Skyhigh Security Cloud Release Notes 6.3.0 (March, 2023)

Add Multiple Classifications to a DLP Policy

Instead of needing to create a policy for each Classification you would like to use, you can now add multiple Classifications to a new DLP Policy.

For details, see Create a Rule with Multiple Classifications.

Improved Match Highlighting with Data Identifiers

Skyhigh Security now provides the ability to match and highlight keywords in policies when paired with Data Identifiers. For details, see Highlight Match Keywords.

Clone Skyhigh Dictionaries and Advanced Patterns

In 6.3.0, you will now be able to clone preconfigured Skyhigh Dictionaries and Advanced Pattern definitions.

For more information, see Create a DLP policy using the Policy Wizard.

Classification Names Included in Incident API  

Classification names are now included as part of the information field in the external query Incident API. For details, see Incidents API Definitions.
 

Introducing SWG Web Policy Builder 

The SWG Web Policy Builder is a new user interface available to new customers that allows you to create and maintain your web policy. With the Web Policy Builder you can:

• Configure rules and rule sets using Criteria, Operators, and Values. 
• Create and manage custom rules with the Rule Builder. 
• Review current Web Policies and create new rules in Web Policy Code. 
• Migrate SWG On-Prem appliance Web Policies to SWG Cloud. 

At a later date, the Web Policy Builder will be available to existing customers with an upgrade that requires you to back up your current Web Policy configuration. Once you have upgraded to the new Web Policy Builder, you cannot revert to the old Web Policy view. 

For more information, see About Working with Secure Web Gateway. 

RBI Policy Support for Clientless Access 

Enforce RBI policy on the applications configured for clientless access, so users can securely navigate to potential high-risk or sensitive websites in a remote browser. For information, see Configure Private Access Policy Rules.

Device Posture Enhancements

• Active Directory domain name —  Specify the domain or workgroup associated with the device. This field is applicable for both Windows and macOS. The device must be part of the Active Directory domain to pass the validation.
• Process Validation  
  • Application Path —  Specify the process that runs on the device. Enter the process name and absolute path of the process. For example, C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 
• Additional checks — You can provide additional information such as certificate Distinguished name (DN) or signer Thumbprint, or  SHA-256 checksum values.
  
  For example, you can specify: 
  • Cert DN  — CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Thumbprint — A4BAABD12432AB9C7C297385260E95C3DAE83BF2
  • SHA 256 — CC8C41F1676864328DF5600B9895221983890FF1C3A44A951D29B7BEC3AA0AAE

For more information, see Configure Device Profiles.

Unified Policy Implementation

• Unified platform to enforce the Cloud Firewall policy across all traffic (including TCP, UDP, TLS, HTTPS, and ICMP), locations, and devices.
• Apply policies in the Cloud, eliminating the need to route traffic back through network or datacenter.
• Enforce several rules in a firewall policy at multiple layers - applications, location destination/ source IP addresses, source/ destination ports, users, IP addresses, and detected protocols.
• Creating policies for processes adds the advantage of detecting and controlling process-based traffic such as Zoom or Teams traffic.

Secure Web Traffic on Non-standard Ports

• Detect and control evasive web traffic on non-web or non-standard ports
• Gain visibility and control through protocol detection.
• Prevents disguising traffic using standard ports for other protocols such as HTTPS or DNS.

Traffic Segregation

• Split and steer traffic by intelligently forwarding certain traffic through Cloud Firewall and other traffic to the on-premise proxy.

• Cloud Firewall operates with an existing SWG On-premise to relay outbound traffic in a corporate network when there is no direct internet access (no default route to redirect traffic and no external DNS).

Visibility and Aggregated Data

• Provides insights into the entire network with analytics and reports, which predicts trends, exposes potential bad behavior, and facilitates troubleshooting.
• Manage and control aggregated data from Layer 7 to Layer 4 in the Cloud Firewall Dashboard. For example, you can monitor traffic from specific protocols, source to a destination host, and application-level traffic.

Supports Skyhigh Cloud Firewall 

You can configure Client Proxy to support Cloud Firewall key capabilities, such as:

• Perform a deeper level inspection of network traffic and protect against malicious traffic. 
• Enforce Cloud Firewall policy based on IP addresses, processes, ports, and domains to filter your network traffic.

