Article Number: 000126763
Release notes for version 75 of Netskope.
Affected Products:
Netskope
Affected Operating Systems:
Windows
Mac
iOS
Android
Not applicable.
This update of Netskope contains New Features and Enhancements, Fixed Issues, Known Issues, a Security Issue, and New Resource Types Supported in Continuous Security Assessment. For more information, click the appropriate topic.
| Category | Feature | Detailed Description and Benefits |
|---|---|---|
| API Protection | Microsoft Teams Integration | With release 75, Netskope can detect and block DLP violations for messages or attachments that are sent in private channels using Microsoft Teams. |
| API Protection | Microsoft Information Protection Integration (MIP) | With this feature, users can integrate MIP to set data classification labels using a DLP policy. MIP integration can be set up using the Settings section of the UI, following which, an option to use MIP labels appears in the DLP policy Action step. |
| API Protection | ServiceNow Integration | Netskope has completed testing and validation for the latest software release of integration ServiceNow, called 'Orlando'. |
| API Protection | Cross-Geo Sharing Detection for Office 365 | With Microsoft Office 365 Multi-Geo, users can provision and store data at rest in the geo locations of their choosing, to meet data residency requirements. With this release, for O365 multi-geo tenants, users are now able to set a policy on API enable protection, to detect when sensitive content is shared across multiple geo locations. |
| API Protection | Workplace by Facebook | Added support to provide compliance coverage for multi-company groups in Workplace by Facebook. Admins can now set a policy to detect DLP violations in posts or attachments in multi-company groups. |
| CASB Inline Protection | Amazon S3 | Enhanced the connector by adding new domains in Amazon S3 to support bucket acceleration. Domains: s3-accelerate.amazonaws.com, s3-accelerate.dualstack.amazonaws.com Activities: Upload Platform: CLI DLP: Yes |
| CASB Inline Protection | Dropbox for Microsoft Teams Integration | New connector Dropbox can be integrated as Cloud Storage in Microsoft Teams. This new connector provides coverage for the activities. Activities: Create, Upload, Download, Move, Copy, Rename, Delete Platform: Browser DLP: Upload, Download |
| CASB Inline Protection | Microsoft OneDrive | Enhanced connector resource in Live OneDrive. This enhancement provides activity detection as 'Share' activity to copy any Sharable file link navigation. |
| CASB Inline Protection | Webex | New app coverage for: From-user-constraint-profile-enabled, Constraint-profile-and bypass-enabled, File-size-enabled Activities: Log in Successful, Log in Failed, Log in Attempt, Log out, Upload, Download, post, Create, Edit, Delete, Invite, Share Platforms: Browser, Windows Native, iOS Native DLP: No |
| Directory Services | Netskope Adapters | The Netskope Adapter (NS Adapter) has been tested to ensure compatibility with the current cloud platform. Its version number has been updated to confirm this compatibility. No other changes have been made to the NS Adapter in this release. |
| NG SWG / CASB | Mute Notifications | The advanced user notification settings enable admins to configure a mute time for suppressing the notifications after the first notification is presented. This feature can be used by going to policies, under user notification settings. Contact Netskope Support to enable this in your account. For more information, reference How to Get Support for Netskope. |
| NG SWG | NRD and NOD Category Enhancement | The NRD and NOD categories have been combined, now shown as NRD. There are no changes that are required to existing policies. |
| NG SWG | Additional steering options for nonstandard web traffic | Support for IPSec / GRE steering methods for web traffic over nonstandard ports. |
| Netskope for IaaS | security_assessment API enhancement | The security_assessment API has been enhanced with the following:
|
| Netskope for IaaS | Compliance Standards Enhancement | Netskope CSA now supports the following Standards: CIS, PCI, NIST CSF, NIST 800-53, HIPAA/HiTrust, SOC2, ISO 27000, GDPR, CSA CCM, and Netskope Best Practices. Associated with this change, we enhanced the presentation of the results specifying Standard, Section & Control. Each rule can be mapped to multiple standards so there are no duplicate results even when selecting many standards. The Compliance Standards are enhanced with the following:
Note: There are no Compliance Standards for reports.
