New Features And Enhancements In Release 120.0.0

General Availability of Reports (New Experience)

The Netskope Reporting platform is updated with a new UI to offer users a more immersive and intuitive report building experience. New features are added to allow additional flexibility and customization. Some of the enhancements include:

• Interactive visualizations

• Centralized schedule management

• Improved sharing capabilities

• Expanded template library

To learn more: Reports (New Experience) page.

Email DLP and Endpoint DLP Support in Advanced UEBA Detections

Email DLP and Endpoint DLP policy alerts now impact the users’ User Confidence Index in Advanced UEBA anomalous detection scenarios. This provides coverage for endpoint and email data violations as risk vectors for anomalous user behaviors and UCI based adaptive access control policies.

User Confidence Index (UCI) Value Update

A user’s UCI value can be reset to 1000 (max) using REST API. To learn more, see the REST API documentation in the tenant for details. To learn more: UCI Reset API

Updated Activity Coverage for Medium

Enhanced Medium application to cover the following activities:

• Login related (Successful, Failed, Attempt)

• Post

• Upload

• Delete

• Share

• View

Support GPT-4o LLM for ChatGPT Connector

With the support of GPT-4o LLM model there is a new activity added Attach. This can be used by an admin to gain visibility for the file attached via Google Drive or Microsoft OneDrive. This helps in gaining control as well via real-time policy actions.

Gen AI Attributes in CCI

There are eight new CCI attributes for an application to track GenAI risk. Attributes cover app Enterprise through assessment of whether an app uses customer data for learning or sharing with 3rd parties, compliance with key AI regulations, aligning to Ethical AI use policy etc.

Domain Recategorisation to Google Drive

The domain colab.research.google.com has been moved from Google Colaboratory to Google Drive App. This will result in category update also from Development Tools to Cloud Storage.

ServiceNow New Release Support

Classic API Data Protection has now validated support up till ServiceNow Xanadu release.

Real-Time Policy for FTP (Firewall Application)

Introduced the ability to configure the Real-Time Policy for FTP (Firewall Application) with DLP Profiles. This enhancement also allows to set file size constraints for specific protocols, such as FTP.

Support Box as a Forensic Destination

Starting this release, as part of Next Gen Forensics, Netskope has rolled out Box as a new forensic destination. To learn more: Next Gen Forensics.

Display Sensitivity Label on Inventory Side Panel

Starting this release, you can view sensitivity label information for Microsoft Purview Information Protection on the Inventory page. To access this, go to API-enabled Protection > SAAS (NEXT GEN) > Inventory. Under Content, select File, and click on a file name to view the sensitivity label information.

• Sensitivity Label Vendor: Netskope supports Microsoft Purview Information Protection as DRM vendor.

• Sensitivity Label Instance: Name of the DRM vendor instance that you created in Settings > Manage > Sensitivity Label Integration.

• Sensitivity Label: Name of the SaaS app label.

• Sensitivity Label ID: A unique sensitivity label ID managed by the SaaS app.

Download Multiple Quarantine and Legal Hold Files

Starting this release, you can now download multiple quarantine and legal hold files from the Incidents page. To do this, go to Incidents > Quarantine (or Legal Hold), and select the Next Gen tab. Choose the desired quarantine or legal hold profile to view the files. Select the files you wish to download and click DOWNLOAD FILE. The UI will download the files as a compressed (.zip) file.

Inventory Side Panel Feature Parity

Starting this release, the inventory side panel data is now extended to additional SaaS apps.

• Sharing & Links data is now available for Box, Dropbox, Egnyte, Google Drive, and Salesforce.

  

• File Versions data is now available for Box, Dropbox, Egnyte, Google Drive, Microsoft 365 OneDrive and SharePoint, and Salesforce.

  

• The inventory side panel now displays the full file path of Google Drive files.

  

  The side panel does not display the file path for orphan files (file with an external owner) in Google Drive. For trash file, the inventory side panel may display the full file path inaccurately.

• The inventory side panel now displays the owner of the file in Salesforce.

  

Schedule a Dashboard Report

Starting this release, you can now schedule a PDF report and send it to a recipient of your choice at a predefined time. To schedule a report, you can navigate to API-enabled Protection > SAAS (NEXT GEN) > Dashboard. Select the desired application and click the PDF REPORT drop-down and select Schedule. To learn more: PDF Report.

FR4 Netskope Root CA Rotation

Netskope FR4 root certificate will expire on March 20 2025 and, as a result, all CAs and certificates in the trust chain will become invalid. We will enable the improved root CA rotation workflows on all tenant in FR4 management plane with this release. Some improvements over the AM2 root CA rotation workflows include:

• Improved and simpler UI workflows on the home screen banner and pop-up

• NPA rotation is now decoupled with the rotation toggle on the UI and will be performed seamlessly by Netskope

• SAML certificate rotation workflow for browser access for private apps has been removed

• O365 auth proxy rotation of SAML Certificate workflow has been removed if “resign certification” is not checked 

For more details, the updated rotation guide will be available at Root CA Rotation Guide.

