Skip to main content
Skyhigh Security

5.2.0 Release Notes (September 2020)

Configuration Audit Policy Builder

Use the Configuration Audit Policy Builder to create custom Security Configuration Audit policies to meet your organization's requirements. It supports policies for AWS, Azure, and GCP and provides compliance against industry standards such as CIS, PCI, HIPAA, and NIST 800-53. For details, see Create a Security Configuration Audit Policy

Continuous Evaluation for Configuration Audit

Skyhigh CASB provides Continuous Evaluation (CE) configuration audit based on activities for IaaS services including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). When CE is enabled, AWS accounts, Azure subscriptions, or GCP projects are constantly monitored and audited instead of running the default daily On-Demand Scan. For details see Continuous Evaluation for Configuration Audit

Policy Template Names Updated

Policy Template names for AWS, Azure, and Google Cloud Platform (GCP) have been updated for better readability. For details, see Policy Templates for AWS, Policy Templates for Azure, and Policy Templates for GCP

Deprecated Policy Templates for Azure and AWS

Some Policy Templates for Azure and AWS have been deprecated. Details are listed in the Policy Template pages. See Policy Templates for Azure and Policy Templates for AWS.

CloudFormation Templates for AWS

Skyhigh CASB uses AWS CloudFormation Templates to create the IAM roles required to configure AWS accounts. Permissions for all Skyhigh CASB features are consolidated in Cloud Formation Templates. You do not have to track and provide permissions separately for each feature. For details, see Configure MVISION Cloud IAM Roles for AWS.

Container Security Resources

On the Resources page, you can now discover and search Container Security resources for Amazon Elastic Container Registry (ECR), including Resource Types for Operating Systems, images, and more. For details, see About Resources

Cloud Security Advisor Checklist Product Groups

In the Cloud Security Advisor Checklist, recommendations are now grouped by product in the user interface: IaaS, SaaS, and Shadow IT. For details, see Cloud Security Advisor Checklist

Connected Apps Scopes Accessed History

On the Connected Apps page in the Details pane, Scopes Accessed lists the OAuth Scopes accessed by this Connected App with a timestamp. This allows you to troubleshoot when an app is blocked due to scope increase. For details, see Connected Apps Page.

Hosted on Third-Party Services Filter

On the Services page, the  Hosted on Third-Party Services filter allows you to filter for services that use third-party IaaS or PaaS, such as AWS or Azure. Filter options are Unknown, Yes, or No. For details, see Services Overview

Cyber Risk - Vulnerable to Drown

The Cyber Risk attributes now include the internet vulnerability Drown. For details, see Cyber Risk Management

Download IaaS Errors in CSV File

Skyhigh CASB consolidates errors for the IaaS feature on the Service Management page. You can download the consolidated IaaS errors in the CSV file. For details, see View IaaS Security Audit Errors in Service Management.

Azure AD SSO with ServiceNow

Skyhigh CASB for ServiceNow supports Azure AD SSO. For details, see Configure Azure AD SSO with ServiceNow.

Create Encryption Keys in Vormetric Key Server

You can create encryption keys with attributes in the Vormetric key server. For details, see About the MVISION Cloud Key Agent.

Slack Enterprise Secure Collaboration Use Cases

Using DLP Policies, Skyhigh CASB extends support for secure collaboration with the use cases in Slack Enterprise. For details, see Slack Enterprise Secure Collaboration Use Cases.

User Agent Anomalous Access

Anomalous Access Location filters support the user agent whitelisting and blacklisting functions to identify the threat and eliminate the false anomalous events. For details, Configure Anomalous Access Location Filters.

Reverse Proxy for Multi-Geo Model

Skyhigh CASB supports reverse proxy for Multi-Geo Model and provides the different ways to access Microsoft 365 application with the Multi-Geo feature.  For details, see Reverse Proxy for Microsoft Multi-Geo Model.

Additional Permissions Required to Fetch GCP Activities

To avoid hitting API rate limits for Google Cloud Platform (GCP) while fetching activities using Skyhigh Security's project, Skyhigh CASB now leverages your organization's API quota. To switch the API quota from Skyhigh Security's project to your project, Skyhigh CASB requires additional permissions. For details, see Integrate GCP with MVISION Cloud.

Skyhigh CASB Recommended Saved View

A new Recommended Saved View, Licensable Resources has been added to the list of Skyhigh CASB Recommended Saved View. For details, see MVISION Recommended Saved Views.

CVE Details in the Registry API

Skyhigh CASB allows you to search by Common Vulnerabilities and Exposures (CVE) numbers of publicly known cybersecurity vulnerabilities. The Registry API provides information about Responses with CVE Details and Responses without CVE Details. For details, see CVE Details

New Response Fields in the Data Retrieval API

The Data Retrieval API has added the response fields servicePerServiceCounts and Unique Users. For details, see Per Service Counts and Unique Users for a Service

  • Was this article helpful?