Coming Soon in our Next Release

Enhanced Data Protection with DLP Integrator 6.9.2 

Skyhigh has implemented some updates to the internal cloud scanning, and the IDM training needs to be done using the latest 6.9.2 DLP Integrator to ensure accurate detections. You must download the latest DLP integrator to access this capability.

View Expected Response Action for Shadow/Web DLP Incidents 

The Policy Incidents page now displays the Expected Response for Shadow/Web DLP Incidents. This Expected Response action is configured during DLP policy creation and defines the intended action when a policy violation occurs. This helps SOC administrators identify potential discrepancies between the Expected Response and the actual Incident Response taken during policy evaluation, which is vital for troubleshooting and refining security policies for robust data protection and operational efficiency.

Enhance Data Security with Webpage Watermark 

Skyhigh now adds a watermark to the background of every webpage you browse. To enable this feature, select the Enable webpage watermarking checkbox, located under the Full Isolation / Risky Isolation pages >  Browser Settings section. The watermarks display your Username or Email ID diagonally across the background, depending on your authentication method and the client used. This feature promotes accountability, enables tracking in case of data leaks, and prevents unauthorized sharing of sensitive information.

A sample screenshot with the applied watermark on the background of the webpage is available below for reference:

Deploy Secure App Connector V3   

A Secure App Connector is a component of Private Access (ZTNA) that acts as an interface between private applications and the Skyhigh Security Service Edge (SSE), enabling users to securely access private applications hosted within the organization’s network. Starting with Secure App Connector V3 for VMware OVA (vCenter and vSphere), Skyhigh is migrating the base operating system to the Skyhigh Linux Operating System (SLOS) to enhance stability and security.

Support Secure Connectivity for Domain Services

Skyhigh Private Access now supports defining UDP/DNS traffic as a Private Application. This enhancement allows administrators to securely route all DNS queries (port 53) from remote clients to internal Domain Controllers, enabling seamless remote access to critical Active Directory Domain Services such as Kerberos, LDAP, and SMB/CIFS.

This capability uses granular, identity-based Zero Trust policies to secure connectivity of core domain functions, thereby minimizing broad network exposure risks.

Users and Devices can securely connect to specific domain services for performing the essential operations, such as file sharing, password resets, and policy updates, without requiring full network access.

Consolidate User Identities 

The User Unification capability consolidates user identities across the SSE platform, allowing administrators to correlate the activities of users who access both Sanctioned and Shadow services. This helps Security Operations Center (SOC) administrators perform comprehensive threat investigations for individual users.

Each user within the SSE platform can have a unique identity for each Skyhigh product to maintain security, proper access control, and accountability. For example, a CASB user may be identified by their email address, and a SWG user by their SAM account name. As a result, the system treats these identifiers as separate users.

The User Unification capability creates a single User UID for each user across all Skyhigh products, consolidating multiple identities. This allows SOCs to monitor all user activities through one unified identity.
For instance, if a user downloads a file from a Sanctioned SaaS app like Box and uploads it to a Shadow app like Sendspace, their activities are tracked separately, by email in Box and by SAM account name in Sendspace. Without unification, the SOC administrator runs two separate searches. With User Unification, Skyhigh assigns a unique User UID to each user, enabling all activities to be accessed through the single identifier.

Integrate Skyhigh Cloud Connector with your organization's Active Directory, LDAP, or CSV file to identify unique users with multiple identities. These unique users are then displayed on the Users page.

Benefits

• Unified Activity Monitoring. Gain a comprehensive view of all activities for a single user by using their unique User UID to track both Sanctioned and Shadow service usage.
• Unified Threat Protection. Detect user-related anomalies and threats by monitoring activities across both Sanctioned and Shadow services.
• Unified User Risk Score. Calculate user risk scores using combined data from Sanctioned, Shadow, and Web services.

Monitor and Evaluate Unified User Risks 

The Users page (Analytics > Users) displays all users in the Skyhigh system, based on your directory integration. It provides visibility into users who access Sanctioned and Shadow services and highlights their associated risks, including User Risk, Data Risk, Sanctioned Risk, and Shadow Risk.

The User Risk represents a unified score that combines Data, Sanctioned, and Shadow risks. The page provides comprehensive insights into each user’s risk posture, activities, and potential threats, serving as a starting point for user-level threat evaluations.

The comprehensive view of unique users is retrieved from your organization’s Active Directory (AD), LDAP, or CSV files integration via the Skyhigh Cloud Connector.

The new Unified Risk Score uses data from Sanctioned and Shadow services, along with Web DLP incidents, to provide a unified view of user risk. The Unified Risk Score is calculated using multiple data sources and includes:

• Shadow user risk, in addition to existing Sanctioned risk parameters.
• Shadow metrics in the Usage details view, alongside Sanctioned metrics.
• Web DLP incidents are now factored into the overall user risk score.

These enhancements give administrators a complete view of user behavior and exposure by correlating risk data across Sanctioned SaaS, Shadow SaaS, and Web activities.

Additional UI Enhancements on the Shadow Users page 

The following updates to the Shadow Users page and Shadow User Cloud Card improve visibility into user activity and risk analysis:

• To better reflect focus on Shadow service activities, the Users page is renamed to the Shadow Users page.
• The Risk column displays the Unified Risk Score for each user, calculated using data from Sanctioned SaaS, Shadow SaaS, and Web DLP incidents.
  
  

• The Shadow User Cloud Card is enhanced to provide deeper visibility into user activity and risk posture across Sanctioned and Shadow services. The updated card now includes:

1. Mini cards for quick insights into key metrics, such as Services, Total Upload Data, High-Risk Services, Unique Devices, Unmatched Uploads, and Activities.
2. User UID to filter unique users.
3. Hyperlinks to related pages, including the Users page, User Details page (for sanctioned risk score), and Web Users page, to view detailed risk and activity information for a specific user.

These enhancements enable administrators to quickly assess user risk, investigate anomalies, and correlate activities across cloud applications and web traffic.