Coming Soon in our Next Release

Monitor User Activities, Threats, and Anomalies Using User UID 

The User Unique Identification (UID) number is a unique identifier assigned to each user within an organization. The Activities, Threats, and Anomalies pages now include a User UID column in their respective tables. The User UID consolidates all activities, threats, and anomalies under a single identifier across Sanctioned, Shadow/Web, and Private applications. This enhancement facilitates efficient tracking and analysis of user activities within the organization. 

You can filter all activities related to a specific User UID using the Omnibar search and the Activities, Threats, and Anomalies Cloud Card.

Strengthen AI Security with Agentic AI Attribute 

Skyhigh Cloud Registry now offers support for the Agentic AI attribute, which detects and tracks services that utilize Agentic AI, enhancing visibility into risk assessment and improving overall AI security posture. By flagging Agentic AI in cloud services, organizations can identify the services capable of autonomous actions, implement appropriate security controls, and strengthen governance over AI-related risks.

Agentic AI refers to AI services that autonomously plan, decide, and act to achieve defined goals without direct instruction. Unlike traditional AI, which responds only to explicit prompts, agentic systems can use tools, access services, and carry out multi-step actions with minimal human involvement. If Agentic AIs are not identified within the services, organizations may struggle to pinpoint the root causes of AI-driven activities and incidents.

Key benefits of identifying Agentic AI in your cloud services:

• Classify the service as higher risk
• Apply enhanced monitoring and controls
• Make informed allow/block decisions
• Improve audit and compliance alignment
• Reduce exposure from autonomous actions

Identify Data Exfiltration Anomalies for a Unified User 

Skyhigh CASB now supports a new Data Exfiltration Anomaly category for unified users. Data Exfiltration Anomalies refer to activities involving the unauthorized or unusual transfer of data from an organization to external destinations. This includes instances such as downloading data from sanctioned services and uploading it to shadow services. Additionally, it detects abnormal activities within the organization, such as mass downloads from sanctioned services or access to data that contradicts a user's role, particularly when sensitive or classified files are involved.

Key Benefits

• Dynamic Detection. Moves beyond static thresholds by identifying sudden spikes in activity, role-inconsistent access, cross-domain transfers, and low-and-slow patterns that may indicate an intent to circumvent security controls. Proactive detection of data loss, clearer investigation context, and faster, risk-aligned response across cloud, web, and user activity.
• Increased Detection Accuracy. By focusing on behavioral patterns rather than fixed criteria, the detection capabilities significantly enhance signal quality, helping you pinpoint genuine threats while minimizing false positives. Unified UEBA intelligently compares a user's current activity against their historical behavior and that of their peers, ensuring a comprehensive understanding of normal operations.

This sophisticated approach allows your security team to respond proactively to potential data exfiltration attempts, ensuring the integrity of your sensitive information. 

Additional Enhancements to Unified User Risk tab 

The Unified User Risk tab is enhanced to provide more detailed metrics on user activity and improved insights into risk attributes.

The User Risk tab has enhanced with the following capabilities: 

• Clear visibility into the scores for each risk attribute that contributes to the overall risk category score. 
• Risk scoring is applied at the category level, with distinct scores for Sanctioned and Shadow categories. This structure enables organized and actionable risk analysis.
• More precise and narrowly focused results. When a risk category is selected, the results show only the attributes that contributed to the risk score, rather than all available attributes.
• Improved accuracy of user risk scores, resulting in fewer false positives. 

These enhancements boost the unified user risk experience by providing a clearer view for analysts and executive-ready visualizations of risk, facilitating faster investigations and more effective communication of risk-related information.