Here’s a round-up of the new features and enhancements for MVISION Cloud Cloud Access Security Broker v3.0.
Note for MVISION Cloud Proxy: At the time of release, SHN-POC proxies are upgraded to the latest release, while production proxies are left on the previous version to allow time for customer testing. Four weeks after release (minimum), production proxies are upgraded. The production proxy upgrade process and timeline is designed to avoid any disruption of service.
What’s New in Skyhigh for Shadow IT
Anomalies Overview Enhancements
The Anomalies Overview page can now be searched and filtered using user-defined custom attributes through the Omnibar. Please see the article on Custom Attributes for more information on how to define Custom Attributes and how to use them in your MVISION Cloud Cloud Access Security Broker.
Our Service Groups feature is now available to all customers. Service Groups allow you to filter the services in use by your organization with groups created manually or built automatically using rule-based group management. For Service Group beta users, the Service Groups page now contains columns for the number of active services and pending services to quickly manage the Service Groups that require approvals.
Blocking Configuration Enhancements
The MVISION Cloud Cloud Access Security Broker now sends a daily update to existing blocking configuration files pushed to BlueCoat or McAfee appliances. Users with other appliances will need to push the blocking config file to their firewall in order to update the config file.
Other Resolved Issues
- Improved the behavior of column width for numbers in Excel exports.
- Within the Create (or Edit) Service Group page, users can now use the backspace key to delete pills from automatic assignment rules
What’s New in Skyhigh for Sanctioned IT
Skyhigh for Slack - Forward Proxy Support
MVISION Cloud for Slack is now supporting using the MVISION Cloud forward proxy or API integration. Both web socket support and forward proxy support means greater coverage of DLP policies for data exchanged via Slack.
Skyhigh for Slack - Threat Protection Support
Anomalies, threats and activities found in the Threat Protection Dashboard are supported for Slack. This is supported for customers using API-based integration for Slack and does not include geo-location anomalies and threats.
Skyhigh for Sharepoint – Searchable Symmetric Encryption Support (Beta)
With proxy-based deployment of MVISION Cloud for SharePoint, users can now encrypt sensitive content while maintaining search functionality using the Searchable Symmetric Encryption (SSE) cipher. This is a beta feature and may not be available to all users. Pease contact Support@skyhighnetworks.com to request it.
Skyhigh for ServiceNow - Support for Importing and Exporting Data
Encryption for data imported to ServiceNow is now supported via the MVISION Cloud reverse proxy. Sets of existing data records in either XML or XLS formats are supported for encryption.
What’s New in Compliance
Contextual Intelligence of Policy Authoring
Detection and response rules are validated during policy creation (per-CSP) to report invalid configurations. For instance, certain rules and response actions are only valid for a defined set of CSPs.
Updates to User Groups UI
At the top of the User Groups page, you’ll now see the number of users last synced, the number of attributes defined, and the last date the directory was synced. You can also view an anonymous sample from each attribute defined for a tenant.
What’s New in Data Protection
Ionic DRM Support
Customers use Ionic DRM to encrypt and protect files within their Sanctioned IT services (such as reports exported from Salesforce). Additionally, files uploaded to sanctioned cloud services can be automatically encrypted using Ionic DRM as part of a DLP action. Lastly, our integration with Ionic DRM allows our DRM engine to scan and report on files that have been protected by Ionic DRM.
What’s New in Threat Protection
Resolve Anomalies Across Multiple Cloud Services
When a single anomaly occurs across multiple cloud services, you can resolve the anomaly once and remove the anomaly from your Threat Protection dashboard for all impacted cloud services.
Large Report Download Anomaly
The new Large Report Download anomaly alerts Threat Protection administrators when users download reports with an unusual number of records in Salesforce. This anomaly is distinct from the existing “Report Download” anomaly which triggers based on an unusual number of report downloads; this anomaly can trigger off of a single report download if the size of the report exceeds expected behavior. This anomaly is only available for cloud services that can generate reports.
Enhanced Anomaly Threshold Adjustment UI
When adjusting your anomaly thresholds, the anomalies that will be added, removed and expanded are displayed in separate tabs. Additionally, when adjusting thresholds for specific activities, the adjusted count for anomalies on a daily, weekly, monthly, and yearly level.
Category Suggestions for Threats Page Filtration
The Omnibar on the Threats page now suggests all possible categories. Having all categories makes it easier to filter results based on specific categories. The Omnibar on the Threats page now behaves just like the Omnibar on the Activity page.
Enhanced CSV Export
Exports of Threat Protection data in CSV format now includes user-readable column headings to assist in interpreting the data before importing to a 3rd party system. The columns of the export are rearranged in order to group similar data together.
Improved Exception Rule Behavior
When deleting exception rules for anomalies, generation resumes from the moment that the exception was deleted and does not retroactively generate suppressed anomalies. This allows you to withhold anomalies for a limited period without having them return automatically.
Syslog Export to 3rd Party SIEM
The MVISION Cloud Enterprise Connector Syslog export now includes Threats and Anomalies, allowing you to send Threat Protection information to your 3rd party SIEM for additional analysis and response.
Other Resolved Issues
- When removing all pills from the Omnibar while in the Anomalies tab, the view no longer automatically shifts to the Threats tab
- Threshold tuning can now be used to adjust anomaly thresholds for report-based anomalies in MVISION Cloud for Salesforce
- Adjustments to the threshold tuning slider to create consistent behavior when returning the slider to the center of the bar