Coming Soon in our Next Release

View Accurate Unique Content Match Count in Policy Incidents Cloud Card 

The Policy Incidents Cloud Card now displays an accurate Unique Content Matches count for a document that triggers an incident for Sanctioned DLP policy violations. This improvement eliminates the need for SOC admins to download and manually inspect evidence files whenever the cloud card shows a low match count, significantly improving the ability to efficiently manage and respond to high-severity incidents.

View File Location Details for Google Chat in DSPM Data Explorer 

The Data Explorer dashboard includes file location details to help you identify and locate files during investigations. Currently, this support is extended for Google Chat, OneDrive, and SharePoint, enabling administrators to pinpoint the exact origin of files within chat threads. 

Save CASB Evidence 

DLP evidence is a copy of the compromised content that violates a CASB policy detected during the policy evaluation. This copy of compromised content is linked to the relevant incident and saved in your data storage, enabling further forensic analysis of generated incidents. 

This is achieved by creating a classification-based rule in DLP Policy, setting an additional response named Save Evidence. When a DLP Policy is violated, the Save Evidence response is triggered, and evidence files are saved on the generated incidents. Skyhigh allows saving evidence files to user-defined AWS S3 or Azure Blob storage for further analysis.

Improved Data Visibility in DSPM Data Explorer with Unified Expanded Scan 

The Unified Expanded Scan provides the ability to perform DSPM scan for additional data classifications, which are not part of the original DLP policy. This can also be referred to as beyond-policy-extended data categorization. For instance, a DLP policy (Sanctioned or Shadow-IT), which is defined to block any document containing Social Security Numbers (SSNs) uploaded to AI services, will now scan for additional classification types such as source code, PHI, HIPAA, etc.

This expanded scan does not affect the existing policy behaviour to trigger a DLP incident when there is a policy match. For example, if a document is scanned for SSN DLP policy and it does not have a match for an SSN number, but has source code in it, no incident is created as the policy did not intend to do so. However, this document will be shown in the DSPM Data Explorer Dashboard as it contains source code (pre-canned classification) instead of SSNs.

Enable Policyless Data Discovery for NRT-based Events 

The Skyhigh DSPM facilitates auto-discovery (Policyless discovery) of data, which is aimed at automatically categorizing sensitive data from sanctioned apps based on near-real-time (NRT) events. Any type of data activities performed on sanctioned cloud services trigger an automated DSPM scan to identify sensitive data contained in the target file.

Unlike traditional DLP methods that only track data matching specific policies, the Skyhigh DSPM Policyless Scan automatically captures every file-based interaction to classify the content of the file, the user/owner of the file, date modified, location, digest information— all without mandating pre-defined DLP policies.

This visibility allows data administrators to proactively discover all sensitive data in their sanctioned services, along with data risks identified based on several factors such as risky service or risky user. With the discovery of sensitive data characteristics, the Data Explorer streamlines risk assessment and strengthens the organization’s overall security posture.

Enhanced Application Group Management for Private Apps 

Private Access now allows users to assign multiple application groups (tags) to a single private application and edit these associations as needed. This enhancement improves flexibility and control when managing private applications, simplifies policy configuration using tag-based rules, and streamlines updates by enabling dynamic modification of application group assignments.