Skyhigh Security Cloud 6.9.1 Release Notes (Oct 2025)

Use HTML to Customize Email Template   

You can import HTML content into your email templates to create more engaging and effective notifications. Additionally, you can customize your template by incorporating available variables. To do this, go to the Variables tab, click the copy icon () to copy the variables, and paste them into your HTML code. This capability enables you to create visually appealing and interactive email designs, leading to better recipient engagement and action. For details, see Create a Custom Email Template.

▶ Explore Navigation Details and User Interface

Navigation Path: To access the Import HTML option, go to Policy > Policy Settings > Email Templates > Create/Edit Email Template.

Enhanced User Experience for Email Templates   

The Email Template page now features an Actions column, providing access to two new features: 

• Preview. You can now review the email content before sending it to the recipients. This option is available for both pre-configured and custom email template types.
• Delete. You can now delete the custom email template directly from the Email Templates page. This option is available only for the custom email template type. For details, see About Email Templates.

▶ Explore Navigation Details and User Interface

Navigation Path: To access the Action column, go to Policy > Policy Settings > Email Templates.

 

• Create/Edit Email Template. This page features a more organized and structured layout for enhanced user interaction. This intuitive design, incorporating better visual elements, simplifies the creation and editing of email templates, resulting in a more efficient email communication management experience.  For details, see Create a Custom Email Template and Edit an Email Template.

▶ Explore Navigation Details and User Interface

Navigation Path: To access the Create/Edit Email Template page, go to Policy > Policy Settings > Email Templates.

Create Advanced Pattern Exceptions using Import CSV   

You can now import a CSV file to exclude regular expressions (regex) or keywords from DLP matching in custom advanced patterns. This capability provides an efficient and scalable method for defining exceptions, drastically reducing the occurrence of false positives in DLP matching. It helps SOC administrators maintain a robust, finely tuned DLP system efficiently with minimal manual intervention, thereby enhancing the overall security posture and operational efficiency. For details, see Create Advanced Pattern Exceptions using Import CSV.

▶ Explore Navigation Details and User Interface

Navigation Path: To access the Import.csv option, go to Policies > DLP Policies > Classification > Create Classification > Advanced Pattern > New > Exceptions.

Filter Custom Incident Status via API   

You can now filter incidents not only using Skyhigh pre-defined statuses but also through custom statuses via API. This API access ensures seamless integration into your existing security ecosystem, providing a customizable and powerful incident filtering experience.

View Data in Your Preferred Time Zone   

Skyhigh now offers Local Time Zone support on its web pages to view the Web Logs. This capability is available across web-related products, including SWG Cloud, Private Access, and Cloud Firewall. The Date Picker now includes a Time Zone menu that allows you to switch between UTC and local time zone. This flexibility improves how data is displayed and enhances usability by aligning timestamps with your preferred settings. For details, see Web Traffic Page.

▶ Explore Navigation Details and User Interface

Navigation Path: To view the Time Zone, go to Analytics > Web > Web Traffic.

Customize Error Handler with Rule Sets   

Skyhigh Web Gateway now supports adding Custom Rule Sets to both default and newly created Error Handlers, enabling more granular control over error management during web traffic processing. For more details, see Work with Error Handler. 

NOTE: You can add rule sets directly through the UI; importing a single Error Handler from the library is no longer supported.

The following capabilities enhance the Error Handler configuration:

 

• Create and attach custom rule sets to Error Handlers. Configure Error Handlers independently with functionality similar to Policy Rule Sets.
• These enhancement allows organizations to tailor error handling behavior to meet specific security and compliance requirements.
• Drag and drop custom rule sets to the parent level for broader policy enforcement.

▶ Explore Navigation Details and User Interface

Navigation Path: To access the Default Error Handler page, go to Policy > Web Policy > Error Handler > Default Error Handler.

Extend Security to Non-Browsing Traffic via IPsec Tunnel  

Skyhigh now extends the Cloud Firewall and policy enforcement capabilities to non-browsing traffic, including DNS, FTP, SSH, and other non-HTTP/S protocols. You can forward Web traffic from their branch offices directly to Skyhigh SSE over a Site-to-Site Secure IPSec Tunnel to the nearest Cloud Firewall enabled Skyhigh Cloud POP (Point of Presence).

