Article Number: 000181183
Release notes for version 81 of Netskope.
Affected Products:
Netskope
Affected Operating Systems:
Windows
Mac
iOS
Android
Not applicable.
This update of Netskope contains New Features and Enhancements, New Resource Types Supported in Continuous Security Assessment, Known Issues, and Fixed Issues. For more information, click the appropriate topic.
| Category | Feature | Detailed Description and Benefits |
|---|---|---|
| CASB Inline Protection | AWS EKS Browser based connector support | New Support added for the EKS application for the browser. |
| CASB Inline Protection | Add missing content-types to universal connectors | We have added additional content types for download activity for better detection of malware and DLP. |
| CASB Inline Protection | AWS EKS CLI and SDK's connector enhancement | Added connector support for EKS application for CLI and SDK tools and Browser. With this release, users can now create sanctioned and unsanctioned based policies. |
| CASB Inline Protection | Added connector support for the Amazon EKS application | Added Instance support for EKS and KubeCTL applications using API based Synthetic approach. With this release, users can create instance-based policies for EKS and KubeCTL applications. |
| CASB Inline Protection | Inline policy support for additional activities for Adobe Creative Cloud and Document Cloud | With this release, we now support new activity 'Share' for Adobe Creative Cloud and Document Cloud. |
| Data Protection | DLP Support for Chile | In this release, some of entities specific to Chile, such as addresses, phone numbers, and taxpayer identification numbers have been introduced. These entities help detection of country-specific PII. |
| Data Protection | Generic DLP Entities | In this release, some generic entities have been introduced. These entities can be used to detect generic identification numbers such as customer account number. These entities come with built-in validation to ensure that consecutive numbers or duplicate digits are not detected. |
| Directory Services | Netskope Adapters | The Netskope Adapter (NS Adapter) has been tested to ensure compatibility with the current cloud platform. Its version number has been updated to confirm this compatibility. No other changes have been made to the NS Adapter in this release. |
| NG SWG / CASB | Explicit Proxy on Chrome version 86.0.4240.183 | Using Google Apps with Cloud Explicit Proxy (for remote users) requires adding www.googleapis.com, to your browser or PAC file, to go direct as that URL does not contain the Netskope cookie. |
| NG SWG / CASB | Restrict Explicit Proxy Allow-listed IP Addresses from /24 to /32 | It was previously possible to configure broad ranges of IP Addresses for the Cloud Explicit Proxy Allow-List. To prevent customers from inadvertently configuring broad ranges that they may not own or control, this is now limited to being a single IP Address per configuration. |
| NG SWG / CASB | Support for HTTP Headers in Inline Policies | To augment the Security Cloud Platform current capabilities, HTTP headers are now available in Real-time Protection policies for further granular controls. |
| NG SWG / CASB | Default policy creation for new accounts | For newly provisioned accounts, an SSL Decrypt Policy to bypass Microsoft App Suite is now created by default. The same policy is visible in the UI under Policies > SSL Decryption. |
| NG SWG / CASB | Policy lookup based on telemetry and referrer apps | In many instances, SaaS apps have embedded websites that are either telemetry apps (for example, tracking apps) or other integrated SaaS apps (for example, Gmail integrated with Salesforce). Default Netskope policy lookup logic swaps the actual app name with the referrer app when doing policy match if the referrer app is a managed app and has a connector present. This sometimes may not reflect the intention of the user. With this new logic (if enabled), we now consider both referrer and host apps for this kind of traffic and match the policies that are configured for both the apps (in the order they are configured.)
Note: Contact support to enable this feature in your tenant. Reference How to Get Support for Netskope.
|
| NG SWG / CASB | Support SSL bypass in proxy chaining and explicit proxy access methods | With this release, we have added SSL Decrypt Policies for proxy chaining and explicit proxy access methods. |
| NG SWG / CASB | Silent Block Feature Expanded | With this release, Silent block can be configured for all Categories, Apps, and Instances. |
| Netskope for IaaS | Improved Rule listing page with new UI | Rule listing and profile listing now appear together in a common page. |
| Netskope for IaaS | CSA Policy updates | Improved Policy Wizard with new UI. |
| Netskope for IaaS | API compliance standards fields update | With this release, the following updates are added to the API compliance standards:
|
| Steering | macOS DNS TCP Support | The Netskope Client on Big Sur now handles DNS over TCP. |
| Steering | Support Fail Close for Big Sur 11.0 | The Netskope Client now supports "Fail Closed" on macOS Big Sur. |
| Web UI | New Top Risky Users by User Confidence Index widget | New Behavior Analytics widget is available in the home page widget library. |
| Web UI | Compromised Credential enhancement | With this release, admins can turn on or off the Compromised Credential feature using a flag. The default is ON. If admins have security concerns (for example, GDPR violation), contact support to request to turn OFF the flag.
Note: For more information, reference How to Get Support for Netskope.
|
| Cloud Provider | Entity | Attribute Changes |
|---|---|---|
| AWS | None | None |
| Azure | None | None |
| GCP | None | Instance entity has the following new attribute:
|
| Issue Number | Category | Feature | Issue Description |
|---|---|---|---|
| 106037 | Steering | Fail close: Command-line parameters not overriding the web UI configuration | This command-line flag disables fail close for a particular user, overwriting the web UI fail close enable flag. The following options are implemented for command-line parameter installation. fail-close=disable - this command explicitly disables failclosefail-close=no-npa - this command excludes NPA traffic when fail closed |
| 116527 | Web UI | Ransomware Encrypted File Timing Out | The web UI is not correctly displaying the success or failure when restoring ransomware encrypted files. |
| Issue Number | Category | Feature | Issue Description |
|---|---|---|---|
| 111475 | Netskope for IaaS | Firewall rules are added as external entity reference for GCP Compute Instance. | The applicable firewall rules are selected on the basis of sourceRanges, destinationRanges, sourceTags, targetTags, sourceServiceAccounts, targetServiceAccounts. Indirect rule evaluation is possible using the existing FirewallRule DOM and entity. |
| 115815 | Netskope for IaaS | Azure change in asset type and category | Azure Functions now show up under Compute in the Inventory Page of the Cloud Infrastructure. |
| 91751 | Netskope for IaaS | AWS CLI | Uploading the local file to an S3 bucket is failing with the new CLI version. |
| 114570 | NG SWG / CASB | Google Meet Disconnection | Duplicate SYN packet after TCP Handshake is not handled properly. |
| 113903 | NG SWG / CASB | Policy 3.0 Web UI | After migrating policies to Policy 3.0, there are some issues and general slowness for some accounts. |
| 112479 | NG SWG / CASB | Reverse Proxy from unmanaged devices | Run the API to enable the feature for scrambling, to avoid bypassing reverse proxy post authentication. |
| 107714 | Steering | NPA Fail Close connection status behavior | When the Netskope client has fail closed, the status of the private access might be shown as "connected" in the client configuration window from the tray icon even though the private apps are blocked due to fail close. |
| 112144 | Steering | Probe IP Mandatory for GREGW | GREGW node responds to ICMP probes/keep-alives only when the Destination IP value in the inner IP packet matches the GREGW Probe-IP that is listed in the GREGW UI dashboard corresponding to the DC. Otherwise, the probe packets are dropped by the GREGW. |
| 114480 | Steering | Google Meet Disconnection Improvements | Google Meet and Google Hangouts are not accessible on-premises. |
| 115310 | Web UI | Instance Detection Issue | Google Hangout Chat instance detection is not working properly for upload activity. |
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.
Netskope
19 Dec 2022
9
Solution