Skip to main content
Skyhigh Security

What's New in 2.9

What’s New in Skyhigh for Shadow IT

User Creation API

Skyhigh CASB Cloud Access Security Broker (CASB) administrators can now bulk create CASB users through an API. Administrators can send requests containing user information (such as user email address or temporary password) and administrative flags (such as User is allowed to deobfuscate or User is Security Admin) to create users.

Reports – CSV Format Support

Users can now export reports created by Report Manager in CSV format along with the existing PDF, HTML, and Excel format options.

Date Picker Enhancement

The date picker calendar on the dashboard has been enhanced so that your selection options reflect the current data resolution (Day, Week, or Month). When you are in the Day view, individual days are selectable. When you are in the Week view, weeks are selectable (Sunday - Saturday). When you are in the Month view, months are selectable (1st - End of Month). Date ranges that are available for selection are highlighted in blue.

Threshold Tuning for Anomalies

Anomalies involving MIME Type and Service Category Based Data Transfer now offer Threshold Tuning. This will allow users to adjust the anomaly sensitivity for these anomaly types to control the number of anomalies generated.

New User Roles

Administrators can assign a role to a user to restrict access to certain parts of the Skyhigh CASB Cloud Security Access Broker (CASB). These roles have been updated to allow for more granular access control:

  • Customer Administrator (formerly the Tenant role): This role has access to both the Skyhigh CASB CASB Dashboard and the Enterprise Connector Console
  • Dashboard User: This role has access to the Skyhigh CASB CASB Console and only and cannot login into the Enterprise Connector Console
  • Enterprise Connector User (formerly the Log Processor role): This role has access to the Enterprise Connector Console only and cannot login into the Skyhigh CASB CASB Dashboard

Improved Service Group Assignment

In 2.9, services are restricted to a single service group only and conflicts are resolved through a workflow so that users can manage the process of deciding what group a service belongs to. For service groups that are generated automatically using inclusion criteria, an “exceptions” field is available to prevent unwanted services from being assigned to that group automatically.

Skyhigh Forward Proxy (Beta)

The Skyhigh CASB Forward Proxy allows users to apply Data Loss Prevention policies against Shadow cloud services. Skyhigh CASB supports multiple options to forward traffic to Skyhigh CASB’s Forward Proxy and offers the ability to monitor or block data uploads that are in violation of defined DLP policies.

Cloud Registry Enhancements

The “Service Location” registry attribute now displays the specific geographic location for the headquarters of selected cloud service. This registry attribute is distinct from the Provider Location registry attribute which lists the location of the cloud service’s servers.

What’s New in Skyhigh for Sanctioned IT


Match Highlighting

Skyhigh CASB now provides an option to enable Match Highlighting for policy violations. When a file includes content that violates a data loss prevention policy, incident response teams are able to view an excerpt of the document that contains the text matching the DLP rule. Some surrounding text is included with the highlighted matches to help identify false positives. This is an optional feature that requires customers to provision their own instance of an Amazon AWS S3 bucket to store matches. Please contact for more information about enabling this feature.

Policy Violation - Collaboration Improvements

The Policy Violation platform now displays enhanced information about external collaborations and shared links. The Details panel on the policy violation lists all external collaborators for files associated with the policy violation. Additionally, users can now manually modify collaborations or delete shared links for as remediation action.

API Access Page Enhancements

The API Access page now contains additional status information for your API-enabled Sanctioned services. This page provides statistics on the number of events received in the last hour, day, and week from the cloud service.

Custom Email Templates

The email notifications that are sent as part of Data Loss Prevention and Secure Collaboration policies can now be customized by customers. Customization options include the ability to insert variables that include key forms of metadata from a policy violation.

New Data Identifiers

Data Identifiers have been added for Ohio Driver’s License Numbers, Turkish Kimlik, Bitcoin Addresses, ICD-10 codes and International Securities Identification Numbers (ISIN).

Threat Protection

Threshold Tuning Improvements

When updating anomaly thresholds, users now have precise information on how many anomalies will be generated based on the new threshold. Users will see a count of how many new anomalies will be displayed, which types of anomalies will not be detected and which ones will. This information is displayed during the preview stage of threshold tuning.

Easier Investigative Drilldowns

Users can drilldown into the activities and data impacted by threats and anomalies with one click. With 2.9, incident responders can download CSVs illustrating the impact of the threat/anomaly. These CSVs list all the activities and data corresponding to the threat/anomaly.

Skyhigh for Slack

API-Based DLP Support

With v2.9, Skyhigh CASB has expanded CSP coverage to Slack. With API-based deployment of Skyhigh CASB for Slack, users can extend DLP policies to content in Slack. Skyhigh CASB’s DLP rules can detect sensitive content uploaded to Slack and enforce remediation actions such as removal of public links or quarantine or delete documents and messages that match a DLP policy.

Proxy-Based DLP Support

With proxy-based deployment of Skyhigh CASB for Slack, users can enforce DLP policies in real-time for browser-based access to Slack. Skyhigh CASB’s DLP rules can detect sensitive content uploaded to Slack and enforce remediation actions such as blocking or encrypting documents and messages that match a DLP policy.

Proxy-Based Cloud Access Policy Support

With proxy-based deployment of Skyhigh CASB for Slack, users can enforce access control policies for browser-based access to Slack. Skyhigh CASB’s access control policies can allow or deny access to Slack based on device type (managed vs. unmanaged) and users (groups).

Skyhigh for O365

Searchable Symmetric Encryption Support (Beta)

With proxy-based deployment of Skyhigh CASB for OneDrive, users can now encrypt sensitive content while maintaining search functionality using the Searchable Symmetric Encryption (SSE) cipher. Search terms entered while connected to the proxy are automatically encrypted to match the encrypted content in your O365 deployment. Users connected to the Skyhigh CASB Secure Proxy will view search results in plaintext. This is a beta feature and may not be available to all users. To learn more about this feature, please contact

What’s New in Skyhigh Enterprise Connector

                  Skyhigh CASB Enterprise Connector provides integration with on-premises infrastructure and applications such as firewall/proxy logs, SIEM, Active Directory, and key management systems.

Active-Active Deployment Mode

                  The new Active-Active Deployment option delivers horizontal scaling and high availability. With this feature, all ECs configured in Active-Active mode process logs in parallel, thereby providing the ability to increase overall performance by adding more ECs. This deployment mode also delivers high availability and keeps your logs processing even if one or more of your Enterprise Connectors experiences downtime.

Closed-Loop Remediation with Palo Alto Panorama

                  Customers can use the API-based integration with Palo Alto’s Panorama Network Security Management for Closed-Loop Remediation (CLR). With this release, Enterprise Connector can communicate with Panorama and publish URLs of specified cloud services into Custom URL Category for desired action (e.g. block these cloud services). Effectively, this feature extends the cloud visibility and risk to your existing Palo Alto firewall for policy enforcement.

Export to Common Event Format (CEF) File Format

                  Skyhigh CASB-detected anomalies can now be exported in the popular CEF file format, for import into 3rd party systems such as SIEM. CEF file now joins Skyhigh CASB Key-Value Pair and LEEF as available formats for export.

Enhanced Security for LDAP Connections

                   Enterprise Connector can now communicate with LDAP over SSL to populate data from Active Directory. 

  • Was this article helpful?