Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Skyhigh Security Cloud Release Notes 6.4.0 (July, 2023)

Skyhigh Cloud Platform

Data Loss Prevention (DLP)

Reduce False Positives in DLP Advanced Patterns with the Ignored Expressions

You can now ignore certain expressions to reduce false positives in the Advance Patterns (found under Policy > DLP Policies > Classifications > Actions > Create Classification > Conditions). The Add Ignored Expression option allows you to add exceptions as ignored expressions in regular expression-based classifications.

This empowers organizations to finely customize DLP configurations by specifying exceptions that won't trigger matches. With these exceptions, data classification workflows can be controlled more precisely, reducing false positives and handling specific cases more accurately. Data protection strategies are optimized by enhancing precision and reducing disruptions. For details, see Create Custom Advanced Patterns.


New Email Template Variables for Malware (Limited Availability)

The customizable email templates (under Policy > Policy Settings > Email Templates > Create Email Templates) now offer admins to take advantage of two new variables Malware Checksum and Malware Confidence. Custom Email Templates can be used with End User Remediation for Malware Verification. For details, see Create a Custom Email Template.

Malware Variables_6.4.0.png

Flexible Cloud-to-On-Premise Evidence Synchronization: Empowering Customer Choice (Limited Availability) 

When creating a new rule in Skyhigh CASB DLP Policy (found under Policy > DLP Policies > DLP Policies > Actions > Sanctioned Policy > Create New Policy), you can now access a new response named "Save Evidence." With this response, you can choose the significant policies to which evidence files should be retained for synchronization to Trellix ePO and disregard other policies. This allows you to achieve greater control over data management and reduce synchronization time with ePO by removing large amounts of insignificant evidence files. For details, see Configure Save Evidence in Skyhigh DLP Policy

Skyhigh SSE Products

Skyhigh Private Access

Configure Device Profiles - CrowdStrike

Skyhigh SSE platform enables customers to create Zero Trust device policies using a combination of native Zero Trust Assessments capabilities such as OS version, presence of registry key, Antivirus(On/Off), and more to assess device posture. CrowdStrike performs zero trust assessment and provides various scores such as OS score, sensor score, and an overall score of the client. By using a combination of these scores, you can enforce a powerful Zero Trust Assessment of devices before allowing access to private applications via Skyhigh Private Access.

To use the CrowdStrike integration option, enable the CrowdStrike toggle button (found under Settings > Infrastructure Web Gateway Setup > Configure SCP > Manage SCP > Global Configuration > Device Risk Assessment Settings page). 

For details, see Configure Device Profiles - CrowdStrike


Access Private Applications through Trellix ePO-OnPrem and Trellix ePO-SaaS with SCP 4.7.0

Skyhigh Client Proxy can now be deployed along with a PA policy file (OPG) using Trellix ePO. Earlier, this was done manually or via deployment tools.

To enable this feature, select the Download Policy From Skyhigh SSE checkbox. This pushes the policy to all endpoints, and the endpoints will synchronize with the SSE SCP policy. For details, see Access Private Applications through Trellix ePO-OnPrem and Trellix ePO-SaaS.

NOTE: Once SSE and ePO are synced, the endpoints are applied only with the SSE SCP policy. If you clear the checkbox, endpoints consider only the SSE SCP policy and not the ePO SCP policy.

Trellix ePO-OnPrem 

MicrosoftTeams-image (18).png

Trellix ePO-SaaS

MicrosoftTeams-image (31).png


Skyhigh Cloud Firewall

Support for Additional Protocols

The Cloud Firewall policy now supports these protocols: QUIC, NTP, TDS, RDP, Gnutella, and Ident. For more details, see Configure Firewall Policies.


Cloud Firewall Traffic and Users Reports Enhancements

The Cloud Firewall Traffic and Cloud Firewall Users reports are enhanced with the following fields:

  • Domain Name. Displays the domain names of the applications accessed by the user. Click the count link to view the list of domain names accessed.
  • Client Host Name. Displays the name of the client host. The count is displayed in the case of multiple host names.
  • Host OS Name. Displays the host OS details (OS name and OS version) of the client system. The count is displayed in the case of multiple operating systems running on a host.


In addition to the Domain Name, Client Host Name, and Host OS Name fields, the Events Data page is enhanced with the SCP Policy Name and Process Path for the Cloud Firewall Traffic and Cloud Firewall Users reports. For more details, see Cloud Firewall Traffic and Cloud Firewall Users.


Skyhigh CASB

Filter for User Risk on Threats and Anomalies Page

You can now filter and categorize your search by User Risk score for High-risk activities on the Threats (found under Incidents > Threats) and Anomalies page (found under Incidents > Anomalies > Anomalies). If there are no high-risk users in your tenant, the User Risk filter can’t be seen on the Threats and Anomalies page.

User Risk is also supported in Saved View, Chart View, Dashboard Cards, and Generate Reports for Business Report (PDF), CSV, XLS, and Schedule Reports. For details, see, Threats and Anomalies.
Threats page.png
Anomaly User Risk.png

Support for Slack Non-Enterprise (Pro/Business+) Licenses (Limited Availability)

Skyhigh CASB now supports Slack’s granular bot permissions framework for API integration of Non-Enterprise (Pro/Business+) licenses. For details, see About Skyhigh CASB for Slack Non-Enterprise. Slack Non-Enterprise API integration requires a client ID and a secret key to enable API access in Skyhigh CASB. You can use a manifest file to create a Custom OAuth application for Slack Non-Enterprise licenses. For details, see Integrate Skyhigh CASB with Slack Non-Enterprise.

Skyhigh CASB's API Integration for Slack Non-Enterprise licenses includes the following features:

Supported Remediation Actions and Channel Types in Slack
Remediation Actions Channel Types Supported

Delete Files

Slack Public/Private Channels and DMs (Direct Messages) Yes
Slack Shared Channels No

Delete Messages

Slack Public/Private/Shared Channels Yes
Slack DMs (Direct Messages) No

Quarantine Files

Slack Public/Private Channels and DMs (Direct Messages) Yes
Slack Shared Channels No
Quarantine Messages Slack Public/Private/Shared Channels and DMs (Direct Messages) No
Supported DLP Policy Rules and Response Actions in Slack
DLP Policy Rules Supported
  • Data Identifier
  • File Name
  • File Path/Folder ID
  • File Size
  • File Type
  • Keywords
  • Regular Expression
Collaboration No
DLP Policy Response Actions Supported
  • Quarantine
  • Delete
  • Send Bot Notification
  • User Bot Notification
  • User Email Notification
  • Send Email Notification to

Slack Non-Enterprise API Integration.png

Skyhigh CNAPP

New Azure CIS v2.0 Policy Templates

CIS Benchmarks are based on technical configuration settings used to maintain and increase enterprise security, especially when used in conjunction with other essential cyber hygiene tasks. In this release, 1 new Azure Policy template (TLS version should be set to default for MySQL flexible database Server ) is added for the CIS v2.0.0 Level 1 benchmark. The new Policy Template can be found under Policy > Policy Templates. For details, see Policy Templates for Azure.
Azure_6.4.0_ New Template.png

Notepad - known issue.png Click here to view Skyhigh Security Cloud Resolved and Known Issues
For details, see Skyhigh Security Cloud Bug Fixes and Known Issues.
  • Was this article helpful?