New Features And Enhancements In Release 121.0.0
New Features And Enhancements In Release 121.0.0
Here is the list of the new features and enhancements.
To check your tenant software version, navigate to Settings > General.
Advanced Analytics
Custom Filter Change
UI Enhancements and Updates:
-
Allow field search based on field label, description, or field group in Data Explorer.
-
Separated options to add text box and markdown text box to a dashboard.
-
Added support for expanded view for widgets on a dashboard.
-
Added Custom expression and New group filter options to Data Explorer. You can now AND and OR logic between filter groups.
-
Added an expanded view option for dashboard tiles. Select View > Expanded from a dashboard tile to see a detailed view of the tile.
Transaction Events Ingestion to Advanced Analytics
Netskope Advanced Analytics will be introducing a feature soon that will provide a way for users to pause or continue transaction events ingestion. If a tenant is not actively using Transaction Events for more than 90 days (i.e. run queries in the data explorer, load a transaction events-based dashboard) , the transaction events ingestion will automatically pause. In addition, for newly provisioned tenants, Advanced Analytics will be enabled with transaction events ingestion paused and transaction events-based dashboards will not contain any data. You can toggle this option in the NAA User Interface to restart transaction events ingestion to populate these dashboards.
Enable Support for Endpoint DLP Data in Advanced Analytics
Endpoint Events data collection is now available in Advanced Analytics. This can be enabled by request, and the endpoint events dashboard can also be made available to preview in the format of a dashboard file that can be imported to the tenant.
CASB Real-time Protection
WhatsApp E2E File Encryption
Organizations can now leverage the Netskope RBI solution in order to apply Real-time Protection policies to the WhatsApp application.
This consists of inspecting files when being uploaded and/or downloaded and applying DLP/TSS policies according to their sensitivity.
For more details, please refer to: Enforcing DLP and TSS Policies on E2E Encrypted Apps
Google Translate Connector Post/Upload Support
Security admins can now set up Real-time Protection policies to gain visibility and manage access control over Google Translate. An admin can now control enterprise data exfiltration via policy controls and associate them with DLP/TSS Policy. Application activities like upload, translate, and more are covered as part of the app connector.
Cloud TAP
General Availability (GA) of Cloud TAP
The Netskope Cloud TAP solution captures traffic between a managed endpoint with Netskope Client or branch offices using IPsec or GRE tunnels, and the Netskope cloud security platform. This solution sends a copy of the captured traffic from Netskope cloud to a customer provided cloud-based object store in AWS, Azure, or Google Cloud Platform (GCP). Given that most traffic today is TLS encrypted, session keys are also securely provided.
Netskope also provides a tool to decrypt traffic in a customer environment. Post decryption you will have an option either to send traffic to any NDR tool (or any tool that can accept traffic in VxLAN or Geneve protocol) or to store in a PCAP format.
Data Protection
Support for SVG File with Non-textual Data
DLP supports text extraction and subsequent inspection of Plain Text SVG files. For SVG files that contain meaningless text used to form an image in an SVG file, DLP will only be able to identify the file type as there is no text to inspect.
Selectable MIP Parent Label
With this release, you now have the ability to choose only the Parent label when there are Parent and child labels defined as part of the customer Purview label configuration.
To learn more, see Microsoft Purview Information Protection and Netskope DRM.
Support for Additional File Types
This release includes support for over 81 additional file types accessible through the DLP file filter.
Endpoint DLP (EPDLP)
Bluetooth Device Control for macOS
Bluetooth Device Control is now also available for the macOS Endpoint DLP agent. This feature allows policy-based decisions to prevent data transfer using Bluetooth.
To learn more, see Creating Endpoint Device Control Policies.
macOS Content Control
You now have an option in macOS to disable scanning of files written to USB storage by backup software such as TimeMachine. The option is available under Policies > Endpoint Policies > Content Control > Settings.
USB Notification Dialogs
Notification dialogs on macOS are now serialized, displaying only one dialog at a time.
Sequoia OS Support
Endpoint DLP is now supported on macOS Sequoia.
Next Generation API Data Protection
Quarantine and Legal Hold Actions via REST API v2
Next Generation API Data Protection now supports quarantine and legal hold actions through REST API v2.
Capability snapshot:
-
List quarantine and legal hold profiles and incidents.
-
Block or restore resources involved in a quarantine incident.
-
Mark a legal hold incident as processed.
-
Retrieve details about the original, quarantined, or legally held resources.
-
Download quarantined or legally held resources directly.
