New Features And Enhancements In Release 116.0.0
New Features And Enhancements In Release 116.0.0
Here is the list of the new features and enhancements.
Advanced Analytics
Contains Filter Option
In the transaction events data collection, any dimension type fields added as a filter in the data explorer or a dashboard will no longer allow contains as a selectable value.
Revamp Classic Reports
Updated the Classic Reporting experience with new enhancements and additional report templates. To learn more details on this upgrade and instructions on migrating your reports to the new platform, visit the Reports (New Experience).
API Data Protection
ServiceNow New Release Support
Netskope has now validated support up till ServiceNow Washington release.
CASB Real-time Protection
New domains in Google Translate
Enhanced domain coverage for Google Translate App:
-
translate.google.co.in
-
translate.google.fr
-
translate.google.es
-
translate.google.de
-
translate.google.co.jp
-
translate.google.cn
-
translate.google.ru
-
translate.google.co.uk
-
translate.google.it
-
translate.google.nl
-
translate.google.se
-
translate.google.pl
-
translate.google.fi
-
translate.google.us
-
translate.google.au
-
translate.google.nz
-
translate.google.br
Cloud Confidence Index (CCI)
URL Shorteners
Updated the application category of the apps “Rebrandly, TinyURL, BL.INK and Bitly” to ‘URL Shortners’.
URL Recategorization Request
App Categories were updated as apart of the CCI Database updates and the details of updated categories can be found on Product Change Notification Portal.
CCI Tagging Rule/Manager Phase 1
Added a new CCI Tag Management User Interface with these new capabilities:-
-
CCI tags can now be defined based on a rule which is based on a combination of criteria spanning across multiple CCI attributes.
-
These rules are dynamic and apply tags to the Apps that meet the rule criteria.
-
These rules automatically get evaluated against any new apps added to CCI as part of content updates.
To learn more: Tag Apps
Cloud Firewall (CFW)
DNS Response Time
This change allows users with DNS policies to view the DNS response time in the Network Events page for SkopeIT. The DNS response time (in milliseconds) will allow us to filter out events based on response time.
Cloud Tap
Cloud Tap
The Beta version of Cloud Tap provides the ability to mirror or copy packets from Netskope infrastructure and ingest them into a third-party vendor for enterprise security and monitoring use cases.
Data Protection
Enhanced Unicode Separator Support
Added the following additional support for hyphens and dashes:
-
full-width hyphen-minus (U+FF0D) separators in Japanese postal codes and block/house portions of addresses.
-
unambiguous (U+2010) and non-breaking (U+2011) hyphens in pairs within major payment card, US SSN, ATIN, and ITIN number Entities.
-
minus signs and unambiguous hyphens within chromosomal disorders and eponymous diseases detected by the “Medical Conditions (English)” Entity.
Additional support has been added for typographical quotes (U+201C and U+201D) within the “Full Names (US)” Entity where non-typographical quotes were already supported within low-ambiguity name pairs, such as “Vicente “Vince” Schneckenberger“.
Restructure Taxpayer ID Identity Navigation
Updated third and fourth-level navigation hierarchy for Taxpayer ID number and terms Entities within Rule creation. This update groups country-specific Entities together in a more cohesive and organized fashion. The new menu structure for Brazilian Taxpayer ID Entities is now:
-
Personal Numbers
-
Taxpayer IDs
-
Taxpayer IDs (Brazil)
-
Personal TINs (BR; all)
-
Personal TIN Terms (BR; “CPF”)
-
Personal TINs (BR; Contextual)
-
Personal TINs (BR; unformatted)
-
Personal TINs (BR; with hyphens)
-
-
-
Additionally, the country-specific terms Entities have been expanded to match more terms. For example, “India PAN” or “PAN” now results in a match.
OCR Text Classification
Customers subscribed to Advanced DLP capabilities can leverage OCR (Optical Character Recognition) to extract text from images. In order to improve the overall efficacy (reduce false-positives) of the DLP text classifiers, the default DLP behavior has been modified so that text obtained from OCR is no longer sent to DLP ML-based text classifiers. If you require the extracted text from images to be sent for text classification, the behavior can be reverted by using a feature flag.