The Cloud Firewall enhancement extends security coverage to end-user devices that are not running an SCP client but are deployed in Branch Office networks.

 Key Capabilities:

• Route all traffic types (TCP/UDP) securely through an IPsec tunnel to the Skyhigh SSE cloud.
• Enforce Cloud Firewall policies centrally on traffic forwarded via IPsec tunnel in addition to existing SWG policies.
• Provide full visibility and logging for traffic events at the cloud level.
• Applicable to branch office machines without the SCP client installed on them.

This feature complements existing Secure Web Gateway (SWG) capabilities, helping organizations achieve broader traffic control without added deployment complexity. For more details, see Extend Security to Non-Browsing Traffic via IPSec Tunnel.

Monitor AI- ML Web Traffic with New URL Categories

Skyhigh Web Gateway now offers new A.I and M.L. URL categories for Artificial Intelligence, Generative AI, and Machine Learning to enhance visibility, control, and policy enforcement for AI-related web traffic. These category provides the following capabilities:

• Filter logs and dashboards by AI category, monitor traffic trends, track policy hits, analyze user behavior, and build custom dashboards for AI-related activity.
• Apply Shadow DLP policies based on AI categories, trigger severity-based incidents, and block uploads containing classified data.
• Enable coaching workflows for specific user groups to guide responsible usage while maintaining oversight.

These categories replace legacy subscribe lists and offer native support for advanced policy actions, real-time inspection, and detailed reporting. For details, see Monitor AI and ML Web Traffic with New URL Categorization.

▶ Explore User Interface

 

Enable Real-Time DLP Scan for Files Uploaded via Browser   

Skyhigh Web Gateway now supports File Upload Pre-scan, enabling real-time scanning of files uploaded through browser-based applications. This application agnostic capability prevents the unauthorized upload of sensitive data, be it via browser to cloud storage platforms such as Google Drive and Dropbox, or collaboration tools such as WhatsApp Web and Microsoft Copilot.  This enhances data protection and offers the following updates:

• Scans files in real-time before upload using configured DLP policies to detect sensitive data and enforce compliance.
• Blocks uploads that contain sensitive or confidential information.
• Operates without additional extensions or agents.
• Sends Agentless Notifications to alert users when a file upload is blocked.
• Logs policy incidents to improve visibility and support audit tracking for security, compliance, and operational oversight.

This enhancement enforces DLP policies without requiring endpoint configuration and significantly reduces the risk of data breaches by intercepting unauthorized uploads at the source. For more details, see Enable Real-Time DLP Scan for Files Uploaded via Browser.

▶ Explore Navigation Details and User Interface

Navigation Path: To view the File Upload Pre-scan, go to Web > Policy > Web Policy > Policy Ruleset > Browser Control > File Upload Pre-Scan.

Additional Enhancements in Remote Browser Isolation 

Strengthen Shadow AI Services with Additional LLM Risk Attributes 

Large Language Models (LLMs) are essential for securing AI-generated content in Cloud Services. Skyhigh CASB is enhanced with additional LLM-specific attributes in its Cloud Registry to categorize risks associated with Shadow AI services. The new risk attributes include NIST, OWASP, CBRN, and Harmful, complementing the existing risk attributes such as Jailbreak, Toxicity, Bias, and Malware. By leveraging these LLM risk attributes, organizations can significantly enhance threat detection, improve data protection, and ensure compliance with regulatory standards (such as FedRamp and GDPR). It also provides a deeper assessment of the risks associated with shadow AI applications, enabling security teams to identify advanced threats and maintain effective governance and control. 

Under the AI category, if a service supports LLM, the following four risk attributes are displayed in addition to the existing risk attributes:

• National Institute of Standards and Technology (NIST). Warns that if a model lacks alignment with the NIST AI Risk Management Framework, it poses a higher risk of untrustworthy behavior.
• Open Worldwide Application Security Project (OWASP). Flag models that are exposed to critical risks identified in the OWASP Top 10 for LLMs, as these risks may lead to security vulnerabilities.
• Chemical, Biological, Radiological, and Nuclear (CBRN). Assess how the AI system responds to adversarial prompts related to chemical, biological, and cybersecurity threats.
• Harmful. Evaluate AI System behavior in response to prompts related to physical, emotional, or social harm.

