New Features And Enhancements In Release 122.0.0
New Features And Enhancements In Release 122.0.0
Here is the list of the new features and enhancements.
Behavior Analytics
Compromised Credentials
Compromised credentials allows selecting specific tracked domains and users to match, including the ability to restrict to corporate domains only. You can use this configuration to limit credential matching to your choice of corporate domains or specified corporate users.
CASB Real-time Protection
Support for Google Gemini
Added support for Google Gemini API endpoints through the Google Gemini app connector for Post activity detection.
Synthetic Instance Detection Support
Improved synthetic support for DocuSign connector.
Cloud Confidence Index (CCI)
Remapped *.sharefile.com domains to Citrix Sharefile application
Added the following domains to Citrix ShareFile application:
-
greentradertax.sharefile.com
-
hogantaylor.sharefile.com
-
envisionpharma.sharefile.com
-
msbcomplianceinc.sharefile.com
-
crombielockwood.sharefile.com
-
ims-tpa.sharefile.com
-
easi.sharefile.com
Cloud Firewall (CFW)
DPI Library Upgrade
The SQL-NET and SQL*NET applications are now merged. Use SQL*NET for RTP policy configuration moving forward.
Cloud TAP
Cloud TAP Stitcher Update for Azure
Added the capability to use the --default-credentials
or --default-azure-credentials
CLI arguments for the managed identity attached to the Azure VM hosting the Cloud TAP stitcher tool.
Data Protection
Common Sense Filter Update
Updated the Common-Sense filter to reduce False Positives. The common sequences contained within a match (such as “123abc” within a match of “qq123abc88”) are now rejected.
Email DLP
Support for MIP Integration
Netskope now supports reading of Purview labels for Email DLP using DRM. This feature allows customers using the Email DLP to achieve the following:
-
Define Purview labels as part of DRM
-
Read Purview labels applied to an email (both encrypted and unencrypted) and take action. Reading content from email body for encrypted email and take action is currently not supported
For more information, please see Microsoft Purview Information Protection and Netskope DRM.
Support for SMTP “Received” Header in Email DLP
Netskope Email DLP will now add the SMTP “Received” header with the necessary details in all received emails, ensuring that the Netskope SMTP hop is properly displayed in email header analyzer tools.
Forensics
Support for adding Notes within DLP incidents
Netskope now allows DLP analysts to add Notes within the DLP incidents tenant UI, providing a space for capturing important details, updates, or comments regarding the incident. This feature helps retain valuable analysis and findings during incident triage and provides context when handing off an incident to another team.
Next Generation API Data Protection
Box Centralized Ownership Model Support
Box offers an optional centralized ownership model, where one or more administrators can create individual folders within their centralized home folder for each user, and then share those folders with the respective users. In this model, the administrator retains ownership of all files and folders within the organization, while users are assigned as co-owners or editors.
However, this setup can impose limitations on Netskope operations due to API rate limits, as Box enforces these limits on a per-user basis. As a result, Netskope operations may experience slowdowns when rate limits are reached. To mitigate this, Netskope provides an opt-in feature that ensures seamless and scalable API Data Protection in Box environments utilizing the centralized ownership model. To enable this feature, select the “Centralized Model” checkbox on the instance creation page if your Box account uses this setup.
Netskope Secure Web Gateway (NG SWG)
API for Forcing Reauthentication Administrative Option
Introduced an API to withdraw IP surrogacy entry of an end device for IPsec, GRE and EPoT deployments.
HTTP2 Enabled Tenant Compatibility
An HTTP2 enabled tenant is now compatible with Remote Browser Isolation. The isolated sessions will be automatically renegotiated to HTTP1.1 for policy based access to isolated sites.
Extended MITM Security Level Support for BYOK
Netskope has added support for 128 bits security level for MITM keys when using BYOK for SSL decryption.
New Inline File Constraints
With this enhancement you can:
-
Add file name and extension in addition to already supported file type, size constraints in inline policy constraints.
-
Add file name, extension, type and size constraints for browse activity in inline policy.
Netskope Private Access (NPA)
Support Browser Access for RUH1
Browser Access for Private Apps is now supported for tenants hosted on the KSA Management Plane.
Support Access for RDP and SSH
Private Access now supports end-user access to non-web (RDP/SSH) apps through a web browser without using the Netskope Client. Note that this feature is now Generally Available. Reach out to your Netskope account team to get this enabled.
