Here is the list of the new features and enhancements.
Enhanced the Search sites functionality to support while searching for sites with exact match of Site UID. This is in addition to the currently supported site search with prefix.
Netskope API Data Protection now supports malware detection for files and attachments in ServiceNow. You can navigate to Settings > API-enabled Protection > SaaS > Classic to enable this feature. Click the ServiceNow app and under the instance setup window, enable the Malware checkbox.
 |
Netskope API Data Protection now supports audit events for Microsoft Office 365 Outlook. To enable this feature on your existing Netskope account, re-grant the Microsoft Office 365 Outlook app under Settings > API-enabled Protection > SaaS > Classic > Microsoft Office 365 Outlook.com. Once you re-grant, the following new Office 365 Management API permissions are available :
API | Permission Type | Permission Name | Description | Netskope Use Case |
|---|---|---|---|---|
Office 365 Management API | Delegated | ActivityFeed.Read | Read activity data for your organization. | Audit logs. |
Application | ActivityFeed.Read | Read activity data for your organization. | ||
Application | ActivityFeed.ReadDlp | Read DLP policy events including detected sensitive data. | ||
Application | ServiceHealth.Read | Read service health information for your organization. |
After re-grant, you can view the Microsoft Office 365 Outlook audit events under Skope IT > Events > Application Events. To learn more: Microsoft Office 365 Outlook Audit Events.
Recently, Netskope API Data Protection switched from using the Azure Active Directory Graph API permissions to Microsoft Graph API permissions as recommended by Microsoft. Netskope API Data Protection will no more use the following Azure Active Directory Graph API permissions:
API | Permission Name | Description |
|---|---|---|
Azure Active Directory Graph API | Directory.Read.All | Read directory data. |
User.Read | Sign in and read user profile. |
You can view the updated list of permissions for Microsoft Office 365 OneDrive for Business & SharePoint Sites here:
To reflect this change, log in to your Netskope tenant, and re-grant the Microsoft Office 365 OneDrive for Business & SharePoint Sites apps.
Netskope API Data Protection validated support up till ServiceNow Tokyo release.
Netskope adds synthetic resource and synthetic triggers to all the resources where from_user was missing. Prior to this enhancement, there was dependency on DB lookup to extract from_user. With this update, there is no from_user in database, and same results are fetched using synthetic query.
The activity name for renaming and moving a file or folder in the Dropbox application is changed from Rename to Edit.
In Amazon S3, file uploads happen in portions when file sizes are larger than 8.3 MB and 17 MB for the CLI platform and the browser platform, respectively.
Previously, large files did not support file size policies due to limitations on handling larger file upload. Netskope addressed this issue with additional support for file size-based policies through the multipart feature.
Netskope adds an access key variable to all the activities of the AWS services. Access keys are long-term credentials for an IAM user or the AWS account root user. Access Key ID uniquely identifies an AWS User that will be displayed in the AWS events.
Previously, in Yahoo Mail, Send and Upload activities occurred in the same packet. Netskope introduces UploadAndSend activity to eliminate this occurrence.
Netskope updates the following for Zoom real-time protection:
instance_id logic extraction for non-signed in users
When an unautheticated user performs any activity, then the instance_id value is "unauthenticated".
For an unauthenticated user, currently supporting activities are File Upload and Download from chat or meeting option.
Netskope extends support for the following activities:
Post Message
Edit User
Delete Group
Create Group
Netskope updates the Minimum OS Versions dropdown list in Device Classification with new iOS versions: 14, 15, and 16.
Deprecated the option "Apply CCI Tags" from Skope IT > Applications page. CCI Tags can be applied from the CCI app management page.
Netskope adds certain usability enhancements to the CCI user interface (UI) for easy consumption of information from CCI. Some of the key enhancements are as follows:
Granular App details: Activity, DLP, and Threat Protection coverage.
Context on discovered Instances for an app.
Improved free flowing intuitive navigation across all attributes.
Improved navigations and workflow for app comparisons and score customisation.
Capability to submit requests for new app, app info updates, and reporting an app breach.
Note
App HQ Location and Pricing is deprecated and removed from the App Information page.
This is a Controlled General Availability (formerly known as Limited Availability) feature. Contact your Netskope sales representative or support to enable this on your tenant.
Email from the SMTP proxy is saved to forensics as part of the original file download feature with .eml extension.