Logging Events in Human Readable Format

The Client Proxy events, like connectivity check failures, redirection errors, auto-policy-download failures, policy change, network change, and captive portal check are now logged in a scp.loglog file in a human readable text. The log files are located in the C:\ProgramData\Skyhigh\SCP\Logs\Scp.log folder. This is supported only for Windows.

User Group Header Validation

Client Proxy running on Windows can now validate and log a failure message if the group header exceeds the maximum limit. The maximum header limit for the traffic redirection is 7186 bytes. 

Enforce Time-based Policy

You can enforce a policy for a specific time range on the Windows systems. This means you can restrict web access during a particular period of the day to efficiently monitor and manage network resources. For example, you can block all social media sites for all users across the world during work hours (9 a.m. to 4 p.m.).

VSCore for DNS Interception

Replaced NTK drivers with VSCore for DNS interception to avoid network disruption while installing or uninstalling Client Proxy.

DLP Policy Wizard Rollout is Complete

As of Skyhigh Security Cloud 6.3.0, the phased rollout will be complete and all customer tenants will be migrated to use the new DLP Policy Wizard. For details, see Create a Sanctioned DLP Policy. 

Skyhigh CASB for Zoom Supports Secret Token for Webhook Validation

Skyhigh CASB now supports Zoom’s additional security validation check to secure its API integration. Skyhigh CASB for Zoom uses a secret token, which allows users to validate Skyhigh CASB’s webhook URL to receive Zoom event notifications. You can copy this secret token while creating a custom OAuth application for Zoom or generate it from an existing custom OAuth application for Zoom. For details, see Custom OAuth Application for Zoom. Use this token to enable API access for your Zoom instances in Skyhigh CASB. For details, see Integrate Skyhigh CASB with Zoom. 

Secure Collaboration for SharePoint (Limited Availability)

Skyhigh CASB for SharePoint secures user collaboration and allows security administrators to define DLP policies for detecting and removing external users from SharePoint sites. Skyhigh CASB identifies and removes external users, and their O365 groups from SharePoint sites. You can define the DLP policy for SharePoint in Skyhigh CASB. For details, see SharePoint Secure Collaboration Use Cases.

Custom Anomaly (Limited Availability)

Custom Anomaly is a new anomaly type or category on the Anomaly Setting page (found under Incidents > Anomalies > Anomaly Settings) that enables users to create their own anomaly structure based on the risk parameters identified in the Sanctioned IT cloud service activities. You can define Custom Anomalies by configuring the rule with risk parameters such as activity type/category, activity count, location, source, source IP, user agent, device ID, and device. Constructing anomalies allows you to align with your organization's risk posture and raise an incident when anomalies are detected so that users can investigate and take necessary remediation action. Custom anomalies can be removed, activated, or deactivated. For details, see Custom Anomalies.

Unmatched Upload Page Redesign (Limited Availability)

The redesigned Unmatched Upload page (found under Analytics > Unmatched Uploads) provides powerful search and filtering capabilities, along with detailed information on users responsible for unmatched uploads that can be exported to a CSV file. The Saved View can be created for your search query and dashboard cards can be added. In addition, the status of multiple unmatched uploads can be modified simultaneously, and the requested service URLs or IP addresses can be added to the Skyhigh Security Cloud Registry. Unmatched Uploads data is set at 100 days unless the Skyhigh SSE Data Retention option is purchased which extends the data retention for a full year. For details, see About Unmatched Uploads New.

New Azure CIS v1.5 Policy Templates

In this release, 8 new Azure Policy templates are added for the CIS v1.5 benchmark. CIS Benchmarks are based on technical configuration settings used to maintain and increase the security of the enterprise, especially when used in conjunction with other essential cyber hygiene tasks. For details, see Policy Templates for Azure. 

Improved Activities Page Performance

Previously, all Activities page filter data was loaded immediately. This caused the page to load slowly. Now, only the Service Name filter is expanded by default. All other filters are expanded on demand to improve page performance. For details, see About Activities. 

Auto Discover AWS Organization Info (Limited Availability)

This new method provides AWS organization information to Skyhigh CASB (found under Settings > Service Management > Enable API for AWS > Accounts). On providing AWS Organization info, Skyhigh CASB auto-discovers all accounts associated with the organization, and allows to select all or required accounts to add to the organization. This method helps to scan multiple accounts in an organization rather than individual accounts. For details, see Configure AWS in Skyhigh CASB.