What’s New in Skyhigh for Shadow IT
User Creation API
MVISION Cloud Cloud Access Security Broker (CASB) administrators can now bulk create CASB users through an API. Administrators can send requests containing user information (such as user email address or temporary password) and administrative flags (such as User is allowed to deobfuscate or User is Security Admin) to create users.
Reports – CSV Format Support
Users can now export reports created by Report Manager in CSV format along with the existing PDF, HTML, and Excel format options.
Date Picker Enhancement
The date picker calendar on the dashboard has been enhanced so that your selection options reflect the current data resolution (Day, Week, or Month). When you are in the Day view, individual days are selectable. When you are in the Week view, weeks are selectable (Sunday - Saturday). When you are in the Month view, months are selectable (1st - End of Month). Date ranges that are available for selection are highlighted in blue.
Threshold Tuning for Anomalies
Anomalies involving MIME Type and Service Category Based Data Transfer now offer Threshold Tuning. This will allow users to adjust the anomaly sensitivity for these anomaly types to control the number of anomalies generated.
New User Roles
Administrators can assign a role to a user to restrict access to certain parts of the MVISION Cloud Cloud Security Access Broker (CASB). These roles have been updated to allow for more granular access control:
- Customer Administrator (formerly the Tenant role): This role has access to both the MVISION Cloud CASB Dashboard and the Enterprise Connector Console
- Dashboard User: This role has access to the MVISION Cloud CASB Console and only and cannot login into the Enterprise Connector Console
- Enterprise Connector User (formerly the Log Processor role): This role has access to the Enterprise Connector Console only and cannot login into the MVISION Cloud CASB Dashboard
Improved Service Group Assignment
In 2.9, services are restricted to a single service group only and conflicts are resolved through a workflow so that users can manage the process of deciding what group a service belongs to. For service groups that are generated automatically using inclusion criteria, an “exceptions” field is available to prevent unwanted services from being assigned to that group automatically.
Skyhigh Forward Proxy (Beta)
The MVISION Cloud Forward Proxy allows users to apply Data Loss Prevention policies against Shadow cloud services. MVISION Cloud supports multiple options to forward traffic to MVISION Cloud’s Forward Proxy and offers the ability to monitor or block data uploads that are in violation of defined DLP policies.
Cloud Registry Enhancements
The “Service Location” registry attribute now displays the specific geographic location for the headquarters of selected cloud service. This registry attribute is distinct from the Provider Location registry attribute which lists the location of the cloud service’s servers.
What’s New in Skyhigh for Sanctioned IT
MVISION Cloud now provides an option to enable Match Highlighting for policy violations. When a file includes content that violates a data loss prevention policy, incident response teams are able to view an excerpt of the document that contains the text matching the DLP rule. Some surrounding text is included with the highlighted matches to help identify false positives. This is an optional feature that requires customers to provision their own instance of an Amazon AWS S3 bucket to store matches. Please contact firstname.lastname@example.org for more information about enabling this feature.
Policy Violation - Collaboration Improvements
The Policy Violation platform now displays enhanced information about external collaborations and shared links. The Details panel on the policy violation lists all external collaborators for files associated with the policy violation. Additionally, users can now manually modify collaborations or delete shared links for as remediation action.
API Access Page Enhancements
The API Access page now contains additional status information for your API-enabled Sanctioned services. This page provides statistics on the number of events received in the last hour, day, and week from the cloud service.
Custom Email Templates
The email notifications that are sent as part of Data Loss Prevention and Secure Collaboration policies can now be customized by customers. Customization options include the ability to insert variables that include key forms of metadata from a policy violation.
New Data Identifiers
Data Identifiers have been added for Ohio Driver’s License Numbers, Turkish Kimlik, Bitcoin Addresses, ICD-10 codes and International Securities Identification Numbers (ISIN).
Threshold Tuning Improvements
When updating anomaly thresholds, users now have precise information on how many anomalies will be generated based on the new threshold. Users will see a count of how many new anomalies will be displayed, which types of anomalies will not be detected and which ones will. This information is displayed during the preview stage of threshold tuning.
Easier Investigative Drilldowns
Users can drilldown into the activities and data impacted by threats and anomalies with one click. With 2.9, incident responders can download CSVs illustrating the impact of the threat/anomaly. These CSVs list all the activities and data corresponding to the threat/anomaly.
Skyhigh for Slack
API-Based DLP Support
With v2.9, MVISION Cloud has expanded CSP coverage to Slack. With API-based deployment of MVISION Cloud for Slack, users can extend DLP policies to content in Slack. MVISION Cloud’s DLP rules can detect sensitive content uploaded to Slack and enforce remediation actions such as removal of public links or quarantine or delete documents and messages that match a DLP policy.
Proxy-Based DLP Support
With proxy-based deployment of MVISION Cloud for Slack, users can enforce DLP policies in real-time for browser-based access to Slack. MVISION Cloud’s DLP rules can detect sensitive content uploaded to Slack and enforce remediation actions such as blocking or encrypting documents and messages that match a DLP policy.
Proxy-Based Cloud Access Policy Support
With proxy-based deployment of MVISION Cloud for Slack, users can enforce access control policies for browser-based access to Slack. MVISION Cloud’s access control policies can allow or deny access to Slack based on device type (managed vs. unmanaged) and users (groups).
Skyhigh for O365
Searchable Symmetric Encryption Support (Beta)
With proxy-based deployment of MVISION Cloud for OneDrive, users can now encrypt sensitive content while maintaining search functionality using the Searchable Symmetric Encryption (SSE) cipher. Search terms entered while connected to the proxy are automatically encrypted to match the encrypted content in your O365 deployment. Users connected to the MVISION Cloud Secure Proxy will view search results in plaintext. This is a beta feature and may not be available to all users. To learn more about this feature, please contact Support@skyhighnetworks.com.
What’s New in Skyhigh Enterprise Connector
MVISION Cloud Enterprise Connector provides integration with on-premises infrastructure and applications such as firewall/proxy logs, SIEM, Active Directory, and key management systems.
Active-Active Deployment Mode
The new Active-Active Deployment option delivers horizontal scaling and high availability. With this feature, all ECs configured in Active-Active mode process logs in parallel, thereby providing the ability to increase overall performance by adding more ECs. This deployment mode also delivers high availability and keeps your logs processing even if one or more of your Enterprise Connectors experiences downtime.
Closed-Loop Remediation with Palo Alto Panorama
Customers can use the API-based integration with Palo Alto’s Panorama Network Security Management for Closed-Loop Remediation (CLR). With this release, Enterprise Connector can communicate with Panorama and publish URLs of specified cloud services into Custom URL Category for desired action (e.g. block these cloud services). Effectively, this feature extends the cloud visibility and risk to your existing Palo Alto firewall for policy enforcement.
Export to Common Event Format (CEF) File Format
MVISION Cloud-detected anomalies can now be exported in the popular CEF file format, for import into 3rd party systems such as SIEM. CEF file now joins MVISION Cloud Key-Value Pair and LEEF as available formats for export.
Enhanced Security for LDAP Connections
Enterprise Connector can now communicate with LDAP over SSL to populate data from Active Directory.