|
| Netskope for IaaS | Cloud Infrastructure compliance report enhancement | The Cloud Infrastructure compliance report has been enhanced with the following:
|
| Netskope for IaaS | Compliance by Profiles Page Removal | With the Compliance Standard information added to the Compliance by Rules page, admins can use the Profile filter to get the equivalent data as in the Compliance by Profiles page. |
| Netskope for IaaS | Field Name Change | The first column field name for each CSP has changed to reflect CSP-specific terms. |
| Steering | Netskope Client Support for SnapDragon ARM64 platform | Starting with Release 75, the Netskope Client supports Windows devices running on ARM64 processors. |
| Web UI | Improved UI / UX | We have continued enhancing the user experience and user interaction for the API protection dashboard and this release contains enhancements for Cisco Webex Teams, ServiceNow, and Workplace by Facebook. |
| Category | Issue Number | Issue Description |
|---|---|---|
| API Protection | 96373 | As part of Release75, a fix is added to avoid processing duplicate notifications from Microsoft that were reported by some customers while doing bulk uploads of files to their OneDrive and SharePoint instances. For this feature to work, admins must regrant their OneDrive instance. Click Settings > API-enabled Protection > SaaS to regrant access.
Note: This fix is only available for OneDrive.
|
| Data Protection | 102019 | DLP rules and profile changes are not applying correctly from the UI. |
| NG SWG / CASB | 103253 | With release 75 all reverse proxy components (authproxy, certchecker, saml, authservice, activesync, chainproxy) will no longer support TLSv1.0 and TLSv1.1. All these components have been upgraded to support TLS v1.2. |
| NG SWG / CASB | 100949 | New Workday SAML integration supports Windows and Mac with browser and desktop app. |
| NG SWG | 94835 | Files are not correctly uploaded when the policy applied is User Alert. |
| NG SWG | 102902 | For nonstandard Web traffic, when No SNI is available, the existing error settings can be used to either bypass or block. In prior releases, it was only possible to block. |
| NG SWG | 79181 | Users are seeing an "Email Invitation Expired" message during the SAML client enforcement flow when the Netskope client is installed but disabled. |
| Netskope for IaaS | 96009 | Duplicate rule names found in the "unique rules". |
| Netskope for IaaS | 100197 | Changed the text of the page description for the Cloud Infrastructure page under API-Enabled Protection in settings. |
| Netskope for IaaS | 104413 | As a failsafe, if the Describe Regions call fails, then Netskope tries to create the respective resources in a fixed set of regions and proceed with instance creation. |
| Netskope for IaaS | 102649 | There is a delay for DLP incidents appearing in the UI. |
| Netskope for IaaS | 93357 | Security Center Policy rules are not evaluated properly. |
| Netskope for IaaS | 93057 | Grant access for AWS for DLP and Threat Protection is not working properly. |
| Netskope for IaaS | 105035 | The AWS migration is referencing an old Netskope account. |
| Netskope for IaaS | 96009 | Duplicate rule names found in the 'unique rules'. |
| Private Access | 104310, NPA-1351 | Netskope Android App shows the correct config update time. |
| Private Access | NPA-1328 | NPA added support for EDNS. |
| Private Access | NPA-842 | NPA is changed to be case insensitive. |
| Steering | 102966 | On-Premises detection is triggered every 3-5 minutes. |
| Steering | 102658 | Prevent bypassing traffic by being able to rename an app to Netskope's service. |
| Steering | 98843 | The Client UI now displays the steering traffic mode as follows:
|
| Web UI | 103398 | While configuring the on-premises detection in the client config UI, the "http" protocol is no longer case sensitive. |
| Category | Issue Number | Issue Description |
|---|---|---|
| API Protection | 101865 | Unable to grant access to a Box instance through the UI. |
| CASB Inline Protection | 104860 | YouTube in Spanish is not being blocked properly. |
