New Features And Enhancements In Hotfix Release 97.1.0
Here is the list of the new features and enhancements.
RBI Template Name
RBI Template Name field is added to the page events collection to show that RBI profile names are applied to a policy.
Granular Control for Advanced User And Entity Behavior Analytics (UEBA) Policies
A new UEBA policies page provides granular control for UEBA policies including Machine Learning based policies. For Advanced UEBA policies, it allows the ability to configure severity and corresponding User Confidence Index (UCI) deduction by a specific detection type. Policies can also be filtered by tags (for example, real-time protection, IaaS, NPA) and scenarios (such as malicious insider or compromised device).
Advance Cloud Firewall & App Inspection
Cloud Firewall allows you to control layer-7, non-web applications like File Transfer Protocol (FTP), Remote Desktop Protocol (RDP), 4shared, and so on. Application detection technology is a signature-based technology that is capable of detecting applications on non-standard ports. You can choose allow or block applications based on the Real-time Protection policies.
To learn more: Real-time Protection Policies.
DNS-Based Security
DNS based security stops attacks at the DNS layer by blocking DNS requests for malicious domains, DNS tunnels, and newly registered domains & DGA-generated domains. You can customize inspection by uploading domain allow or block lists or sinkholing malicious connections. You also can create exceptions to handle resource record types.
This feature is available with IPSec, GRE, or Netskope Client traffic steering methods.
To learn more: Steering Configuration and Real-time Protection Policies.
Endpoint Data Loss Prevention
With Endpoint Data Loss Prevention (DLP), you can configure Device Control and Content Control policies under Endpoint Protection.
Device Control policies enable granular control to configure USB mass storage device access for user workstations or endpoints. Whereas, Content Control policy extends DLP capabilities to inspect and control data movement from a user workstation to a device (e.g., a USB mass storage device).
Endpoint DLP is currently only supported with the Netskope Client deployment method. You must update the Netskope Client to version 97.1.0 or later on Windows 10 or Windows 11 running 64-bit processors.
To learn more: Endpoint Data Loss Prevention.
Note
Contact your Sales Representative to enable this feature for your account.
NPA Service For Client
On Windows clients, Netskope allows you to temporarily disable NPA service from the Netskope Client.
To learn more: Allow Users to Disable Private Apps Access on the Netskope Client.
Prelogon Client Connectivity for Windows
Netskope Private Access now supports Windows Prelogon capability. With Prelogon, the Windows PC can access internal applications when it is authorized to do so in a policy, even if the user has not logged into Windows. NPA authenticates Prelogon access against a valid device certificate prior to access.
To learn more: Configure Client Prelogon Connectivity.
ZTNA For On-Premises Users
This release includes enhancements to enable on-premises user access to internal applications.
User and Entity Behavior Analytics Leveraging Public Cloud Audit Log
Note
This is a beta feature. Contact your Netskope sales representative to enable it on your tenant.
Netskope Public Cloud Security User and Entity Behavior Analytics (UEBA) helps detect anomalies in user behavior while accessing public cloud services. Key capabilities include:
Automatic, ML-based detection to identify internal and external attacks.
Customized focus on specific threats.
Cloud Security Posture Management & Netskope Public Cloud Security UEBA gives you a single view to investigate configuration drift starting from compliance reports and pivoting to event exploration.
Netskope Public Cloud Security storage scan & Netskope Public Cloud Security UEBA gives you the capability to detect insider threats, risky users, and compromised accounts in order to prevent data exfiltration.
Note
This feature is currently available for Amazon Web Services. Netskope analyzes CloudTrail logs to identify anomalies.
Real-time Inline Control For Slack Enterprise
Netskope introduces Real-time policies on externally-shared Slack channels for Netskope admins. Post activity supports the newly added 'Channel-type' and 'Channel-name' constraints to enforce policies on specific externally-shared channels in an organization's Slack Workspaces.
Slack API integrations powers this channel exposure hence Slack API for Data Protection is a prerequisite for this feature.