To learn more, log in to your Netskope tenant and navigate to Settings > Tools > REST API v2 > API Documentation.
Netskope Secure Web Gateway (NG SWG)
Forward to Proxy for SSL Bypassed Traffic
Added Support for “Forward to proxy action” for all SSL bypassed traffic. As a result, encrypted traffic can now be forwarded to the next hop proxy bringing parity between decrypted and non-decrypted traffic.
Data Trickle Handling for Large File Scanning
When advanced file scanning (for Scanning large files) is enabled, Netskope SWG trickles few bytes of data to the client while content inspection is going on. If content scan verdict is block, Netskope SWG terminates the connection. Some clients (such as browsers) initiate retries (with partial content requests) for the remaining data. This enhancement handles blocking the retries for partial content initiated by clients.
Netskope URL Lookup API
The Netskope URL Lookup API allows you to get the categorization for one or multiple URLs. The response includes the predefined categories, custom categories and URL lists matched against a URL, domain or IP.
x-c-timezone Transaction Event- Format 4
Added a new x-c-timezone field that uses +01:00, -07:00, and so on, to show GMT offsets when source GEOinfo and policy are evaluated. Otherwise, this field remains empty.
Cloud Lookup for in-house URLC DB
Improved Netskope URL categorization coverage by looking up the cloud hosted Netskope database if there is a miss on the smaller inline categorization database. This will reduce the number of URLs where the category returned by Netskope is “uncategorized”.
REST API v2 for Auth Service
Introduced new authentication REST APIs endpoints to allow customers/partners to automate IDP configuration. The new API supports the following:
-
Ability to query IDP settings
-
Creation of individual IDP (rows in our UI) and corresponding Netskope settings (ACS URL, SAML cert for IDP setup)
-
Modification of IDP objects (e.g. change access control)
-
Deletion of individual IDP objects
-
CRUD for SAML global settings – SAML domains/Categories bypass, source IP bypass, authentication refresh interval, user auth domain refresh interval and cookie surrogate)
Netskope Private Access (NPA)
Multiple IdP Support for Browser Access
NPA Browser Access now supports configuration of multiple SAML accounts (up to 10) of type Private Apps to accommodate various IdP configurations. End users will authenticate against one of the IdPs based on a domain match configured by the admin within the SAML account. Learn more.
Increased Number of Hosts for App Discovery
The App Discovery feature now supports a limit of up to 500 hosts. The default limit is 32, but it can be increased up to 500 upon request.
NPA Device Classification Support
NPA now supports device classification and custom labels for usage in realtime protection policies.
Reports
Access to Reports
With this release, all customers have access to Reports, including Advanced Analytics customers with the extended data retention option.
SaaS Security Posture Management (SSPM)
Enhancements to Predefined Rules
Recent updates for SSPM rules are as follows:
-
New Predefined Rules
3 new predefined rules are shipped with this release. It covers the following categories:
-
Apps:
-
GitHub: 1
-
ServiceNow: 2
-
-
MITRE ATT&CK:
-
Discovery: 1
-
Reconnaissance: 1
-
Exfiltration: 1
-
-
Security Domains:
-
Data & File Security: 3
-
-
-
Existing Rule Updates
-
Salesforce: 3
-
Enhancements to ServiceNow Integration
ServiceNow integration has been enhanced to provide visibility to User Roles and Public pages on your ServiceNow instances. You can query this data using NGL or write custom rules on this data. To enable SSPM to retrieve this data, the ServiceNow user setting up the instance must have access to the sys_user_role
and sys_public
tables. If the necessary permissions are not available, User Roles and Public Pages will not be visible.
For more details, refer to Access Required for ServiceNow.
Enhancements to Okta Instance Setup
The Okta instance setup process has been enhanced to introduce an API Token-based authentication method, replacing the previously used OAuth2. OAuth2 required reauthorization every 90 days due to a hard limit on the refresh token’s lifespan. The new API Token method allows you to generate a token from the Okta admin console and configure it once without expiration, simplifying both setup and maintenance.
While existing customers’ instances will continue to function as before, we recommend that all current customers switch to the new setup flow for an uninterrupted and streamlined experience.
For more details, refer to Configure Okta Instance for SaaS Security Posture Management.
Tunnel Steering
Cloud Explicit Proxy HTTPS
Cloud Explicit Proxy (CEP) HTTPS is a new steering method that encloses HTTP Proxy flow into a TLS tunnel. It’s currently available only through API.
Additional Documentation Updates
Added a new article on allowlisting NewEdge Data Center IP ranges.