We’re excited to give you a look at what we’re bringing to you in the Skyhigh Security 6.4.0 release! Please scroll down to read about each feature. Also, please review the release schedule at the end of this communication. If you’d like to browse our early Release Notes, please bookmark this page.

Skyhigh Cloud Platform

Skyhigh Data Loss Prevention (DLP)

Reduce False Positives in DLP Advanced Patterns with the Ignored Expressions

You can now ignore certain expressions to reduce false positives in the Advance Patterns (found under Policy > DLP Policies > Classifications > Actions > Create Classification > Conditions). The Add Ignored Expression option allows you to add exceptions as ignored expressions in regular expression-based classifications.

This empowers organizations to finely customize DLP configurations by specifying exceptions that won't trigger matches. With these exceptions, data classification workflows can be controlled more precisely, reducing false positives and handling specific cases more accurately. Data protection strategies are optimized by enhancing precision and reducing disruptions.

New Email Template Variables for Malware (Limited Availability)

The customizable email templates (under Policy > Policy Settings > Email Templates > Create Email Templates) now offer admins to take advantage of two new variables Malware Checksum and Malware Confidence. Custom Email Templates can be used with End User Remediation for Malware Verification.

Flexible Cloud-to-On-Premises Evidence Synchronization: Empowering Customer Choice (Limited Availability)

When creating a new rule in Skyhigh CASB DLP Policy (found under Policy > DLP Policies > DLP Policies > Actions > Sanctioned Policy > Create New Policy), you can now access a new response named "Save Evidence." With this response, you can choose the significant policies to which evidence files should be retained for synchronization to Trellix ePO and disregard other policies. This allows you to achieve greater control over data management and reduce synchronization time with ePO by removing large amounts of insignificant evidence files.

Skyhigh SSE Products

Skyhigh Private Access

Configure Device Profiles - CrowdStrike

Skyhigh SSE platform enables customers to create Zero Trust device policies using a combination of native Zero Trust Assessments capabilities such as OS version, presence of registry key, Antivirus (On/Off), and more to assess device posture. CrowdStrike performs zero trust assessment and provides various scores such as OS score, sensor score, and an overall score of the client. By using a combination of these scores, you can enforce a powerful Zero Trust Assessment of devices before allowing access to private applications via Skyhigh Private Access.

To use the CrowdStrike integration option, enable the CrowdStrike toggle button (found under Settings > Infrastructure > Web Gateway Setup > Configure SCP > Manage SCP > Global Configuration > Device Risk Assessment Settings page).

Access Private Applications through ePO with SCP 4.7.0

Now Skyhigh Client Proxy can be deployed along with a Skyhigh Private Access policy file (OPG) using Trellix ePO. Earlier this was done manually or via deployment tools.

To enable this, activate the Download Policy From Skyhigh SSE checkbox. This pushes the policy to all endpoints, and the endpoints will synchronize with the SSE SCP policy.

NOTE: Once SSE and ePO are synced, the endpoints are applied only for the SSE SCP policy. If you deactivate the checkbox, endpoints consider only the SSE SCP policy and not the ePO SCP policy.

Skyhigh Cloud Firewall

Support for Additional Protocols

The Cloud Firewall policy now supports these protocols: QUIC, NTP, TDS, RDP, Gnutella, and Ident.

Cloud Firewall Traffic and Users Reports Enhancements

The Cloud Firewall Traffic and Cloud Firewall Users reports are enhanced with the following fields:

Domain Name: Displays the domain names of the applications accessed by the user. Click the count link to view the list of domain names accessed.
Client Host Name: Displays the name of the client host. The count is displayed in the case of multiple host names.
Host OS Name: Displays the host OS details (OS name and OS version) of the client system. The count is displayed in the case of multiple operating systems running on a host.

In addition to the Domain Name, Client Host Name, and Host OS Name fields, the Events Data page is enhanced with the SCP Policy Name and Process Path for the Cloud Firewall Traffic and Cloud Firewall Users reports.

Skyhigh Client Proxy 4.7.0

This release focuses on the support tool integrations in the Client Proxy package to collect logs and increase the Group Header information size.

NOTE: Released Client Proxy 4.7.0 on-premises for both Windows and macOS on July 04, 2023, and Trellix ePO SaaS released on July 11, 2023.

Supports Skyhigh Private Access Enhancements

Supports accessing Private Applications through ePO
Enables CrowdStrike integration with Skyhigh Private Access

For details, see the Skyhigh Private Access section described above.

Support Tool Integrated in Client Proxy Package

The Client Proxy package installs the SCPSupportTool.exe to collect Client Proxy logs and Wireshark traces (collects Wireshark traces only if the Wireshark wpcap.dll is installed on the client).

NOTE: The Analysis mode is disabled in the support tool as this option is available only for internal use.

Group Header Information

The size of the Group header is increased to 8KB. So, the total header size is now increased to 11KB.

Skyhigh CASB

Filter for User Risk on Threats and Anomalies Page

You can now filter and categorize your search by User Risk score for High-risk activities on the Threats (found under Incidents > Threats) and Anomalies page (found under Incidents > Anomalies > Anomalies). If there are no high-risk users in your tenant, the User Risk filter can’t be seen on the Threats and Anomalies page.

User Risk is also supported in Saved View, Chart View, Dashboard Cards, and Generate Reports for Business Report (PDF), CSV, XLS, and Schedule Reports.

Support for Slack Non-Enterprise (Pro/Business⁺) Licenses (Limited Availability)

Skyhigh CASB now supports Slack’s granular bot permissions framework for API integration of Non-Enterprise (Pro/Business⁺) licenses. Slack Non-Enterprise API integration requires a client ID and a secret key to enable API access in Skyhigh CASB. You can use a manifest file to create a Custom OAuth application for Slack Non-Enterprise licenses.

Skyhigh CNAPP

New Azure CIS v2.0 Policy Templates

CIS Benchmarks are based on technical configuration settings used to maintain and increase enterprise security, especially when used in conjunction with other essential cyber hygiene tasks. In this release, 1 new Azure Policy template (TLS version should be set to default for MySQL flexible database Server) is added for the CIS v2.0.0 Level 1 benchmark. The new Policy Template can be found under Policy > Policy Templates.

Skyhigh Security 6.4.0 Release Schedule update:

EU Production:

Skyhigh SWG for Cloud – July 18th, 2023
Skyhigh Private Access – July 18th, 2023
Skyhigh Cloud Firewall – July 18th, 2023
Skyhigh CASB – July 11th, 2023
Skyhigh CNAPP – July 11th, 2023
Data Loss Prevention – July 11th, 2023

US GovCloud:

Skyhigh CASB – July 14th, 2023
Skyhigh CNAPP – July 14th, 2023
Data Loss Prevention – July 14th, 2023

US Production:

Skyhigh SWG for Cloud – July 18th, 2023
Skyhigh Private Access – July 18th, 2023
Skyhigh Cloud Firewall – July 18th, 2023
Skyhigh CASB – July 18th, 2023
Skyhigh CNAPP – July 18th, 2023
Data Loss Prevention – July 18th, 2023

Skyhigh CASB (Reverse Proxy):

Skyhigh Security 6.4.0 Reverse Proxy PoC Point of Presence Release - July 20th, 2023
Skyhigh Security 6.3.2 Reverse Proxy Production Point of Presence Release – July 27th, 2023