Note
This is currently behind a feature flag. Contact your Sales Representative or Support to enable this feature for your account.
Next-Generation API Data Protection Policy Wizard and Activity Scan
As part of this release, Netskope has rolled out a new policy wizard and activity scan for Citrix ShareFile, GitHub, and Workday. Now you can create a DLP policy for the supported apps by navigating to Policies > API Data Protection> Next Gen. For more information, see Next Generation API Data Protection Policy Wizard.
RBI Configurable Isolation Settings
Netskope introduces configurable Isolation settings to provide customers a mechanism to define and apply granular controls. This governs the user interaction in isolated web sites for different risk scenarios ( for example, users or categories). These controls are configured defining RBI templates that can be attached to any new or existing RBI policy. To learn more: Create a Real-time Protection Policy for Isolation (Targeted RBI).
Configurable Controls in this release allows you to enable or disable:
Printing
Copy to clipboard
Paste from clipboard
Pop-ups
Read-Only control
To learn more: RBI Templates
Note
Contact your Sales Representative or Support to enable this feature for your account.
Read-Only Control For Phishing Protection
Netskope RBI introduces a new Read-only isolation control that helps in preventing users from leaking credentials and drastically reducing the attack surface for the phishing threats.
Read-Only prevents the phishing threats by blocking any text input into the isolated page (that is, typing or pasting from the clipboard) while browsing in isolation. Customers enable Read-Only leveraging RBI templates, and apply them to isolation policies.
You will be notified while browsing a Read-Only page in isolation with a warning message when text input is blocked.
To learn more: Isolation in an End User's Browser.
Clipboard Controls
Netskope RBI introduces new clipboard controls, providing granular configuration to limit the interaction of the end user’s clipboard with the isolated webpage. These controls expand Netskope RBI data protection capabilities to limit data leakage in isolation:
Copy to clipboard: allows users to copy text from the isolated web page into the user clipboard.
Paste from clipboard: allows users to paste text present in the user clipboard into the isolated web page.
Customers enable clipboard controls leveraging RBI templates, and apply them to isolation policies. End users will not be able to leverage the disabled actions using the contextual menu or shortcuts.
Patient Zero Prevention
If you have Advanced Threat Protection, Netskope supports patient zero prevention for Real-time Protection. This feature prioritizes security by blocking file downloads by policy until inspected and deemed benign. Additional scan time (up to 10 minutes) is needed for policy matching and file scanning, which is indicated by browser and Netskope Client notifications.
Netskope recommends using patient zero policies with discretion and only for high risk use cases, such as the following:
Risky file types (file type constraint)
Risky users (low Behavior Analytics User Confidence Index)
Risky application (low Cloud Confidence Index)
Risky locations
Unknown websites
Any combination of the above cases.
This feature complements the inline ML-based Portable Executable (PE) classifier in Standard Threat Protection that detects and prevents zero-day threats.
To learn more: Creating a Threat Protection Policy for Patient Zero.
Note
To use this feature, you must enable Inline Enhanced File Type Detection. This feature only supports files less than 16 MB.
API Call Updates
In this release, Netskope updates API calls by extending the backoff time to one hour and adding some randomness.
Netskope Client For Linux Platform
This was earlier a beta feature. Netskope Client now supports Linux platforms of x86_64 CPU running Ubuntu 18.04 or 20.04. The updated features are:
Traffic steering options of Cloud Access Security Broker (CASB) and Secure Web Gateway (SWG).
A fully functional Linux client Graphic User Interface (GUI) and Command-Line Interface (CLI).
Inter-op with the 3rd party VPN vendors such as Cisco Anyconnect and Palo Alto Networks Global Protect.
On-prem/Off-prem detection and handling.
Support for Email and IDP deployment methods.
WebUI support for cert-pinned apps configuration specific to Linux OS.
To learn more: Netskope Client For Linux.
In addition to documenting all new and improved features, here is the list of articles with key documentation updates:
Netskope Client for Windows: Moved the contents regarding Netskope Client deployment on Windows devices from Netskope Client Command References page to Netskope Client for Windows.