Next Generation API Data Protection
New App Support
Starting this release, Next Generation API Data Protection has introduced the support for:
-
Microsoft 365 OneDrive GCC
-
Microsoft 365 Outlook GCC
-
Microsoft 365 SharePoint GCC
To learn more: Next Generation API Data Protection Platform.
To learn more about the features supported: Next Generation API Data Protection Feature Matrix per Cloud App.
Quarantine Tombstone for Microsoft Office 365 File Types
Starting this release, Next Generation API Data Protection has introduced quarantine tombstone for Microsoft Office 365 file formats. Netskope can replace contents of .docx, .xlsx, and .pptx file types with tombstone content while retaining the same file format. Customer need not set custom tombstone files for .docx, .xlsx, and .pptx file types anymore.
The ability for Next Generation API Data Protection to use default or customer-provided text in a Microsoft Office 365 tombstone is now available, though, only for .docx, .pptx, and .xlsx file types. For file types .doc, .ppt, and .xls, Netskope uses the default text that cannot be customized.
Policy Filters & Search
Starting this release, Next Generation API Data Protection has introduced search and filter options in the policy wizard page. With this enhancement, you can now search an already created policy or filter policies based on certain criteria. As part of this release, you can filer policies based on:
-
App Instance: Enter the name of the SaaS app instance. This is an exact match search.
-
Application: Select the SaaS app name from the drop-down. You can select multiple SaaS apps.
-
Action: Select a remediation action from the dropdown. You can select one action only.
-
DLP Profile: Select a DLP profile from the drop-down. You can select one DLP profile.
-
Policy Name: Enter the name of the policy. This is a sub-string match.
To filter policies, the search criteria uses the AND logic.
Netskope Private Access (NPA)
CORS OPTIONS for NPA Browser Access
Private Access allows unauthenticated CORS OPTIONS requests via Browser Access.
New Netskope Client UI Indicator
Enhanced the Netskope Client for macOS to show Internet Security and Private Access tunnel statuses on:
-
The system tray client icon tooltip
-
On-click menu
-
Netskope Client icon colors
To learn more :Using Netskope Client.
Netskope Secure Web Gateway (NG SWG)
New URL Category for URL shorteners
Netskope introduces a new category called URL shorteners. This category will be added in addition to the existing category for URLs that match the definition of the new category (Netskope Pre-defined URL category definitions). This new category will be available for use in real-time protection policies, SSL decryption policies and steering exceptions.
Egress IP Bypass Proxy
Dedicated egress IP feature allows internet bound customer traffic to egress through customer specific public IP addresses. Previously, traffic specifically out of cert pinned applications egressed out of Netskope datacenter general pool instead of dedicated assigned public IP addresses. With this release, all tenant traffic including cert pinned apps will egress out of the customer dedicated public egress IP addresses.
Policy Management Page
Enhanced Policy Management Page to support:
-
Collapse/Expand of all policy groups by using a toggle.
-
Display of total count of “policy groups” as part of the table header (not just policy count).
-
Additional page size options of 200 and 250.
Policy Page Filter
Enhanced Policy page filter to support filter based on a policy single/multiple groups.
Extended MITM Security Level Support for BYOK
Netskope has added support for keys with strength greater than 128 bits for SSL decryption when the customer are using their own PKI. Supported algorithms will include ECDSA-256, ECDSA-384, ECDSA-521, RSA-3K and RS-4K.
URL Category Look-up APIs
The URL Lookup API allows you to search for up to 100 URLs in a single request while implementing rate limiting (requests per second and requests per day). This API returns predefined or custom categories, URL lists, and if the categories were assigned via dynamic classification. More information about this REST API is available in Swagger. To learn more about REST APIs, see REST API v2 Overview.
Geo-anchoring Support
Netskope can now traffic from one Netskope DP to another to acquire a source IP address from a specific geolocation.
Forward to Proxy for SSL Bypassed Traffic
Netskope has added support for “Forward to proxy action” for all SSL bypassed traffic. As a result, all traffic can now be forwarded to the next hop proxy.