Enhanced Source Code (Any) Entity to detect incomplete portions of long code blocks.
Removed derrière and tushy from the Inappropriate Language (English; Biological) entity due to unreported but potential false positives.
Reduced multiple false positives in the Full Names Entities for Spain (ES), UK, and International as well as the Last Names entities for U.S and International.
Netskope updates the Passwords (Common) Entity with better password detection such as 'n3t5k0pe1'. In addition to the efficacy benefits, the improvements allow for optionally less reliance in DLP Rules on Passwords (Secure) that are naturally more prone to false positives.
This also updates the Private Keys (Generic, Begin) Entity, adding support for BEGIN OPENSSH PRIVATE KEY.
Netskope adds support for Spanish domestic bank account numbers, known locally as "código cuenta cliente" or simply "CCC". Also adds the "ccc" terms-based Entity.
Netskope enhances support for bank account number related terms for the following countries:
Austria
Belgium
Bulgaria
China
Czechia
Denmark
Greece
Hungary
Ireland
Isle of Man
Latvia
Lithuania
Malaysia
Poland
Portugal
Puerto Rico
Romania
Russia
Sweden
Switzerland
Added the entities supporting bank account numbers for the following countries:
Belgium
Czechia
Denmark
Finland
Greece
Hungary
Ireland
Isle of Man
Malaysia
Poland
Portugal
Puerto Rico
Russia
Sweden
Netskope adds a contextual Entity for Austria that detects konto and BLZ terms and numbers in tight proximity.
The UI navigation for Bank Account Number Entities within "Bank Account Numbers (by Country)" has been changed in order to group Entities together for the same country.
The UI navigation has changed slightly for a few other categories, mainly "Personal Names", "Postal Addresses", and "Regional Identifiers". For example, the "Personal Names (FR)" menu item has been renamed to "Personal Names (France)". The alphabetical order is also altered within the menu, allowing "France" to come before "Germany" and "Spain", as opposed to the previous order of "DE", "ES", and "FR".
Enable logical "AND" of a set of content inspection rules with a set of fingerprint rules for DLP profiles.
Note
This is a Controlled General Availability (formerly known as Limited Availability) feature. Contact your Netskope sales representative or support to enable this on your tenant.
Enable logical "AND" of a set of content inspection rules with another set of content inspection rules for DLP profiles.
Note
This is a Controlled General Availability (formerly known as Limited Availability) feature. Contact your Netskope sales representative or support to enable this on your tenant.
To learn more: Create a Custom DLP Profile.
The fields in USB Device Constraints are now AND'ed together. It is now evaluated as "Manufacturer AND Device ID AND Model AND Serial Number".
To learn more: Constraint Profile.
Netskope updates user-alert popup dialog with checkbox labeled as Apply to the remaining files. On selecting this checkbox, any action by the same user, using the same application that results in a user-alert for the same policy is suppressed for the next 10 minutes.
Alerts, Events, and Incidents are created for the suppressed alerts, and the justification and action are copied from the original user alert.
In the Device Health page, the Endpoint DLP service may be paused for an endpoint. The intention is to allow users to have temporary exceptions to policy enforcement. The time for enforcement it is paused has been changed from 5 to 30 minutes.
To learn more: Devices.
If device control cannot initialize correctly without a reboot, the status is reported to the admin informing that a WebUI management console reboot is required.
When installing the Netskope Client, the Endpoint DLP Service is registered with Windows as Netskope DLP Service. The Netskope DLP Service is registered as Disabled in the service control manager, configure and start it to make use of this feature.
Phones (iOS and Android) do not support "Read-Only" actions when connected as USB storage devices. If an Endpoint Device Control policy with a "Read-Only" action matches on a phone device, the device is blocked. A warning has been added to the Policy Editor page to remind policy authors of this restriction.
To learn more: Endpoint Data Loss Prevention.
Netskope renamed the following fields from:
x-headers-name to x-sr-headers-name
x-headers-value to x-sr-headers-value
Netskope added more than 30 SSL related fields to Transaction Events format to increase the visibility of SSL policy and SSL engine actions. The following are the updated topics:
SSL policy: The decision of the policy engine or SSL error settings.
SSL Certificate : Details of the certificate and whether it is valid.
Note
x-r-cert-revocation-check is reserved and is always empty.
