Configuration Audit Policy Builder
Use the Configuration Audit Policy Builder to create custom Security Configuration Audit policies to meet your organization's requirements. It supports policies for AWS, Azure, and GCP and provides compliance against industry standards such as CIS, PCI, HIPAA, and NIST 800-53. For details, see Create a Security Configuration Audit Policy.
Continuous Evaluation for Configuration Audit
Skyhigh CASB provides Continuous Evaluation (CE) configuration audit based on activities for IaaS services including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). When CE is enabled, AWS accounts, Azure subscriptions, or GCP projects are constantly monitored and audited instead of running the default daily On-Demand Scan. For details see Continuous Evaluation for Configuration Audit.
Policy Template Names Updated
Policy Template names for AWS, Azure, and Google Cloud Platform (GCP) have been updated for better readability. For details, see Policy Templates for AWS, Policy Templates for Azure, and Policy Templates for GCP.
Deprecated Policy Templates for Azure and AWS
CloudFormation Templates for AWS
Skyhigh CASB uses AWS CloudFormation Templates to create the IAM roles required to configure AWS accounts. Permissions for all Skyhigh CASB features are consolidated in Cloud Formation Templates. You do not have to track and provide permissions separately for each feature. For details, see Configure MVISION Cloud IAM Roles for AWS.
Container Security Resources
On the Resources page, you can now discover and search Container Security resources for Amazon Elastic Container Registry (ECR), including Resource Types for Operating Systems, images, and more. For details, see About Resources.
Cloud Security Advisor Checklist Product Groups
In the Cloud Security Advisor Checklist, recommendations are now grouped by product in the user interface: IaaS, SaaS, and Shadow IT. For details, see Cloud Security Advisor Checklist.
Connected Apps Scopes Accessed History
On the Connected Apps page in the Details pane, Scopes Accessed lists the OAuth Scopes accessed by this Connected App with a timestamp. This allows you to troubleshoot when an app is blocked due to scope increase. For details, see Connected Apps Page.
Hosted on Third-Party Services Filter
On the Services page, the Hosted on Third-Party Services filter allows you to filter for services that use third-party IaaS or PaaS, such as AWS or Azure. Filter options are Unknown, Yes, or No. For details, see Services Overview.
Cyber Risk - Vulnerable to Drown
The Cyber Risk attributes now include the internet vulnerability Drown. For details, see Cyber Risk Management.
Download IaaS Errors in CSV File
Skyhigh CASB consolidates errors for the IaaS feature on the Service Management page. You can download the consolidated IaaS errors in the CSV file. For details, see View IaaS Security Audit Errors in Service Management.
Azure AD SSO with ServiceNow
Skyhigh CASB for ServiceNow supports Azure AD SSO. For details, see Configure Azure AD SSO with ServiceNow.
Create Encryption Keys in Vormetric Key Server
You can create encryption keys with attributes in the Vormetric key server. For details, see About the MVISION Cloud Key Agent.
Slack Enterprise Secure Collaboration Use Cases
Using DLP Policies, Skyhigh CASB extends support for secure collaboration with the use cases in Slack Enterprise. For details, see Slack Enterprise Secure Collaboration Use Cases.
User Agent Anomalous Access
Anomalous Access Location filters support the user agent whitelisting and blacklisting functions to identify the threat and eliminate the false anomalous events. For details, Configure Anomalous Access Location Filters.
Reverse Proxy for Multi-Geo Model
Skyhigh CASB supports reverse proxy for Multi-Geo Model and provides the different ways to access Microsoft 365 application with the Multi-Geo feature. For details, see Reverse Proxy for Microsoft Multi-Geo Model.
Additional Permissions Required to Fetch GCP Activities
To avoid hitting API rate limits for Google Cloud Platform (GCP) while fetching activities using Skyhigh Security's project, Skyhigh CASB now leverages your organization's API quota. To switch the API quota from Skyhigh Security's project to your project, Skyhigh CASB requires additional permissions. For details, see Integrate GCP with MVISION Cloud.
Skyhigh CASB Recommended Saved View
A new Recommended Saved View, Licensable Resources has been added to the list of Skyhigh CASB Recommended Saved View. For details, see MVISION Recommended Saved Views.
CVE Details in the Registry API
Skyhigh CASB allows you to search by Common Vulnerabilities and Exposures (CVE) numbers of publicly known cybersecurity vulnerabilities. The Registry API provides information about Responses with CVE Details and Responses without CVE Details. For details, see CVE Details.