Article Number: 000180577
Release notes for version 80 of Netskope.
Affected Products:
Netskope
Affected Operating Systems:
Windows
Mac
iOS
Android
Not applicable.
This update of Netskope contains New Features and Enhancements, Fixed Issues, and Known Issues. For more information, click the appropriate topic.
| Category | Feature | Detailed Description and Benefits |
|---|---|---|
| API Protection | Shared Forensic Folder for Google Drive | Netskope added a feature to the shared forensic folders to update on a daily basis. This is required to keep up with a change on Google Drive, where a specific folder is limited to a set number (500 K) of child objects within its hierarchy. No action is required from users and this change is enabled on the backend by Netskope. |
| API Protection | Microsoft Office 365 Teams | With this release, Netskope now supports detecting policy violations. It also supports applying automated policy actions (block access) for violating messages and attachments sent within the Microsoft Teams "Meeting" experience. |
| API Protection | ServiceNow Paris Release | With this release, Netskope has tested and validated support against the ServiceNow 'Paris' release with our API Protection features. |
| CASB Inline Protection | Atlassian App Suite | Enhanced the Atlassian App Suite Connector to support log in activities for the Custom Apps. Activities: Log in Attempt, Log in Successful, Log in Failed, Log out |
| CASB Inline Protection | GitHub Connector Support | Enhanced App Instance ID support in GitHub Browser, CLI, and Desktop apps for Windows and Mac. Activities: All Platform: Browser, Desktop, CLI |
| CASB Inline Protection | Google Drive | Added support to detect Image Insertion into Google Docs/Sheets/Slides from Google Drive and Google Photos plugins. Activities: Create DLP: No |
| CASB Inline Protection | Tableau Online | Enhanced the Tableau Online application with additional activities. Activities: Log in Attempt, Log in Successful, Log in Failed, Log out, Upload, Download Platform: Browser DLP: Upload, Download |
| CASB Inline Protection | Google Forms Activity Check | Ability to control clearing an option in Google forms which prevents users from sharing files outside the enterprise account. |
| Directory Services | Netskope Adapters | The Netskope Adapter (NS Adapter) has been tested to ensure compatibility with the current cloud platform. Its version number has been updated to confirm this compatibility. No other changes have been made to the NS Adapter in this release. |
| IaaS | CSA REST API | In this release, we have added a new REST API call for CSA. CSA scans IaaS accounts for compliance violations, and then displays the noncompliant rules and resources that are associated with those accounts. Available now are the operation 'status' to check security scan status and the 'start' operation now returns a scan ID for checking status. |
| IaaS | Granting Access to Azure Instances | Custom role support for Azure DLP and Forensic has changed. This is due to a recent change in one of the Microsoft custom role permissions. Now, in order to use Azure DLP, the following custom role must be created: Step 1: Custom Role A: {Step 2: Then the permission of Azure Inbuilt Reader role + Custom Role A is required over the subscription scope in Azure Portal for successful grant of Azure DLP instance. Similarly for Forensic, the customer must provide Azure Inbuilt Reader + Custom Role B over Subscription scope in Azure Portal for successful Forensic instance grant. Custom Role B: { |
| NG SWG / CASB | XFF with Explicit Proxy in the Cloud | With this release, we support XFF with Explicit Proxy in the Cloud. This enables our ability to see the users' local RFC 1918 IP Address. This is useful when admins create policies that are based on source IP Addresses. There is a choice (control) that an admin makes within the admin console. |
| NG SWG | Security Risk Category Mappings | With this release, Netskope has updated the Security Risk subcategories. The Security Risk - Malware Call-Home category is now merged with the Security Risk Command and Control server category. The Malware Call-home subcategory is removed. |
| NG SWG | Web UI Category Mappings | In release 78, three new categories were introduced for granular flexibility and policy application. These include No content, Unreachable, and Redirect. In this release, the old category, Unreachable / No Content, is removed. Adjust your policies to match with these new categories. Here is the complete mapping for reference: Old Mappings:
|
| NG SWG | Explicit Proxy Remote Users | The Netskope Cloud Explicit Proxy now supports remote users. Once configured, users are prompted for an organization name that is provided to them by their administrators. Once validated, users are redirected to authenticate with their IdP before being able to access the web. Authentication is mandatory for remote users. This feature is in limited availability, and we suggest working with Netskope to deploy this successfully in your environment. |
| Other Services | Easy Button to Bypass Microsoft O365 Services | Microsoft strongly recommends that any proxy should transparently forward end-user Office 365 traffic to their cloud. Netskope keeps track of all Microsoft Office 365 application traffic that is based on IP address and fully qualified domain name (FQDN). This traffic is forwarded to the Microsoft cloud without SSL Inspection (SSL B+I). The Microsoft Recommended Office 365 easy button bypass option allows Netskope to map all Microsoft IP ranges and domains for all Office 365 apps that are listed on their Office 365 connectivity principles website. We use the REST APIs published by Microsoft to keep this mapping up to date. |
| Private Access | Private DNS | Private DNS for NPA enables use cases for customers which have advanced DNS configurations and require steering DNS traffic to private DNS servers.
