Skyhigh Security Cloud 7.0.1 Release Notes (Feb 2026)

Enhanced EDM to Support Additional Date Formats 

Exact Data Match (EDM), an advanced DLP capability, now extends its functionality to support four additional date formats during file scanning to make sure data such as PII, PCI is not exfiltrated. This enhancement enables the DLP engine to handle and structure fingerprints accurately, even when date formats found in documents vary from what was originally fingerprinted. For more details, see Enhanced EDM to Support Additional Date Formats.

The newly supported date formats are:

• D-M-YYYY
• M-D-YYYY
• YYYY-M-D 
• YYYY-D-M 

Enhanced Regex Pattern to Support New CNPJ Format for Brazilian PII 

The Brazilian Federal Revenue Service aims to implement the alphanumeric CNPJ (Brazilian taxpayer identification number) that supports the values of the new format. To facilitate this requirement, the existing regex pattern (which supported only numerical values) is enhanced to discover and validate values that are alphanumeric and are case-insensitive. This DLP engine now validates the new 14-character alphanumeric format and triggers an incident during policy violation, by securing the data and enforcing policies as defined.

Current Regex Pattern:

For numerical values only.

\b[0-9]{2}\.[0-9]{3}\.[0-9]{3}\/[0-9]{4}-[0-9]{2}\b
\b[0-9]{14}\b

Updated Regex Pattern:

For uppercase alphanumeric values, as well as adding a pattern that doesn't use the dot delimiters.

(?i:\b[0-9A-Z]{2}\.[0-9A-Z]{3}\.[0-9A-Z]{3}/[0-9A-Z]{4}-[0-9]{2}\b)
(?i:\b[0-9A-Z]{8}/[0-9A-Z]{4}-[0-9]{2}\b)
(?i:\b[0-9A-Z]{12}[0-9]{2}\b)

Current vs. New CNPJ Format

The following table lists the differences between the current and the new CNPJ format.

Inclusion of Missing User Information for CSPs in DSPM Data Explorer 

The DSPM Data Explorer now displays the missing username that was not supported previously for some Cloud Service Providers (CSPs). If the username is not available, then the user's email ID is displayed in the User column. This enhancement enables SOC admins to track user activities and define policies to secure data and prevent data exfiltration.

▶ Explore Navigation Details and User Interface

Navigation Path: To view the user information in DSPM Data Explorer, go to Analytics > DSPM Data Explorer > filter any service from the table > Users tab

Enhanced Policy Control with Support for Parquet File Types  

The Skyhigh Secure Web Gateway now supports Parquet File Type as a valid media type and ensures these file types are scanned and secured. Parquet File Type is widely used in large‑scale data processing and analytics. 

Key Benefits

• Policy Control. Create rules to define actions when Parquet File Types are detected.
• Blocking Options. Configure policies to block downloads, uploads, archives, or transactions involving Parquet files.

This enhancement gives you greater control over data flows involving Parquet file types, helping prevent unauthorized transfers and ensuring compliance with data protection policies. For details, see List of Secure Web Gateway Supported MIME Types.

▶ Explore Navigation Details and User Interface

Navigation Path: To select the Parquet Media Type, go to Policy > Web Policy > Policy > > Media Type Catalog > Databases > application/x-parquet.

Unified Policy Logic with Nested Boolean Operators 

Skyhigh Secure Web Gateway now supports nested AND and OR operators within the policy engine. Unlike earlier versions, nested boolean logic can now be used inside a single rule, providing full functional parity with SWG On‑Prem policy behavior. 

Key Benefits 

• Brings in parity between SWG Cloud and SWG On‑Prem policy logic.
• Build more expressive, fine‑grained policies without splitting rules.

This enhancement simplifies policy design by reducing rule sprawl, ensuring a consistent security posture across cloud and on‑premises deployments, and advancing Skyhigh toward a unified policy engine across the platform. For details, see Create a Policy using Nested AND and OR Operators.

▶ Explore Navigation Details and User Interface

Navigation Path: To access AND and OR Operator, go to Policy > Web Policy > Policy > Global Bypass under the Web Rule tree> Add Custom Rule > Via Rule Builder.

Enable ICAP-based DLP for Unified Data Protection 

Skyhigh now offers an Internet Content Adaptation Protocol (ICAP)-based DLP service that integrates Skyhigh DLP with third‑party proxies. This capability enables centralized inspection of data in motion without requiring changes to existing network infrastructure.

Key Benefits:

• Gain full visibility into data in motion across all web traffic from a single policy layer.
• Provide ICAP as a service for third- party web gateway or proxies to send traffic for inspection via Skyhigh DLP or DSPM
• