New Features And Enhancements In Release 99.0.0
New Features And Enhancements In Release 99.0.0
Here is the list of the new features and enhancements.
UEBA Bulk File Upload And Download
UEBA bulk upload and bulk download detection includes the count of files in a single archive file such as zip.
View Pending Changes In Behavior Analytics Policies
The Policies page under Behavior Analytics displays View pending changes that shows the policy configuration changes that have not yet been applied. This feature allows the administrator to review one or multiple changes made to the behavior analytics policies prior to applying the changes.
Sanctioned Application
With this release, UEBA policies allows selection by the sanctioned applications configured for the tenant along with applications and application instances.
DLP Support for SuccessFactors Application
Netskope added DLP support in SuccessFactors application for Edit, Create, Share, Send and Post activities under Goals, Activity, Performance, Feedback, Recognize, and Absence modules. With this feature you can apply DLP Policies followed by DLP Inspection.
Google Calendar Activity Detection Support
Netskope adds support for the following Google Calendar activities in mobile browser view:
- Create a new Calendar and Calendar Event
- Delete Calendar and Calendar Event
- Edit a Calendar and Calendar Event
Amazon S3 Instance_id Placeholders
Netskope adds a new field in S3 application events with access_type = third-party-app. This field shows up in events when third party apps try to upload or download files on S3.
DropBox Activities
Dropbox now allows you to access publicly shared documents, Upload and Download files without sign-in. The instance_id for these activities are identified as “public-link” without a sign in.
Instance_id placeholder for YouTube
Netskope adds instance identification capability for YouTube videos embedded in third party apps.
Cloud Confidence Index (CCI) GET Method
Updated the GET method by replacing “custom” to “tags” in the /cci/tags output.
LinkedIn Send Activity
Send activity is deprecated for LinkedIn Application.
Updated Entity Limit
Netskope updated DLP incidents with forensics to highlight 500 entities.
DLP Support For National ID Numbers
Netskope adds DLP Support for detecting National ID Numbers for the following 22 countries:
- Bulgaria
- Croatia
- Czech Republic
- Denmark
- Estonia
- Finland
- Hungary
- Iceland
- Indonesia
- Latvia
- Lithuania
- Macau
- Malaysia
- Norway
- Romania
- Serbia
- Slovenia
- Sri Lanka
- Sweden
- Thailand
- United Arab Emirates
- Venezuela
Policy Evaluation: Alert & Continue
With this release, the Alert & Continue evaluation feature is enabled by default for all tenants. This feature makes it possible to configure Real-time Protection policies with DLP profiles and select a Continue policy evaluation after match option to continue policy evaluation even after a policy match. This feature enables the Netskope Cloud to continue evaluating Real-time Protection policies for additional DLP violations, instead of terminating and exiting policy evaluation after a match.
In order to use the Continue policy evaluation after match option, a Real-time Protection policy must have one or more DLP profiles with one or more actions set to Alert. For policies using this feature, any DLP profile matches with actions other than Alert will result in the termination of policy processing.
Also, given the possibility of multiple DLP profile matches occurring across policies when using this feature, any incidents generated will list all the matched DLP profiles and related policies. In addition, a single policy alert will continue to be generated, however, it’ll also list all the policies that matched.
Custom MSA Support
For Email DLP, you now can configure generic email server types or mail submission agents (MSA’s), such as an on-prem server like Microsoft Exchange. To configure a generic email server, you can add and verify a new MSA in the SMTP settings as well as create Email Outbound policies for it.
To learn more: Configure Netskope SMTP Proxy with a Custom MSA.
Note
This is a Controlled General Availability (formerly known as Limited Availability) feature. Contact your Netskope sales representative or support to enable this on your tenant.
Endpoint DLP Enhancements
Netskope added the following enhancements:
- The Pause action in the device health page resumes automatically after five minutes.
- Netskope supports large files for local policy evaluation based on file profiles.
- File Profiles for local endpoint content control policy evaluation excludes the ability to select files containing password-protection detection and AIS/RMS detection. These file types can still be selected via DLP profiles.
- Netskope updates the device health page with periodic reporting of client health information.
To learn more: Endpoint Data Loss Prevention.
Netskope Personnel Tenant Access
This enhancement allows Netskope Support personnel to access the tenant UI through Netskope IDP when you grant the tenant access.
To learn more: Create a Netskope Support Admin
SSL Bypass For Transactional Events
Netskope includes value for the following fields in the SSL bypass scenario:
- c-ip
- s-ip
- cs-username
- cs-dns
- x-access-method
- x-cs-userip
- x-cs-traffic-type (value will always be NotAvailable for traffic in SSL bypass)
Custom URL Category Update
Currently many URL lists can be created by admins, but not all of them are used or linked to a custom category. The current behavior is that we evaluate all used and unused URL list causing categorization challenges.
With this change, any unused URL list that is not linked to a category and a policy is not be taken into policy evaluation.
Generic Header Insertion Capability
Netskope extends the existing ability to insert headers for applications that honor specific headers to access application instances.
To learn more: Header Insertion
Note
This is a Controlled General Availability (formerly known as Limited Availability) feature. Contact your Netskope sales representative or support to enable this on your tenant.
Publisher Auto-Upgrade Support
From this release Netskope Private Access supports Publisher Auto-Updates capabilities. This capability is only offered on Ubuntu based publishers.
Device Classification For Prelogon User
Some of the device posture criteria are not applicable if the user is a prelogon user. Admin should consider additional controls such as device cert validation or CRL validation for prelogon access.
Default Mode For Client User ID
From this release onwards, newly created tenants get a new ID format for Clients. This ID is reflected in the Admin UI under the Client registration page and is not expected to have any user impact.
Tag Support For Private App Groups
With this feature, Netskope Private Access supports the ability to logically group Private Apps with light weight Tags. These Tags are available for consumption in Policy and App definitions.
Role Based Access Control v2 (RBACv2)
Role Based Access Control v2 (RBACv2) allows large distributed enterprises to operationalize the administration of Netskope security services with regional or divisional delegation for the Netskope service and implementation to scale.
RBACv2 allows administrators access into different functional areas depending on their role and scope. For example, Firewall (FW) versus Secure Web Gateway (SWG) versus Netskope Private Access (NPA), versus API Protection.
Large enterprise customers have cross functional security and compliance teams that manage different aspects of security functionality. Administration and segregation of duties can be broken down into the following functional access areas:
- Administrator
- Policy Group
- Access Control
- DLP
- Threat Protection
- Behavioral Analytics
- Risk Insights
Note
This is a Controlled General Availability (formerly known as Limited Availability) feature. Contact your Netskope sales representative or support to enable this on your tenant.
Newly Observed Domain (NOD) In Targeted RBI
Netskope Targeted RBI has expanded the list of supported categories to include Newly Observed Domain (NOD). Targeted RBI customers will be able to leverage RBI for safely expanding web access to Domains observed as active in the last 30 days. These domains are potentially malicious, as bad actors use them for malicious activities such as malware hosting and phishing.
NOD has been added to the list of recommended categories in RBI real-time protection policies. It is now available by default in any RBI policy created leveraging the RBI policy creation wizard. You can edit existing RBI policies to add NOD to your isolation real time protection policies.
RBI Template Name Validation
Netskope RBI enhances RBI template names. Template names are only allowed if the RBI template is not attached to any existing RBI policy.
Prior to this change, you could change the name of an RBI template which was currently assigned to an existing Real Time Protection policy, and the template name was not being updated in the RTP policy.
RBI Template
Netskope enhances the creation of RBI templates from the Real Time Protection policy edition page. This allows you to create a new RBI template inside the policy edition page and attach it directly to the policy.
In an RBI policy you can select + Create RBI Template from the dropdown menu. After creating it is available in RBI template list which can be attached to RBI policy. This limits user interaction while browsing a web page in isolation.
Prior to this change, you could create a new RBI template in an Isolate policy by selecting + Create RBI Template from the dropdown menu. However, it was not possible to attach it to the policy until the changes were applied to the RBI template.
File Upload And File Download Controls
Netskope modifies the list of controls in the RBI template creation to remove File upload and File Download from the list. These controls are now disabled and not editable.
Other Categories Filter
Users can now filter using, ‘Other Categories’, from Skope IT > Events > Page Events.
Malicious URLs in Threat User Interfaces
Malicious URLs are now modified from their original forms in the Netskope UI to prevent inadvertent user detonation.
Client Support For Android v13
From this release, Netskope Client supports Android OS version 13. For more information, see Netskope Client Supported OS and Platform
Enhanced Netskope Client Access Method Detection
Override access method detection feature flag allows to skip detection of other steering method such as GRE, IPSEC, Secure Forwarder from Netskope Client. Client establishes tunnel regardless of the presence of other steering method.
DNS Traffic Network Exceptions
Netskope Client can bypass DNS traffic for the local or public DNS servers only in All Traffic mode. Other modes such as All Web Traffic is not supported.
In addition to documenting all new and improved features, here is the list of articles with key documentation updates:
- Best Practices for Real-time Protection Policies: New article about best practices for Real-time Protection policies.
- Best Practices for Threat Protection Policies: New article about best practices for creating Threat Protection policies with Real-time Protection.
- Best Practices for Utility Policies: New article about best practices for creating utility policies with Real-time Protection.