New Features And Enhancements In Release 102.0.0
Here is the list of the new features and enhancements.
New Default And Custom Table Support in ServiceNow
Note
This feature is now declared General Availability (GA).
API Data Protection now supports additional default tables in ServiceNow. They are:
Best Configuration Item
Catalog Task
Change Phase
Change Request
Change Task
Feature Task
Group Approval
IMAC
Incident Task
KB Submission
Knowledge
Problem Task
Release Phase
Request
Request Item
TaskTicket
In addition to default tables, API Data Protection now supports custom tables in ServiceNow. Follow the instructions in Configure ServiceNow for API Data Protection and then navigate to Policies > API Data Protection and configure a ServiceNow policy. Under Content > Select Objects, the UI should list the custom table(s).
Restricted Reverse Proxy Flow
As part of this release, there is relaxation to the case where policies configured in a tenant to control reverse proxy application activities become void. This happens in-case the user accesses the application via Netskope Client on-boarded from a different tenant. This capability restricts the reverse proxy flow if accessed from other tenant.
This is a security based solution to ensure there is no cross tenant impact. Explicit configuration is required to allow cross tenant access for specific tenants.
Note
This is a GA controlled functionality and disabled by default.
LinkedIn Connector Enhancement
The "From User" information for LinkedIn Connector is now available for the below events:
Download file from quick chat
Download file from messages window
Download profile as PDF
Post message from quick chat
Yammer Connector Enhancement
Creating a new community in Yammer application will now be captured under the Create activity in Netskope.
BitBucket Share Activity Coverage
Netskope adds support for Share activity mapped to Transfer repository on the BitBucket application. With this addition, you can configure advanced policy wherein the transfer repository scenario occurs.
DLP Support For FilesAnywhere
Netskope adds DLP support for Upload, Download, and Share activities in the FilesAnywhere application.
Note
Content share via a link will not be supported for DLP inspection.
CCI App Page Update
Netskope adds certain usability enhancements to the CCI user interface (UI) for easy consumption of information from CCI. Some of the key enhancements are as follows:
Granular App details: Activity, DLP, and Threat Protection coverage.
Context on discovered Instances for an app.
Improved free flowing intuitive navigation across all attributes.
Improved navigations and workflow for app comparisons and score customisation.
Capability to submit requests for new app, app info updates, and reporting an app breach.
Note
App HQ Location and Pricing is deprecated and removed from the App Information page.
Medicare Beneficiary Identifier (MBI)
Updates support for detecting US Medicare ID Numbers and the following are the new Entities added:
Social Insurance Numbers (US; "MBI"): Medical Beneficiary Numbers
Social Insurance Numbers (US; "HICN") : HICN numbers issued by the US SSA/CMS
Social Insurance Numbers (US; "RRB"): HICN numbers issued by the US Railroad Retirement Board
The existing "Social Insurance Numbers (US)" Entity is replaced with "Social Insurance Numbers (US; all)", which aggregates all three Entities into one. The previous version only supported SSA HICNs, the updated "all" Entity adds support for RRB and MBI numbers.
Social Security Number Entities (SSN)
Updates the following in this release:
Social Security Numbers (US; with hyphens)
Social Security Numbers (US; with spaces)
Social Security Numbers (US; unformatted)
Entities will use the post-2011 definition supplied by the US Social Security Administration (SSA) that eliminated the area-group-sequence (AGS) constraints of number issuance. All predefined US SSN Rules and Profiles use the “Social Security Numbers (US; all)“ Entity, and hence were not impacted by the SSA's updated issuance policy.
Additionally, the “Social Security Numbers (US; with hyphens)“ and “Social Security Numbers (US; all)“ entities are updated to include support for detecting SSNs delimited with en-dashes and em-dashes.
URL List Text
Netskope introduces help text for guidance when creating URL lists using RegEx. This is displayed on selecting the RegEx radio button under URL type.
Minimized UI Banner
The UI banner seen on the main UI landing page can now collapse to minimize window for better user experience.
Generic Header Insertion
Netskope extends the current ability to insert headers for applications, that honor specific headers to access application instances.
To learn more: Header Insertion.
RBI Policy Support
Netskope introduces complete support for URLs (that is, domain and path) in RBI (isolate) policies.
Earlier the RBI policies were only applied to specific categories, domains or subdomains. When complete URLs (domain and path) was included to the URL list of a custom category and attached them to RBI policies, these complete URLs bypassed isolation.
With this enhancement, you can now create detailed RBI policies that properly isolate complete URLs (domain and path) web pages by adding them to the URL list of a custom category attached to an RBI policy. The complete URL webpage (for example, https://docs.google.com/forms/d/e/.../viewform) remains isolated regardless of it's corresponding domain categorization.
This enhancement can be leveraged to create RBI policies to isolate suspicious webpages hosted in well known SaaS apps (like phishing attacks abusing google forms).
Netskope Client for iOS
The new iOS Netskope Client is intended to offer all the Netskope security services in a single client for the iOS phones and tablets.
Existing two-prong solution will be decommissioned. This new App supports all the Netskope services (Cloud Access Security Brokeer (CASB), Security Web Gateway (SWG), Cloud Firewall, and Netskope Private Access (NPA) together within a single App.
To learn more: Netskope Client for iOS.
To learn more about the limitations, view Netskope Client for iOS
CGNAT Address Space Update
New tenants have CGNAT address space (100.64/16) provided by the NPA client to the application client.
Note
Any application using 100.64/16 IP space will cause collision with NPA and it is advised to turn off this feature flag.
ORCA Private App ID
Netskope enhances NPA App tags of Policy Definition to Tag ID that allows Admins to rename tags without touching policies.