Browser Access Public URL Generation
The suffix for public host URLs generated in Browser Access Private App definitions for tenants hosted on the KSA Management Plane has been updated to ksa.goskope.com.
Prelogon Certificate File Size
Updated Client Config Prelogon Certificate maximum size to 50 KB. Multiple certificate chains can now be uploaded.
Remote Browser Isolation (RBI)
Copyimage filename in Firefox
Opening an image in new tab displays the original image filename of Firefox copyimage “open in new tab” contextual menu.
Scrollbar Optimization
RBI has made scrolling on an isolated website snappier by optimizing the amount of data that is processed and sent to the client browser.
Isolation of 3rd party Auth Flows
RBI introduces functionality to Isolate authentication flows transparently in the context of the isolated browsing session, without requiring admins to add “sidecar categories” (i.e. Application Suite) or cloud apps (for example, Google accounts, Microsoft accounts) to their isolate policies to create a functional policy.
XRBI SKU Scope
Netskope security admins are able to define and create isolate policies for any web destination they consider untrusted according to their security posture. Admins can create isolate policies based on any of the criteria supported in XRBI. Creating such policies does not show any error or warning (not supported / not recommended) to the admin: Destination (Category, Application); CCI App Tag, CCL, Destination Country.
REST API
OAuth2 Authentication Support
Introduced OAuth2 authentication support for Netskope Rest API service.
Endpoints Specific Allow Listing
Netskope admin can restrict REST API workflow access based on different roles for different functions in RBAC v3 using Role-based IP Allowlist.
SaaS Security Posture Management (SSPM)
Enhancements to Predefined Rules and Templates
Recent updates for SSPM rules are as follows:
New Predefined Rules
1 new predefined rules are shipped with this release. It covers the following categories:
-
Apps:
-
AzureAD / Entra ID: 1
-
-
MITRE ATT&CK:
-
Credential Access: 1
-
-
Security Domains:
-
Authentication: 1
-
IAM: 1
-
Templates
3 new predefined rules are shipped with this release for the following apps:
-
GoogleWorkspace: 1
-
ServiceNow: 1
-
Workday: 1
Existing Rule Updates
-
GitHub: 1
Traffic Steering
Multiple Token Support
Introduced the ability to configure and manage two token sets for Secure Enrollment, consisting of authentication and encryption tokens (optional).
Each token set can have independent configurable validity periods, offering overlapping flexibility in token management. Administrators can now separate token creation from feature enforcement, allowing more control over when tokens are activated.
To learn more: Secure Enrollment.
New Platform Support for Linux
Netskope Client now supports the following:
-
Red Hat Enterprise Linux release 9.4 (Plow).
-
Ubuntu 24.04.
To learn more: Supported OS and Platform.
Client Log Data Migration to Google Cloud Storage (GCS)
Netskope is currently migrating Client Log storage from AWS to GCS to better meet PBMM compliance requirements. The migration for PBMM customers has been completed and GCS-based client log storage is now available upon request for all tenants. If you have an urgent need to enable GCS logging, please contact Netskope Support. Otherwise, Client logs for your tenant will continue to be stored in AWS until the migration for all tenants has been completed.
To learn more about the prerequisites: Devices.
Removal of Secure Enrollment Banner
Netskope used to display the Secure Enrollment banner to users on their Home screen for the past few releases.
This banner is now removed as Netskope expect users to have seen and taken action on this. However, Netskope continues to display alerts on the Home screen for Secure token expiry.
Controlled GA for One Time Disablement of Netskope Client
The One Time Password based disable option feature that was introduced for Netskope Client for Windows in version 118.0.0 is now available as Controlled-GA (General Availablity) from version 122.0.0. Other platforms/OSes will be added in the future releases.
Admins have to configure this first on the tenant UI under the option Allow disabling of Internet Security in Settings > Security Cloud Platform > Client Configuration > Tamperproof. Once enabled, it generates a dynamic password for each device which can be accessed or viewed from the Devices page. Use this password to disable the Netskope Client SWG services.
To learn more: Client Configuration.
Controlled GA for Block IPv6 Traffic
This was earlier available as a Beta feature in version 119.0.0. With version 122.0.0, this is available as a Controlled-GA (General Availablity) feature.
You can block IPv6 non-web traffic in your devices to avoid any undesired IPv6 access. When Netskope Client is enabled in a dual stack computer, applications fall back to IPv4 and the traffic is tunnelled to Cloud Firewall.
To learn more: IPv6 Traffic Steering.
– Supported only on Windows and macOS.