Customer Notification for Web Category Changes

Category changes to high impact domains and URLs can affect customer traffic causing business disruption. With this release, Netskope will have an additional level of review when changes to high impact domains and URLs are requested by customers.

In addition, Netskope will stage the category changes to such domains and URLs for 2 weeks and notify customers using notify.netskope.com. This will enable customers to make necessary changes to their policies to absorb the impact of these changes. Customers can subscribe to these changes via email notifications as well.

UI Enhancement for Custom Categories

Introduced usability enhancements to the Web profiles:

• Custom categories, URl Lists and URL Lookup have been separated into three different sections. Custom categories and URL Lists are separate sections under Policies and URL Lookup as separate section under SkopeIT.

  

  

  

• Improved user experience when creating, modifying, or deleting a custom category. With this new UI, new custom categories appear first when sorted by default.

  To learn more: Create Custom Categories

Forward to Proxy for SSL Bypassed Traffic

Added Support for “Forward to proxy action” for all SSL bypassed traffic. As a result, all traffic can now be forwarded to the next hop proxy.

Transaction Event Format-4

Netskope Transaction Events have been updated to include log Format 4 with 35 new fields in the following categories:

• Identity

• Device

• Threat Protection

• Connection

To learn more: Transaction Event Fields 

Alternate User ID field

Introduced an optional field ‘Alternate User ID’ for Private Apps SAML Reverse Proxy configuration. When this option is configured, Netskope uses the configured ‘Alternate User ID’ field in the SAML assertion to retrieve the user identity.

Support for RDP and SSH over Browser Access

Private Access now supports end-user access to non-web (RDP/SSH) apps through a web browser without using the Netskope Client. Learn more.

Decoupling of NS Adapter Software from Netskope Cloud Release Version

Starting with R120, Netskope Adapter releases are decoupled from Netskope cloud release and it will follow a new release cycle along with a new version numbering format.
For more information, see Active Directory with Netskope Adapters – Netskope Knowledge Portal.

Improved Website Scrolling

When scrolling with the mouse wheel or scroll bar on an isolated website, the displacements are now smoother, leading to a better user experience.

Memory Tab Threshold

Removed the predefined Thresholds for concurrent Remote Browser Tabs. Prior to this feature enhancement RBI would show users an error page warning them about the tabs threshold (10 concurrent tabs per session), asking the user to close existing individual isolated tabs or groups of isolated tabs before opening a new isolated tab.

With this new enhancement concurrent isolated tabs will not be limited by a predefined threshold. Concurrent isolated tabs will only be limited when users hit the RBI container Resource Consumption Limit. You can learn more about the Limits and User Experience, here: Resource Consumption Limit.

RBI Content Encoding Improvements

Modified RBI image encoding to produce data transmission and bandwidth savings (~56%), without compromising image quality.

Added Support for CIS GitHub Benchmark

SSPM now supports the CIS Github 1.0 Benchmark compliance standard.

Enhancements to Predefined Rules

Recent updates for SSPM rules are as follows:

New Predefined Rules

3 new predefined rules are shipped with this release. It covers the following categories:

• Apps:

  • ServiceNow: 3

• MITRE ATT&CK:

  • Credential Access: 1

• Security Domains: 

  • Certificate Management: 1

  • Encryption: 1

  • IAM: 1

Existing Rule Updates

• ServiceNow: 1

• GoogleWorkspace: 1

Enhanced Error Messages in NGL

Netskope SSPM has improved the semantic checks in NGL. With the improved checks you will see more structured and detailed error messages, making it easier to identify and resolve issues in NGL queries.

General Availability (GA) of SSPM Reports

SaaS Security Posture Management and SaaS Security Posture Management – Compliance dashboards are now generally available in the Netskope Advanced Analytics Library. These dashboards show detailed findings and compliance summary of SSPM data. You can now create, schedule, and download these reports from the UI.

This provides access for SSPM data collection in Advanced Analytics, allowing for comprehensive data exploration of posture scan results. Enjoy flexibility in building custom dashboards tailored to your specific needs.

Navigate to Advance Analytics > Netskope Library. In the Dashboard Name search box, search for “Dashboard Name ~ saas” and click Enter to search. The page shows “SaaS Security Posture Management” and “SaaS Security Posture Management – Compliance” dashboards in the results.

See SSPM Reports using Advanced Analytics for more information.

Support for Various OS Versions

Netskope Client now supports the following versions:

• Windows 365.

• MAC 15.0 (Sequoia)

• iOS 18

• ChromeOS 128

To learn more: Supported OS and Platform.

Top Level Domain

This was earlier available as a Beta feature. This is now available for all tenants.

The steering configurations now support top-level domains(TLD).

To learn more: Exceptions.