Client Enrollment
NPA now have the facility to auto re-enroll a client for whatever reason the client fails to connect NPA due to enrollment parameter changes.
Case Sensitive Flags
NPA now supports case sensitive groups feature for policy matching.
Netskope Client for iOS
The new iOS Netskope Client is intended to offer all the Netskope security services in a single client for the iOS phones and tablets.
Existing two-prong solution will be decommissioned. This new App supports all the Netskope services (Cloud Access Security Brokeer (CASB), Security Web Gateway (SWG), Cloud Firewall, and Netskope Private Access (NPA) together within a single App.
To learn more: Netskope Client for iOS.
To learn more about the limitations, view Netskope Client for iOS
General Availability (GA) Apps Announcement
As part of the Next Generation API Data Protection platform, the following apps are now declared General Availability (GA):
Citrix ShareFile
To learn more: Next Generation API Data Protection for Citrix ShareFile.
Workday
To learn more: Next Generation API Data Protection for Workday.
Remediation Actions
Netskope has rolled out a new set of remediation actions. They are now available as part of the Next Generation API Data Protection policy wizard page. The actions are:
Restrict access to owner
Restrict access to internal collaborators
Restrict access to specific domains and internal collaborators
Revoke organization-wide sharing
Revoke specific domains
To learn more: Create a Next Generation API Data Protection Policy.
Next Generation API Data Protection Inventory
Netskope has introduced the Next Generation API Data Protection Inventory page. The Inventory page provides deep insights on various entities supported by the SaaS apps. Administrators can use the personalized dashboard to perform ad hoc, real-time queries that can quickly group, filter, and drill-down on contextualized data and transactions across an enterprise organization’s cloud activities at a scale and granularity.
You can access the page by navigating to API-enabled Protection > SAAS (NEXT GEN) > Inventory.
Note
Currently, the Inventory page is available for Citrix ShareFile, GitHub, Google Drive, Microsoft 365 OneDrive (Commercial), Microsoft 365 SharePoint (Commercial), Microsoft 365 Yammer, Workday, and Zoom. New SaaS apps will be supported in due course.
To learn more: Next Generation API Data Protection Inventory.
Retroactive Scan
Netskope has introduced the Next Generation API Data Protection Retroactive Scan.
A retroactive policy scans all the files, folders, repositories, and entities for the app instance right from the inception of the SaaS app. A retroactive scan is decoupled from ongoing policy scan (that is activity scan).
You can access the page by navigating to Policies > API Data Protection > Next Gen > Retroactive Scans
Currently, retroactive scan is available for Citrix ShareFile, Microsoft 365 OneDrive/SharePoint (Commercial), and Workday. New SaaS apps will be supported in due course.
To learn more: Next Generation API Data Protection Retroactive Scan.
Unify Clipboard
Netskope enhances the User experience for clipboard operations in isolation:
All clipboard operations (that is cut, copy and paste) between isolated and not isolated environments are now supported using the context menu. Prior to this enhancement, clipboard shortcuts were relayed in some scenarios. With this enhancement RBI users can leverage the context menu in isolation to copy and paste text between their local machine (outside the isolated environment) and the isolated page.
Clipboard operation buttons are now presented in the RBI context menu according to the RBI template configuration. Prior to this enhancement, the edit or clipboard section was not present in the context menu if any user control (copy, paste) was disabled in the RBI template. (for example, copy to clipboard disabled)
RBI notifications have been simplified, as a result users will only see 2 notifications when attempting to execute clipboard actions disabled in the RBI template.
Paste button is disabled in the context menu if the user’s browser does not support it (for example, http webpages, Mozilla Firefox, and Safari).
To learn more: Clipboard in RBI.
Isolable Content Validation Process
Upon an isolate policy match RBI validates if the matching URL corresponds to isolable content (webpage). RBI has enhanced the isolable content validation process, improving isolated page load time for websites that are slow in returning initial page content.
Browsers Lifecycle Update
Netskope RBI has updated the set of minimum requirements for user browsers to work properly with RBI. If the user's browser does not meet the criteria they will be presented with a 'browser not supported' error message. The end user must use a different version to proceed with isolation.
To Learn more: RBI Supported Browsers.
Sandbox API Report
The sandbox report retrieved via REST API for files submitted via Sandbox submission REST API now displays a verdict from the analysis.
Android Client Change
Netskope Client application discontinues support for Android on devices with Android OS version 7, 7.1, 8 or 8.1.
To learn more: Netskope Client Supported OS And Platform.
Management Console Admin Account
Enhanced the Netskope management console admin accounts creation. Administrators now need to specify the new email domains for any new admin account creation. To learn more: Admin Account Domains
Next Generation API Data Protection: The Next Generation API Data Protection Policy Actions per Cloud App article is now renamed to Next Generation API Data Protection Feature Matrix per Cloud App. The new URL is Next Generation API Data Protection Feature Matrix per Cloud App.
VMware Workspace ONE: Updated Deploy Client on iOS using Workspace ONE to include the new Netskope Client for iOS enhancements.
Microsoft Intune: Updated Deploy Client on iOS using Intune to include the new Netskope Client for iOS enhancements.
Jamf School and Jamf Pro: New topics available now that includes the steps to deploy the new Netskope Client for iOS.
Adding Exceptions: Improved the content and structure for adding exceptions.
Editing the Default Steering Configuration: New article on how to edit the default steering configuration.
Creating a Steering Configuration: Improved the content and structure for creating a custom steering configuration.
Netskope IPSec with Cisco Meraki MX: New integration guide on how to configure an IPSec tunnel with Cisco Meraki MX.