SSL Engine: Details on the analysis performed by the SSL Engine:
Errors found in SSL negotiation.
The action done and reason in SSL communication.
The TLS and cipher versions.
JA3 and JA3S fingerprints.
- x-cs-tunnel-src-ip: Public IP of the user
To learn more: Transaction Event Fields.
Note
This feature is in Beta currently. Contact your Sales Representative or Support to enable this feature.
Netskope added transaction event format 3 with approximately 60 fields.
Connection: IPs and ports of the user and remote server.
HTTP:
XFF headers in Connect and other methods
Host, Port, and User-Agent in Connect method
Http full URL and HTTP version
Application and File topics: The information in Application Event is visible in Transaction Event.
General: Add general error notification `x-error` and local time `x-c-local-time`.
5 Real Time Policy: The information about Realtime Policy evaluation.
To learn more: Transaction Event Fields
Note
Some fields are not populated currently.
This feature is in Beta currently. Contact your Sales Representative or Support to enable this feature.
You can now connect to the on-prem hosted HSM/key manager to get the proxy emulated certificate signed for TLS decryption without uploading or providing an intermediate certificate/key to Netskope.
To learn more: Certificates
Note
This is a Controlled General Availability (formerly known as Limited Availability) feature. Contact your Netskope sales representative or support to enable this on your tenant.
Netskope enhances the generic header insertion feature to support Inserting multiple custom headers for a given application. If an application supports more than one header, an admin can select all of them in a single flow instead of creating multiple header profile for the same application.
To learn more: Header Insertion
Note
This is a Controlled General Availability (formerly known as Limited Availability) feature. Contact your Netskope sales representative or support to enable this on your tenant.
Block single destination IP is now available and will be enforced on all tenants in version 103.0.0.
Netskope supports applying SSL Do Not Decrypt policies and Real-time Protection policies based on destination IP addresses. Destination IP addresses can be configured in custom URL lists.
To learn more: URL Lists
Netskope adds JA3 and JA3S to Application Events and Malsite alert.
JA3 with JA3S is a method to fingerprint the TLS negotiation between a client and server. This combined fingerprinting can assist in producing higher fidelity identification of the encrypted communication between a specific client and its server. These fields are available for TLS decrypted traffic.
Netskope improved the logic in order to detect file type efficiently.
Internet content providers (such as websites) and SaaS providers often use users geographic information to make content localization decisions.
Netskope's 'Localization Zones' feature addresses this well known problem of content localization. It helps users located in countries or regions where Netskope doesn't have an in-country data center to get content that is local to them in terms of language and relevance.
Note
Contact your local sales team or Netskope support to enable this feature in your account.
You now can exclude users, user groups, and organizational units when configuring the Source field in Real-time Protection policies.
To learn more: Real-time Protection Policies
With this release, the admin can specify up to 500 hosts in the Private Application definition.
Netskope enhances error notification to Client-less access failure cases by providing more context regarding the cause of failure.
Netskope updates the following SRP information in Troubleshooting page:
SRP Size
Number of host definitions in the SRP
Number of publishers in the SRP
Private app tags referenced in the SRP
Netskope introduces a feature flag to control NPA client for resolving private app hosts as CGNAT addresses 100.64.0.0/16 instead of 191.1.0.0/16.
Next Generation API Data Protection has introduced a new policy action for the Workday app - Change Owner to a Specific User. When you select this action and a policy violation occurs, Netskope changes the ownership of the file/folder to a specific user as entered in the policy wizard.
 |
To learn more: Create a Next Generation API Data Protection Policy.
Next Generation API Data Protection can now support DLP scan on channel messages in a Zoom meeting. To learn more: Activities Monitored by Netskope.
RBI configurable settings (RBI templates) were introduced in the release 97.1.0, and required a Netskope representative to enable the feature in your tenant. From this release, RBI configurable settings (RBI templates) is enabled by default for all RBI accounts.
 |
 |
With Remote Browser Isolation (RBI) configurable settings (RBI templates), admins can configure isolation settings to define and apply granular controls that govern the user interaction in isolated web sites for different risk scenarios (that is, users or categories). These controls are configured defining RBI templates that can be attached to any new or existing RBI policy, which customizes end users experience in isolation.
 |
To learn about the RBI configurable settings, view RBI templates.
