Tunnel instead of Site.
-
Renamed the IPSec/GRE Site filter to Site Status.
-
Added a new filter option called Mixed under the IPSec/GRE Site Status filter. This option filter sites with some tunnels in an Up state and some in a Down state.
-
Renamed the Status column on the IPSec/GRE table listing page to Tunnel Status.
Additional Documentation Updates
-
Cloud Explicit Proxy: Improved the content and structure for Netskope Cloud Explicit Proxy.
-
Allowing Unauthenticated Traffic from IP Addresses: New article on how to create an allowlist for Cloud Explicit Proxy.
-
Cloud Explicit Proxy for Chromebooks: Improved the content and structure for integrating Cloud Explicit Proxy with Chromebooks.
-
Explicit Proxy over IPSec and GRE Tunnels: Improved the content and structure for Netskope Explicit Proxy over Tunnel.
-
Device Client Data Collection (now GA): The Advanced Analytics Device Client Data collection and accompanying dashboards provide an overview of the most recent organization wide client status. To learn more: Device Client Data Collection