Remote Browser Isolation (RBI)
Extended RBI – R116 Batch
RBI added support for the following 32 categories in the “Extended RBI license”:
-
Abortion
-
Adult Content – Other
-
Alcohol
-
Business Intelligence and Data Analytics
-
Content Management
-
Education
-
Family & Parenting
-
File / Software Download Sites
-
File Repositories
-
Forums
-
Hobbies & Interest
-
Home & Garden
-
Investors & Patents
-
Job Search / Careers
-
Military
-
Nursing
-
Personal Sites & Blogs
-
Pets
-
Philanthropic Organizations
-
Photo Sharing
-
Real Estate
-
Religion
-
Science
-
Search Engines
-
Sports
-
Survey Solutions
-
Tobacco
-
Translation
-
Travel
-
Weapons
-
Web Analytics
-
Web Hosting
Fallback Action for Non Isolable Requests
Introduced a new feature that allows RBI customers to modify the current action that RBI applies for requests that matched an isolate policy and are deemed not isolable (that is, not a webpage): “proxy to next hop”. When this feature is enabled, all non isolable input requests are blocked instead of proxied to the next hop. This is a tenant level setting. When the feature is enabled, it will apply to all not isolable requests.
SaaS Security Posture Management (SSPM)
Enhanced Workday Permissions
Added support for risk profiling of Workday’s 3rd Party Apps related to Domains and Business process.
Overview Page Enhancements
The following enhancements are made to Overview Page:
-
Increased the row limit in widgets from 5 to 50. This helps to view the entire list of Applications and Compliance standards in the Overview page. This will replace the section titled Others.
-
Faster loading of the Overview page.
Clone Rule Feature in SSPM
With this release, you can build custom rules easily by cloning any of the existing rules which can be added to an existing or new policy.
To learn more on how to use Clone Rule feature, refer Clone a SaaS Security Posture Rule
Additional Rule Deletion Constraints
With this release, you cannot delete rules which have categories attached to them. You have to first detach all the categories for that rule, save and apply the changes for the policy, only then you can delete rule.
SSPM App Updates in Zoom Marketplace
Netskope has an updated Netskope Security Posture Management app in Zoom marketplace:
-
Existing Zoom SSPM customers will receive a notification from Zoom through an email to start reauthorization by clicking the Update button. This step is mandatory for continuous visibility into Zoom Users. The current users will need to regrant permissions to the existing Zoom SPM instance.
-
New Zoom SSPM customers can install the app and will have continuous visibility into Zoom Users. See the Installation steps in the configuration guide.
Predefined Rules for R116
Added 1 new predefined rule. These are for the following categories:
-
Apps:
-
Microsoft 365: 1
-
-
Security Domains:
-
Data and File Security: 1
-
Sharing: 1
-
New Templates for R116
SSPM supports creating new rules using templates with predefined rule definition, remediation steps, and description. Added 7 new predefined templates for Microsoft 365.
To learn more on how to use the templates, refer Create Posture Rule using Template.
Threat Protection
CVE Enhancements in Skope IT
You can now search, filter, and add columns for the CVE field in Skope IT alerts.
To learn more: About IPS Settings.
Sandbox API Support
Netskope updated Sandbox Threat Scanning REST API to ensure intermediate security tools (for example, firewalls) don’t block the API submission to the Netskope Cloud Sandbox. You can now submit PE, office, or PDF file types as a single file in zip archive format. The zip archive must be password protected to use password “infected”.
To learn more: https://<Tenant Name>.goskope.com/apidocs/. You must be logged in to your tenant to view this page.
Traffic Steering
New Windows OS Editions
Added support for three new Windows OS editions in the OS Check under Device Classification for Windows:
-
Windows 10 Enterprise N LTSC
-
Windows 11 Enterprise LTSC
-
Windows 11 Enterprise N LTSC
Chrome Extension Support for User Notification
Implemented user coaching notification support for Chrome Extension. With this new feature, when Chrome Extension can show the user notification messages similar to Netskope Client apps on other platforms.
This works only for Chrome OS devices as extension is designed only for ChromeOS devices usage.
Additional Documentation Updates
Created a new section called Manage under Admin Console. This section includes the following topics:
-
Device Classification
-
Advanced File Scanning
-
MFA Integration
-
IRM Integration
-
Sensitivity Label Integration
-
Forward to Proxy Integration
-
Header Insertion
-
Certificates
-
Application Feature Support