Netskope enhances SkopeIT filters to include Isolate as a valid action in all events that include Action field. This feature helps to easily filter RBI related events for Page Events, Application Events and Alerts in SkopeIT.
 |
Gen.DetectBy.NetskopeAI.Phishing is a new alert name introduced to the inline Threat Protection scanning enabled for accounts with real-time Threat Protection policies. This detects a phishing site using Netskope's machine learning capabilities. Like malsite detections, you can open a support case and override with custom category if detection efficacy issues are encountered.
The Malware incidents page no longer displays alerts and blocking actions discovered by Netskope from third-party applications. However, these Native App alerts are still available in SkopeIT, and you can see them in Malware Incidents by searching the following malware names:
Gen.Malware.Detect.By.App
Gen.Malware.Detect.By.App-abuse
To learn more: About Malware
This enhancement reduces the occurrence of Windows Client upgrade during system shutdown
Netskope enhances internal error handling by using CoSetProxyBlanket to set correct permission for each WBEM query.
Netskope enhanced MAC block notification dialog display layout.
Netskope Client supports the following:
Linux Mint versions: 19, 20, and 21
Ubuntu 22.04 LTS
To learn more: Netskope Client Supported OS and Platform.
Netskope Client now validates and supports SWG/CASB feature validations for:
Windows 10, version 22H2
Windows 11, version 22H2
Added a new feature flag 'enableAirDropException' for AirDrop in macOS.
With this enhancement, Netskope Client bypasses the IPv6 DNS traffic.
Note
This enhancement is applicable only for DNS security feature.
To learn more: Netskope Client Support in Cloud Firewall
Netskope upgrades the old third-party libraries to OpenSSL 1.1.1q and cURL 7.86.0.
Firefox does not use system certificate store. It maintains separate cert database file in each Firefox profile.
Agent uses Mozilla's NSS tool certutil for installing CA cert in Firefox certificate DB. Certutil binaries are signed and hosted on Provisioner and downloaded by Agent if required. Certutil binaries signature have expired for Windows and are re-signed using SignTool.exe with netskope cert.
Netskope enhanced the following for the Steering Configuration Preferences:
Removed the Skip this updateoption from the new predefined certificate-pinned application notification.
Renamed the Skip option to Default only (bypass) in Review Updates For Certificate-Pinned Apps window.
Removed the New word in the Review Updates For Certificate-Pinned Apps window.
To learn more: Configuring the Steering Preferences
Netskope enhances WebUI to validate the User and Date modification for Client configuration. When dragged from top to middle it updates all the configuration that appears above the dragged one.
Renamed Traffic Steering to Tunnel Settings in Client Configuration to remove duplicity.
 |
To learn more: Netskope Client Configuration
The Steering Configuration page is more easy to navigate through with the new action options. For each default and custom steering configuration, you can click View Steered Items to see the Steered Traffictab or click View Exceptions to see the Exceptions tab.
To learn more: Steering Configuration
Netskope renamed Client Traffic Exploit Prevention (CTEP) to Intrusion Prevention System (IPS) throughout the Netskope user interface (UI). The UI continues presenting alerts as CTEP alerts in SkopeIT until a later release.
To learn more: Intrusion Prevention System
Netskope changed the IPS event actions to match the terminology of other Netskope alert types. For example, Allowed and Blocked were changed to Allow and Block respectively.
To learn more: About Alerts
In addition to documenting all new and improved features, here is the list of articles with key documentation updates:
A new section for macOS in MobileIron Cloud - This topic is enhanced with the details regarding configuring macOS devices using MobileIron Cloud.
A new section for non-domain joined macOS devices in VMware Workspace ONE - Earlier, this topic included details regarding domain-joined macOS devices. In this release, this topic is now enhanced with details to deploy Client on non-domain joined macOS devices using VMware Workspace ONE. To learn more, view Deploy Client on macOS Using VMware Workspace ONE.
Adding Steered Items: New article on how to add steered items to your steering configurations.
Adding Steering Exceptions for macOS Upgrade: Improved the content and structure for adding macOS steering exceptions.
Managing Error Settings: Improved the content and structure for the steering error settings.
Enabling Dynamic Steering: Improved the content and structure for enabling dynamic steering.
Downloading Steering Configurations: Improved the content and structure for downloading your steering configurations.