| CASB Inline Protection | 102995 | The To_user field is stripping out characters resulting in incorrect policy triggers. |
| CASB Inline Protection | 102902 | Non-Standard port Steering not working as expected when using IP in the URL. |
| CASB Inline Protection | 102756 102685 |
ns.js insertion is not functioning properly with the Eloqua application. |
| CASB Inline Protection | 102684 | The Microsoft BI app connector is missing domain information. |
| CASB Inline Protection | 101664 | File Upload to Dropbox using the Microsoft Teams app is not detected correctly. |
| CASB Inline Protection | 101258 | Share activity is not detected properly on Adobe Creative Cloud and Document Cloud. |
| CASB Inline Protection | 100863 | Certain activities are incorrectly detected as uploads to Microsoft Azure. |
| CASB Inline Protection | 100757 | SkopeIT events are not populating for a specific user. |
| CASB Inline Protection | 100286 | Accepting Outlook calendar invites without any comments from OWA with the Netskope client enabled is not working correctly. |
| CASB Inline Protection | 98206 | A user has configured block for upload events for smallpdf.com, however, uploads are successful. |
| CASB Inline Protection | 97848 | Unable to see object name in SkopeIT for Dropbox and Google Drive. |
| CASB Inline Protection | 95956 | InstanceID is not consistently captured for Google Drive for some users. |
| CASB Inline Protection | 88890 | Content classification for the YouTube app is language-specific. |
| Data Protection | 100446 | RBAC rules are not working properly with Advanced queries. |
| Discovery | 102215 | Upload activity for Google Drive and Gmail is not appearing in Application events for Discovery. |
| IaaS | 105518 | The mute filter does not work for reports. |
| NG SWG / CASB | 103250 | Reverse proxy domain bypass is not working properly. |
| NG SWG / CASB | 102363 | WeTransfer is not transferring files for a specific user when going through Netskope. |
| NG SWG / CASB | 101342 | The Microsoft Teams native client is not blocked post authentication for unmanaged devices. |
| NG SWG / CASB | 94532 | Inline email notification variables dropdown showing deprecated variable dropdown values in the UI. |
| NG SWG / CASB | 94226 | Inconsistencies with the microsoft.com domain exceptions. |
| NG SWG / CASB | 102320 | When editing the predefined rule-based policy with App Instance criteria, users see a list of app instances that are based on Real-time Protection. The list is displayed using the internal instance ID. It should display the instance name that is created by the customer. |
| Platform Services | 102744 | Certain users are not added to groups correctly. |
| Platform Services | 100353 | The Clear All Events functionality is not working properly. |
| Platform Services | 98874 | Users / group information is not syncing from OneLogin to the UI. |
| Steering | 103926 | The preinstall script for AirWatch is not working properly. |
| Steering | 102748 | Intermittently users are unable to access RSAT, Lync, Skype, file share, and so on, from their Windows laptop when the Netskope client is enabled. |
| Web UI | 104397 | Unable to download the report for the custom app usage. |
| Web UI | 104288 | Update API to fix ccl inconsistency on application events. |
| Web UI | 102414 | Unable to add domain name with custom port URLs in the Custom URL list. |
| Web UI | 100497 | The Incidents UI is not working properly and displaying errors. |
| Web UI | 99007 | The Infrastructure page is stuck on the Retrieving for the Status and Last Status fields. |
| Category | Issue Number | Issue Description |
|---|---|---|
| Steering | 102658 | Fixed a critical security defect by preventing the user the ability to bypass traffic by being able to rename an app to a Netskope's service name. No action required by admins. |
| Cloud Provider | Entity | Attribute Changes |
|---|---|---|
| Azure | none | The SecurityCenterPolicy entity has the following new attributes:
|
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.
Netskope
20 Dec 2022
10
Solution