For details about all the Skyhigh-supported LLM attributes and the use cases, see LLM Risk Attributes for AI Category Services.

▶ Explore Navigation Details and User Interface

Navigation Path: To view LLM risk attributes, go to Governance > Cloud Registry > Select any AI Service > Registry Overview > Risk tab.

Support for Salesforce Winter 2026 

Skyhigh CASB now supports the latest Salesforce Winter 2026 version. For details, see Supported Versions of Structured Apps.

Support for ServiceNow Zurich Q4 2025 

Skyhigh CASB now supports ServiceNow Zurich Q4 2025. For details, see Supported Versions of Structured Apps.

Enhanced Zoom Integration with DLP Controls 

Skyhigh CASB now offers robust Data Loss Prevention (DLP) controls for files uploaded or attached to messages in Zoom chats. These controls include OCR capabilities that enable the identification of sensitive information within images and scanned documents. You can define DLP policies to identify and prevent the sharing of sensitive information across all Zoom conversation types, including one-on-one chats, group chats, and channel discussions.

Key capabilities:

• Control file sharing in real time. This ensures that only compliant files are shared based on the enforced policies.
• Identify and block sensitive files. Automatically scan files shared during Zoom meetings or chats to identify sensitive content (such as personal data or confidential documents). Block sharing if the files violate security policies.
• Apply consistent data protection policies. This ensures that data security rules are enforced across the Zoom ecosystem, keeping sensitive information protected regardless of where or how it is shared.

For details, see DLP Controls for Zoom Chat Messages.

▶ Explore Navigation Details

Navigation Path: To integrate Skyhigh CASB with Zoom, go to  Settings > Service Management.

Monitor User Activities Using User UID 

The User Unique Identification (UID) number is a unique identifier assigned to each user within an organization. The Activities page now includes a User UID column in the Activities table, enabling efficient tracking and analysis of user activities within the organization.

For example, if a single user logs in with multiple accounts or email addresses, each activity is recorded as a separate entry in the Activities table. The User UID consolidates all activities under a single identifier across Sanctioned, Shadow/Web, and Private applications.

This consolidation allows SOC analysts to view a complete activity trail, enabling security teams to correlate events across systems, reduce duplication in investigations, and respond to suspicious activity with greater speed and precision. For details, see About Activities.

You can filter all activities related to a specific User UID using the Omnibar search and the Activities Cloud Card.

Secure Sensitive Airtable Data with Enhanced DLP Control 

You can now apply Data Loss Prevention (DLP) policies that protect confidential data at the cell level in Airtable. Using these policies secures sensitive information during routine activities, such as creating or editing tables with text or attachments, file import to an existing or new table, and performing copy-paste actions, thereby minimizing potential risks. For details about the supported DLP policies, see About Skyhigh CASB for Airtable.

▶ Explore Navigation Details

Navigation Path: To integrate Skyhigh CASB with Airtable, go to  Settings > Service Management.

Users Upload Activities Modal - Deprecated 

On the User Cloud Card (Analytics > Users), Skyhigh no longer provides access to the Upload Activities modal or hyperlink. However, you can view granular SWG Cloud​​​​​ activities on the Activity Monitoring page.

▶ Explore Navigation Details

Navigation Path: To view the User Cloud Card, go to Analytics > Users > <click any user to view the User Cloud Card>.

Deprecated Policy Templates for Google Container Registry (GCR)  

Skyhigh no longer supports the following GCR policy templates:

• GCR: Registries should not be exposed to everyone/ publicly for push actions
• GCR: Registries should not be exposed to everyone/ publicly for pull actions
• GCR: Registries should not be exposed to everyone/ publicly for push actions
• GCR: Image Registry should not have more than 200 repositories
• GCR: Users should not be granted FullAccess GCR Permission

For details, see Deprecated Policy Templates for GCR.