Skyhigh Security Cloud Release Notes 6.2.2 (February 2023)
Skyhigh Security Service Edge 6.2.2 will be released to the EU Production environment on February 14, 2023, and to the US Production environment on February 21, 2023.
Skyhigh Secure Web Gateway (Cloud)
New Location for Storing Log Data
Log data collected when users access Secure Web Gateway can now be stored by the admin with Australia selected as the data residency option, which allows you to comply with your organization's or region's data residency requirements. For more information, see Configure Where to Store Log Data.
Skyhigh Private Access
Device Posture Enhancements
- File Path - Configure the file path as a criteria to evaluate the compliance of a device (both Windows and macOS). Checks for the presence of a specific file in the specified path. The device must have a file in the specified path to pass the validation.
For example, you can specify
C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
- Registry Key - Applies only to Windows devices. You can specify the presence of the registry key, registry value name, and registry value data.
For example, you can specify
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defenderfor registry key,
RemediationExefor value name, and
windowsdefender://for registry value data.
For more information about how to configure device profiles, see configuring Configure Device Profiles.
Salesforce Spring 2023 Support
Skyhigh CASB now has support for the latest Salesforce Spring 2023 version. For details, see Supported Versions of Structured Apps.
Cloud Access Control with RBI (Limited Availability)
Cloud Access Control with RBI allows frictionless onboarding of longtail SaaS applications and prevents data exfiltration by implementing CAP policies on an unmanaged device. Subsequently, CAP policies block activities on an unmanaged device, such as uploads, downloads, clipboard copy, clipboard paste, and printing. Cloud applications can be accessed directly from managed devices without any restrictions. For details, see Cloud Access Controls with RBI.
SharePoint Controls based on Privacy Settings (Limited Availability)
Skyhigh CASB provides control over sensitive content posted by users in SharePoint sites. Skyhigh CASB for SharePoint now allows security admins to define the DLP policy rule based on SharePoint site privacy settings (public or private). This feature allows admins to restrict sensitive data from being uploaded to SharePoint sites based on their privacy settings. For details, see SharePoint Controls based on Privacy Settings.
Filter for User Risk (Limited Availability)
You can now filter your search by User Risk score for Low, Medium, and High-risk activities on the Activities page (found under Incidents > User Activity > Activities). For details, see About Activities.
Improved Azure AD Group Sync (Limited Availability)
Skyhigh CASB now extends the capability to execute the sync job successfully with Azure AD Group names containing commas. The elastic search has been improved to support commas in the Azure AD Groups name and the group name can be viewed on the User Groups page (found under Policy > User Lists > User Groups). For details, see User Groups for Azure AD Security and Office 365 Groups.
Unmatched Upload Page Redesign (Limited Availability)
The redesigned Unmatched Upload page (found under Analytics > Unmatched Uploads) provides powerful search and filtering capabilities, along with detailed information on users responsible for unmatched uploads that can be exported to a CSV file. The Saved View can be created for your search query and dashboard cards can be added. In addition, the status of multiple unmatched uploads can be modified simultaneously, and the requested service URLs or IP addresses can be added to the Skyhigh Security Cloud Registry. Unmatched Uploads data is set at 100 days unless the Skyhigh SSE Data Retention option is purchased which extends the data retention for a full year. For details, see About Unmatched Uploads New.
Azure Policy Template Update
The Azure Policy Template "Auditing on SQL server should be enabled" has been updated with new remediation steps. For details, see Policy Templates for Azure.
Auto Discover AWS Organization Info (Limited Availability)
This new method provides AWS organization information to Skyhigh CASB (found under Settings > Service Management > Enable API for AWS > Accounts). On providing AWS Organization info, Skyhigh CASB auto-discovers all accounts associated with the organization, and allows to select all or required accounts to add to the organization. This method helps to scan multiple accounts in an organization rather than individual accounts. For details, see Configure AWS in Skyhigh CASB.
Skyhigh Data Protection
OCR and EDM (Enhanced) for Skyhigh CASB
The new Classifications features including EDM (Enhanced) Fingerprints and Regular Expression-based Dictionaries are now available to all Skyhigh CASB customers. This allows you to categorize your structured data and use the EDM fingerprint in a DLP policy to run scans to secure your company's sensitive data. In addition, the Skyhigh Security DLP engine extracts text from supported image files using best-in-class Optical Character Recognition (OCR), now supported for Skyhigh CASB as well as SSE. For details see About OCR and About Exact Data Match (EDM) Fingerprints.
Validation for Regular Expression Definitions
Now when you create Classifications that use Regular Expressions that are validated to prevent incorrect entries from being saved. For details, see Create Custom Advanced Patterns.
Classification Names Included in Incident API
Classification names are now included as part of the information field in the external query Incident API. For details, see Incidents API Definitions.
Update Skyhigh Credentials for the DLP Integrator On-Prem
In this release, the DLP Integrator now includes a command-line option that allows you to execute it on-prem to update and overwrite your Skyhigh credentials when they have changed. For details, see Update Skyhigh Credentials with DLP Integrator On-Prem.
DLP Support for Airtable Files/Attachments (Limited Availability)
Skyhigh CASB for Airtable allows organizations to extend their existing data loss prevention (DLP) policies to sensitive files or attachments posted in Airtable cells. For details, see About Skyhigh CASB for Airtable.
Efficient loading of Salesforce objects for ODS (Limited Availability)
Skyhigh CASB for Salesforce improved the caching mechanism for a large number of Salesforce objects, reducing the page load time required to display SFDC objects and select them as part of an On-Demand Scan (ODS). Skyhigh CASB for Salesforce caches Salesforce objects to improve search performance and retrieves indexed objects to display in the ODS configuration page. This indexer task runs on a regular basis and imports Salesforce objects into the cache.
Upcoming Reverse Proxy Releases
- Skyhigh Security v6.2.2 Reverse Proxy PoC POP Release on US Prod: February 28, 2023 (04:30 am UTC to 12:30 pm UTC)
- Skyhigh Security v6.2.1 Reverse Proxy Prod PoP Release on US Prod: March 7, 2023 (04:30 am UTC to 12:30 pm UTC)