Skyhigh for Shadow IT
Automated Firewall Proxy Integration
In order to streamline and improve the integration process, the Firewall/Proxy Integration page and wizard has been updated to include integrating your firewall or proxy device, Service Groups, and Email Summary. For more information, see About Firewall and Proxy Integrations. For instructions on using the wizard to integration your edge device, see Integrating an Edge Device.
Anomalous Access Location
MVISION Cloud provides new ways for you to fine tune anomalies based on location, including machine-generated activities (such as log ins), mobile network device activities. You can supply a white list of networks and locations to suppress anomalies from being created by expected activities. Now, you can add a blacklist of networks and locations to ensure that anomalies are always triggered by activities originating from specified networks or locations, including those of your competitors or known bad actors. For details, see Anomalous Access Location Workflow.
Custom Email Templates
MVISION Cloud provides pre-configured Email Templates to send email notifications to users when specific response actions have occurred in association with a DLP Policy. You may edit these pre-configured Email Templates to customize for your organization, and also add variables to the text as necessary. You can also create a Custom Email Template and link it to a DLP Policy. For details, see About Email Templates.
To prevent users from being overwhelmed by emails, you can also suppress email notifications from being sent to users completely. This option is set up as part of a DLP Policy, when specifying the Response Action. Note that if you’d like to turn notifications back on, you can simply edit the policy. For details, see Suppress Emails.
The Policy Management > Policy Settings > Scan Settings page allows you to select file types, users, and file sizes to exclude from all content scans and policies, which helps to improve performance. For details, see Scan Settings.
Office 365: Real-time API-based Collaboration (Beta)
Real-time API collaboration controls document tagging and DLP policies to block confidential documents in OneDrive or SharePoint from being shared externally. This feature blocks sharing activity on a folder having one or more files with given document tag either directly in that folder, or in any of the sub-folders (at any level).
Salesforce: Encrypted Fields Report
You can now create and download a PDF report that documents all encrypted fields. This allows you or your admins to communicate encrypted fields to auditors or customers. The report is downloaded in PDF form, and includes object name, object type, field name, and encryption method.
Salesforce: Search Indexing (Beta)
Search Indexing creates an index of on-prem Salesforce data and uses wildcards as part of Salesforce search. Search Indexing allows you to use encryption schemes such as LOE and take advantage of wildcard search at the same time.
We fixed an issue with the SharePoint app for DLP where too many events were generated and processed, so the number of SOQL calls made was exceeding the limit on calls.
To fix this issue, MVISION Cloud:
- Removed Delete triggers on all supported standard objects, because Delete is not a DLP event.
- Removed triggers on ContentDocument objects, as this object is not supported.
- Optimized code to remove unnecessary SOQL calls in the app.
Data Loss Prevention
User-Specific DLP Policy Configuration and On-Demand Scanning
Changes to the DLP Policy workflow now allow admins to specifically include or exclude users in DLP policies, using a comma-separated list of user email Ids, domains or Glob Patterns. The excluded users list has higher precedence over Include Users list.
The same functionality extends to On-Demand Scanning, where scans can be configured using a comma separated list of user email Ids, domains or Glob Patterns.
Wildcard Support in DLP Policies
Wildcards (*) can be used when creating DLP Policies.
Services Overview Page Redesign (Beta)
The redesigned Services Overview page displays the cloud applications used by your organization. It is an aggregated snapshot view of the overall enterprise usage based on an ongoing feed of enterprise log files. On this page, you can search, filter, and drill down to see the information you need. You can display Services data in a Grid (table or spreadsheet) view, or create a Chart view. It also provides easy access to filters, Saved Views, and allows you to schedule a report, save data as a CSV or XLS file, and display service details with a single click. For complete details, see Services (Beta).
Skyhigh for IAAS
Configuration Audit Policy Customization
Default Configuration Audit Policies can now be edited, enabled, or disabled directly from the Security Configuration Audit page. You can add or remove Exceptions and edit the admins who receive email alerts when violations occur.
New Configuration Audit Policies
To continue to expand the monitoring use cases, you'll now see Unrestricted Access to S3 Bucket and Unencrypted S3 Buckets as new Configuration Audit Policies. These new policies are on by default, to make sure you're alerted to risky policies and potential access issues.
Automatic Remediation of AWS Incidents
MVISION Cloud for AWS provides an automatic remediation process to streamline incidents that are triggered in MVISION Cloud when an AWS Configuration policy is violated, de-duplicating all incidents. Incidents are marked Resolved if the configuration which caused the incident in AWS is resolved by a member of your team. An incident is marked Archived if the incident is no longer valid. This could happen if the entity that triggered the violation (such as a user) is deleted from AWS.
Skyhigh On-Prem Proxy
Log Forwarding to Splunk SEIM
The MVISION Cloud On-Prem Proxy can be configured to send log messages from the On-Prem Proxy Admin App to an external splunk SEIM. Data includes Proxy Admin App usage (such las log ins, configuration changes, and failed SSH log ins) as well as error and access messges from NGINX logs.
TACACS authentication allows a remote access server to forward a user's credentials to an authentication server to determine if access is allowed. Authentication to the local Admin App running on the MVISION Cloud On-Prem Proxy can be configured to use the TACACS+ protocol in combination with an external TACACS+ server to authenticate and authorize access to the local Admin App.
End of Life
Support for Live Log data has been ended with 3.5.
For details, see MVISION Cloud Known Issues.