Article Number: 000188628
Release notes for version 86 of Netskope.
Affected Products:
Netskope
Affected Operating Systems:
Windows
Mac
iOS
Android
This update of Netskope contains New Features and Enhancements, New Resource Types Supported in Continuous Security Assessment, Known Issues, and Fixed Issues. For more information, click the appropriate topic.
| Category | Feature | Detailed Description and Benefits |
|---|---|---|
| Advanced Analytics | Adding app activity field to app events and alerts. |
With this release, we now add app activity field to app events and alerts. |
| Advanced Analytics | Added signature and signature_id for Alerts |
Signature and signature_id are two alert fields that are populated by the IPS / CTEP.These fields indicate the name and numeric identifier for an IPS signature. |
| Advanced Analytics | UX upgrade | With this release, we are rolling out a new and improved Dashboard and Explore experience in Advanced Analytics. This upgrade enables you to create dashboards more quickly by highlighting the most useful options. Also, the look and feel of the dashboards are enhanced for better comprehension of the data. |
| Behavior Analytics | Enhanced the SkopeIT > Users > Incidents with a user's UCI and UBA incidents count. | Admins can now view a user's User Confidence Index (UCI) and the number of UEBA incidents that are associated with a particular user. |
| CASB Inline Protection | Improved Box connector comment activity | For the Box connector comment activity, we have updated the activity name to Post from Create. |
| CASB Inline Protection | New coverage for all activities on iPhones | With this release, we have updated activity name to Edit from Post for post edit activity for the Facebook Workplace connector. |
| CASB Inline Protection | Enhanced Connector | With this release, the following new activities are covered:
|
| Directory Services | Netskope Adapters | The Netskope Adapter (NS Adapter) has been tested to ensure compatibility with the current cloud platform. Its version number has been updated to confirm this compatibility. No other changes have been made to the NS Adapter in this release. |
| DLP | New Classifier - Photo ID | This release includes Photo ID as a new ML-based image classifier. You can create a DLP profile with Photo ID as a classifier under Personal Identifiers. Photo ID is a superset of existing image classifiers such as passport and driver license that detect images of IDs containing a photo. |
| DLP | Support for additional file types | In this release, several additional file types are supported by the DLP file filter. These file types include several Design documents including Autodesk Inventor and Solid Edge design documents. Support for Apache Parquet files is also in this release. |
| DLP | Netskope Email DLP | With this release, the Email DLP offering allows customers to apply DLP policies to email traffic in real time. Email DLP can be used by customers to scan outbound email messages over SMTP for DLP violations in the O365 Exchange and Gmail platforms. Email DLP is available with Standard and Advanced DLP. |
| IaaS | Azure SQL Managed instances | Azure SQL Managed Instances are now listed as part of Azure Continuous Security Assessment. Admins can now write custom rules to check the compliance requirements of Azure SQL Managed Instances. |
| NG SWG / CASB | Support apps in SSL Decrypt rules | Support the ability to configure an SSL Decrypt rule that is based on predefined applications. SSL Decrypt rules can be set up with Category, Domain, User, User Group, and so forth Limitations:
|
| Private Access | Improved throughput for NPA enabled applications | The Netskope Client has been enhanced to better handle high throughput situations when accessing Netskope Private Access enabled applications. |
| Private Access | Publisher CN added to Network Events. | Network Events for Netskope Private Access have been enhanced to include the Publisher CN of the destination data flow. |
| Private Access | Enhanced Netskope Client to support DNS packets | The Netskope Client has been enhanced to support steering of DNS packets using the TCP protocol through the Netskope Private Access solution. |
| Steering | IDP peruser mode is now supported with steering hardening. | Netskope Client installation in peruser mode is now compatible with steering hardening configuration. |
| Web UI | Remove the display of Last Updated Time from UI. | With the latest release, we are removing the Last Updated indicator from the user interface on the API Protection dashboard and the Files page. We plan to revive this UI feature in a future release once we have optimized and rearchitected the data retrieval for this indicator. |
| Web UI | Customizable Security/ Privacy Message Feature for FedRAMP | A privacy notice feature has been added to Settings > Administration. This allows a notice to be created, which all users must agree to before proceeding to the Dashboard. The notice appears immediately after login. This notice is disabled by default except for FedRAMP for which it is permanently enabled. |
| Cloud Provider | Entity | Attribute Changes |
|---|---|---|
| AWS | None | None |
| Azure | ManagedSQLInstance | With this release, StorageAccount has a new attribute. AllowBlobPublic:
|
| GCP | None | None |
| Issue Number | Category | Feature | Issue Description |
|---|---|---|---|
| 120539 | Steering | Outlook Client intermittently prompts with a security alert. | Netskope Cloud now connects to the destination servers using the destination IP address provided by the Netskope Agent instead of DNS resolving the domain name, for traffic that is steered and bypassed in the Netskope Cloud. |
| Issue Number | Category | Feature | Issue Description |
|---|---|---|---|
| 128432 | Advanced Analytics | Download does not work on widgets or from Explore. | Dashboard download functionality has been fixed in Advanced Analytics by removing the filtering of download format options. |
| 114773 | CASB Inline Protection | Instance IDs not displaying correctly for ASW root accounts only | With this release, we have enhanced the Instance ID detection logic for AWS services, so proper Instance ID values display. |
| 119784 | CASB Inline Protection | Azure SSO triggering a policy | When there are host and referrer fields present in the HTTP traffic, the Netskope proxy applies the policies that are based on the app name that is derived from the referrer field and categories that are derived from both host and referrer fields. In SkopeIT events, the application name is always shown as the app name derived from the referrer field, irrespective of the category that reaches the policy. |
| 126949 | CASB Inline Protection | Duplicate users visible in UI | Fixed an issue where duplicate users were seen on the product UI for Microsoft Teams API protection. |
| 115817 | IaaS | Support Azure SQL managed instances for CSA. | Azure SQL Managed Instances are now listed as part of Azure Continuous Security Assessment. Customers can now write custom rules to check the compliance requirements of Azure SQL Managed Instances. |
| NPA-3302 | Private Access | Incorrect data assignment | Network Event Uploaded and Downloaded data values have been corrected to address an incorrect data assignment issue. |
| NPA-3240 | Private Access | Trailing white-space issue with AD Group Names | AD Group Names with trailing white space could prevent NPA from associating users with the correct policy configuration. |
| 129890 | SSPM | Security Posture page not displaying correctly | Users with roles that include only the Security Posture privilege and not API Data Protection can now view links to the Security Posture pages as expected. |
| 126982 | SSPM | SSPM apps not displaying correctly on all pages | The Cloud Provider dropdown filter under the API-enabled Protection > IAAS > Overview and Inventory pages excludes SSPM apps. |
| 130191 | SSPM | Security Posture page visible for certain users | Admin users with roles that only include access to Reports and not Security Posture can no longer view the Security Posture page. |
| 124189 | Steering | TURN connection working when the Netskope Client is enabled. | The Netskope client does not support UDP traffic in CASB/WEB traffic mode. Any traffic on port 80 and 443 is dropped (traffic originating from browsers only), so that browsers fall back to TCP. However, some apps are UDP only apps. Dropping connection here causes apps to not work. This change extends IP-based exceptions to UDP traffic. UDP traffic matching exception list gets bypassed by the Netskope client instead of dropping the connection. |
| 127122 | Steering | Certificate check bypass | Netskope Client on macOS syncs the configuration even if the server certificate cannot be validated with the system key chain. |
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.
Netskope
02 Nov 2022
5
How To