Coming Soon in Our Next Release

ML-driven Automatic Data Classification 

ML Auto Classifiers automatically detect and classify text and image-based files across sanctioned and shadow/web services, and identify sensitive documents like financial reports, patient records, patents, source code, and ID files across different formats. Security Operations Center (SOC) analysts can use these classifiers to discover real-time sensitive data and apply granular DLP policy controls, enhancing the organization’s data protection strategy and enabling quick and effective responses to data loss incidents. By leveraging AI and machine learning, ML Auto Classifiers improve data governance, support robust DLP policies, streamline management by eliminating manual classification, and enhance operational efficiency. They also offer scalable solutions for large data volumes, provide insights into classification confidence, and minimize false positives and negatives.

Utilize ML Auto Classifiers to categorize sensitive files (Classification page) and review triggered matches along with their confidence levels (Policy Incidents page):

1. ML Auto Classifier Condition. Use the ML Auto Classifier rule on the Classifications page to automatically classify sensitive files.
   
   
    
2. ML Auto Classifiers Component. Access the ML Auto Classifiers component on the Sanctioned DLP or Shadow /Web DLP Policy Incident Cloud Card to view the triggered matches for file categories along with their confidence percentages.
   
      

User Unique Identification Number (UID) for DLP Incidents 

The User Unique Identification Number (UID) filter has been introduced for Data Loss Prevention (DLP) incidents to enhance the ability to manage and analyze security incidents within your organization. The User UID is a unique identification number assigned to each user, allowing Security Operations Center (SOC) analysts to obtain a comprehensive view of all DLP incidents linked to a specific user across Sanctioned, Shadow/Web, and Private applications. It enables SOC analysts to take quick and effective remediation action. Additionally, It enhances the organization's data protection strategy and increases operational efficiency in incident management. 

You can access and review specific information related to User UID on the Policy Incidents page.

Capability of User UID on Policy Incidents:

1. Filter DLP Incidents. Apply the User UID filter on the Policy Incident cloud card to view all DLP incidents associated with a specific User UID directly on the Policy Incidents table.
   
   
    
2. Search for User UIDs. Use the omnibar to search for specific User UIDs. This capability allows for quick access to DLP incidents linked to particular users.
3. View User UID Column. Include a User UID column in the incident table to generate reports.
   
   

ML-Driven Potential False Positive Detection 

ML-based Potential False Positives automatically identify and classify likely false positive DLP incidents, enabling Security Operations Center (SOC) analysts to access detailed statistics and a comprehensive list of these incidents. This capability helps minimize false positives and refine DLP policies, enhancing operational efficiency in incident management. AI-ML Powered Automatic Incident Categorization further streamlines DLP management by using machine learning to identify recurring patterns, reducing investigation time and costs while supporting large incident volumes. It boosts confidence in false positive identification, accelerates response times, and provides insights into trends over the past 30 days, ensuring compliance with data privacy regulations.

You can access and review specific information related to ML-driven potential False Positives on the Policy Incidents page.

Capability of ML-driven Potential False Positives on Policy Incidents:

1. Potential False Positives Summary. You can view the total count of potential false positive incidents, along with recent trends and changes in their volume. 
2. Filter for Potential False Positives. Apply the Machine Learning Status filter as Potential False Positive to display all potential false positive incidents within your organization.
   
   

3. Review and Validate Potential False Positives. The Sanctioned DLP Incident Cloud Card now features a Potential False Positive section within the Machine Learning Status component. This addition allows for efficient validation of incidents classified as potential false positives. 
   
   

Additional DLP Enhancements 

Data Classification Enhancements 

Configure System Error Notifications Using Custom Templates 

You can now customize the End User Notification settings for system errors using a custom template. You can view the list of system errors under the System Error Mapping section. You can select the required system error to configure the corresponding end-user notification.

Additional Skyhigh Secure Web Gateway Enhancements

RBI Enhancement: Disable Skyhigh Logo 

You can now hide the Skyhigh logo while using Full and Risky Isolated browsers. By default, the Skyhigh logo is displayed. Select the Disable Skyhigh logo near browser address bar checkbox to hide the logo.

OCR Support in Microsoft Teams Chats/Channels 

Skyhigh CASB for Microsoft Teams allows security admins to define DLP policies to monitor and remove the sensitive content in images shared in chats/channels by copying and pasting them.

Microsoft Intune Company Portal App Support via Reverse Proxy 

Integrate the Intune Company Portal app with Skyhigh CASB to securely access the organization's resources on personal or company-owned devices like smartphones, tablets, and laptops. By enforcing policies that control how data is accessed, shared, and protected across devices and applications, you can prevent sensitive or confidential data exfiltration, ensuring secure and compliant usage of organizational resources.

Salesforce Winter 2025 Support 

Skyhigh CASB now supports the latest Salesforce Winter 2025 version.

ServiceNow Xanadu Q4 2024 Support 

Skyhigh CASB now supports ServiceNow Xanadu Q4 2024.

Filter AI Services by Risk Type 

Use the Artificial Intelligence (AI) Risk Type filter to sort AI services by High, Medium, and Low risk in the Skyhigh Cloud Registry. Sorting AI services by risk type allows you to take necessary actions to strengthen the defense against associated potential risks. SOCs can review and prioritize the AI services and outline remediations quickly, thereby enhancing the ability to secure their most sensitive data from high-risk AI services.

Skyhigh CASB for SAP S/4HANA 

Skyhigh CASB for SAP S/4HANA allows Security Operations Center (SOC) admins to secure and monitor user activities in cloud data and User Authorization Management. Skyhigh aims to secure the registration of SAP S/4HANA business users through certificate-based identifiers for activity monitoring and anomaly detection.

Skyhigh CASB for Google Chat 

Skyhigh CASB for Google Chat provides comprehensive security, enabling IT teams to monitor and protect sensitive content in chat conversations within your organization. Integrate Skyhigh CASB with Google Chat to monitor risky user activities and apply DLP controls to sensitive file uploads or attachments posted in Google Chat.

Additional Security Measures for Delta APIs 

Skyhigh CASB Delta API Integration for SharePoint Online/OneDrive now supports the following DLP Policy rules for near real-time DLP on sensitive content uploaded to SharePoint Online and OneDrive services:

• SharePoint Classification
• Microsoft Azure Information Protection
• Seclore Digital Rights Management (DRM)
• Manual and Bulk Remediation

With the new Delta APIs, Skyhigh provides:

• Uninterrupted near-real-time DLP
• Improved DLP policy execution
• Increased control over high-volume API operations

Custom and Sharable Dashboard 

Dashboards summarize the Shadow and Sanctioned cloud services' data configured in your organization using cards. Now, you can create your dashboards, share them with others in your organization, mark them as favorites for easy access, or set anyone as a home dashboard that appears when you log into the product again. To customize a Dashboard, you can add new cards of different types and reorganize the cards. 

The default set of dashboards such as My Dashboard, Private Access Dashboard, IaaS Dashboard, Office 365 Dashboard, Web Dashboard, and Isolated Web Dashboards are displayed based on the license.

Using custom and sharable dashboards, you can:

• Share any dashboard of your choice within your organization.
• Create dashboards from your preferred Saved Views.
• Access dashboards easily using the icon.

Collect Logs in Real Time 

The Log Stream collects near real-time Security Service Edge web access data within your network or feeds directly into your reporting and analytics tools. You can save the logs to a local directory or send them to your third-party SIEM systems (Security Information and Event Management) through a Syslog server. You can use these files to investigate or analyze with Skyhigh SSE.

The Log Stream can:

• Identify issues as they occur, which helps address problems without delay. 
• Simultaneously download data originating from different log types such as Secure Web Gateway (SWG), Remote Browser Isolation (RBI), Private Access, and Cloud Firewall. This eliminates running multiple instances to collect data from different log types. A single Enterprise Cloud Connector accommodates downloading multiple log types simultaneously.

User Unification 

User Unification capability uniquely identifies the user across the SSE platform, allowing correlation between users accessing Shadow/Sanctioned services or Web/Private applications. This helps the Security Operations Center (SOC) administrator to perform a comprehensive user threat investigation for a single user.

Skyhigh has introduced User Unification across the SSE platform to facilitate Unified Threat Investigation for each organization user.

Unified Threat Investigation investigates potential threats by cross-referencing activities between SaaS, Shadow, Web, and Private Access data. It increases accuracy in investigating activities or incidents across the SSE platform using single-user identification.