Note: This functionality requires Netskope Client Version 80 and NPA Publisher Version 1.4.6074.
|
| Steering | Granular Auto Upgrade Support | Admins can now choose which version of the client to upgrade to. Admins can configure this in the client configuration page in the tenant UI. |
| Steering | SNI Based Traffic Filtering | With this release, admins can use the SNI in addition to DNS to make a steering decision. This is useful when multiple domains may use a single IP Address. Configure this feature in the client configuration page in the UI. |
| Steering | SNI Based Policy Support | With this release, Netskope Cloud Director can steer CASB traffic to Netskope and apply SNI-based policies to this traffic. |
| Web UI | URL List Creation | With this release, we have added the ability to use regex-based URL matching in the URL List in the Policies > Web > URL List. The default behavior is 'Exact Match' URLs. |
| Issue Number | Category | Feature | Issue Description |
|---|---|---|---|
| 112426 | IaaS | GCP Users Showing as Blank | IAM Policy Users were showing up as part of the User category in the Inventory Page for GCP. |
| 114077 | IaaS | Certain Databases are not Showing in the Compliance Dashboard | SQL Instances now show up as part of the Database in the Inventory Page for GCP. |
| 113684 | IaaS | Compliance Page 'Failing Since' Field Sort is Not Working | The Compliance page 'failing since' field sort was not working because of a wrong parameter used in the API call. The fix updated the appropriate parameter name ( result_status.failure_time) for both ascending and descending order sort.We also fixed the export feature API to respect the sorting order. |
| 112204 | Introspection | Remediation for Quarantined Files is not Working | In this release, we have fixed an issue with remediation of quarantined files, where attempting to manually remediate a quarantined file would throw an error. |
| 113376 | Introspection | Collaborator Count Displayed in SkopeIT Alerts Page is not Working | We have fixed an issue with collaborator counts showing incorrectly when a file is shared with an AD Group. |
| 113294 | Introspection | Unable to Query SharePoint Sites in the Policy | We have fixed an issue where all sites with a special character in the name were not showing up under the sites selection during policy creation. |
| 112342 | Threat Protection | Anomalies Are Not Detected When Using SharePoint | In this release, we have fixed an issue where SharePoint Audit events were not being considered for Anomaly Detection. |
| 107712 | Steering | Devices Status Filtering | Admins are not able to filter the devices that are in "Fail Closed" state in the tenant UI. |
| 112197 | Web UI | App Domains for Custom SSL Pinned Apps | For a custom SSL pinned app, only custom app domains are valid and app domains are not valid. If an SSL pinned app is custom and if it has any domains that are not custom, previously we used to display them in the UI. |
| Issue Number | Category | Feature | Issue Description |
|---|---|---|---|
| 114912 | NG SWG / CASB | Headers Prevent Cookie Surrogate / Explicit Proxy Redirects | When website is setting Content-Security-Policy header, pages may not be rendered correctly when going through explicit proxy or using cookie surrogate. |
| 113611 | Web UI | CDPP Appliance Advanced Analytics Reporting | Through the UI, the following fields are not supported for Advanced Analytics Reporting:
|
| 113512 | Web UI | Time Based Policy Not Available for Private Apps | The Policy Schedule feature is visible for Private App based policies but does not enforce the time-based configuration. This is a limitation in this release. This is visible in the UI by going to Policies > Realtime Protection. |
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.
Netskope
19 Dec 2022
9
Solution