Article Number: 000186902
Release notes for version 85 of Netskope.
Affected Products:
Netskope
Affected Operating Systems:
Windows
Mac
iOS
Android
This update of Netskope contains New Features and Enhancements, New Resource Types Supported in Continuous Security Assessment, Known Issues, Fixed Issues, and Appendix: Fixed Issue 124698. For more information, click the appropriate topic.
| Category | Feature | Detailed Description and Benefits |
|---|---|---|
| CASB Inline Protection | Google Chat share events | With this release, users can add a new share activity through the user interface (UI). When a new message is posted or received, hover over the message and select forward to Inbox. The share activity appears in the user interface (UI). |
| CASB Inline Protection | Separate app connector for Yahoo Japan log in activities | In prior releases, the "Yahoo Japan Mail" app covered login activities. With this release, it is now a separate application called "Yahoo Japan App Suite." In order to have activity detection and policy control over login activities, you must add the new app "Yahoo Japan App Suite" to your steering list. |
| Data Protection | Added DLP support | With this release, we have added DLP Entity support for US Individual Tax Identification Numbers (ITIN). |
| Directory Services | Netskope Adapters | The Netskope Adapter (NS Adapter) has been tested to ensure compatibility with the current cloud platform. Its version number has been updated to confirm this compatibility. No other changes have been made to the NS Adapter in this release. |
| Netskope for IaaS | Azure 1.1 compliance standard support | With this release, we have added the Center for Internet Security Microsoft Azure Foundations Benchmark v1.1.0 to the predefined profiles for Security Assessment. |
| Netskope for IaaS | Cloud Infrastructure Permissions Enhancement | Previously, the Cloud Infrastructure pages showed "Permission Error" for view only privilege users. With this release, these pages are available for the view only privilege users while restricting these users from create, update, and delete activities. |
| Web UI | SkopeIT table | In the Network Events page, the Dst Host is a toggle table column that must be added to the column view. It is not available in other SkopeIT pages. With this release, the Dst Host is available in other SkopeIT pages. |
| Web UI | Export timeout changed | When performing a table export from the Web UI, if the export takes longer than the threshold, the system sends an email. This threshold has been increased to 60 seconds. |
| Cloud Provider | Entity | Attribute Changes |
|---|---|---|
| AWS | None | None |
| Azure | None | With this release, ActivityLogAlert has a new attribute.SubscriptionScope:
With this release, FunctionApp has a new attribute. ADRegistered:
|
| GCP | None | None |
| Issue Number | Category | Feature | Issue Description |
|---|---|---|---|
| 119784 | CASB Inline Protection | Azure SSO triggering a policy | When there are host and referrer fields present in the HTTP traffic, the Netskope proxy applies the policies that are based on the app name that is derived from the referrer field and categories that are derived from both host and referrer fields. In SkopeIT events, the application name is always shown as the app name derived from the referrer field, irrespective of the category that hits the policy. |
| 125455 | Steering | Server Name Indication (SNI) check not working properly when enabled | When "perform SNI check" is enabled, the system sometimes returns a generic network error. ( ERR_CONNECTION_TIMED_OUT) on the browser. |
| 125490 | Steering | SNI check with Bypass by tunnel configuration | The Netskope Client does not use the "Perform SNI check" configuration if the flow is identified as a "bypass by tunnel" flow. In IP overlapped cases, the Netskope Client may bypass the wrong domain's traffic. |
| Issue Number | Category | Feature | Issue Description |
|---|---|---|---|
| 117334 | API Protection | DLP Incident Management in API Protection | For a subsequent DLP incident on the same object, Netskope would assign the incident to the same assignee as the earlier incident. With this fix, the assignee is reset, and the administrator must manually assign the incident to an individual. |
| 121364 | API Protection | File attachments in Microsoft Teams | In this release, in addition to blocking a message, a block action policy blocks access to a file attachment for all users (except the file owner) under the Files tab of the Microsoft Teams UI.
Note: If a file is shared in a channel, the SharePoint site owner has access to the file.
|
| 124698 | Netskope for IaaS | Azure Security Center Policy for CSA Rules | The following changes have been made to the Azure Security Center Policy for CSA. The Appendix: Fixed Issue 124698 table maps the updated Netskope Security Center DOM property to the corresponding Azure Security Center Policy property. |
| NPA 2972 | Private Access | Connectivity issue to the NPA Gateway | Corrected an issue where connectivity to the NPA Gateway would be blocked and required a computer restart. |
| NPA 3044 | Private Access | macOS Big Sur connectivity errors | Corrected an issue where high network throughput on macOS Big Sur could cause connectivity errors. |
| 123150 | Web UI | Compromised Credentials CSV export | The Compromised Credential CSV export now provides human readable Date Compromised columns and a Timestamp column. |
| 123401 | Web UI | Domain exclusion is not working properly for policies | The "All External Domains" profile was not working properly for some users. The profile_id 1 is reserved for the "All External Domains" but it was changed for some users.With this release, a script runs during the deployment and ensures "All External Domains" has the correct profile_id. In addition, edit permission is restricted for the "All External Domains" profile in the UI. |
This table corresponds to the Azure Security Center Policy for CSA Rules fixed issue.
| Netskope Security Center DOM Property | Azure Security Center Policy Property |
|---|---|
VMSystemUpdates |
properties.parameters.systemUpdatesMonitoringEffect.value |
VMSecurityConfigurations |
properties.parameters.systemConfigurationsMonitoringEffect.value |
VMEndpointProtection |
properties.parameters.endpointProtectionMonitoringEffect.value |
VMDiskEncryption |
properties.parameters.diskEncryptionMonitoringEffect.value |
VMNetworkSecurityGroups |
properties.parameters.networkSecurityGroupsOnVirtualMachinesMonitoringEffect.value |
VMWebApplicationFirewall |
properties.parameters.webApplicationFirewallShouldBeEnabledForApplicationGatewayMonitoring |
VMNextGenerationFirewall |
properties.parameters.nextGenerationFirewallMonitoringEffect.value |
VMVulnerabilityAssessment |
properties.parameters.serverVulnerabilityAssessmentEffect.value |
StorageEncryption |
properties.parameters.storageAccountsShouldUseCustomerManagedKeyForEncryptionMonitoringEffect.value |
VMJITNetworkAccess |
properties.parameters.jitNetworkAccessMonitoringEffect.value |
AdaptiveApplicationControls |
properties.parameters.adaptiveApplicationControlsMonitoringEffect.value |
SQLAuditingAndThreatDetection |
properties.parameters.sqlServerAuditingMonitoringEffect.value |
SQLEncryption |
properties.parameters.sqlDbEncryptionMonitoringEffect.value |
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.
Netskope
19 dec. 2022
6
How To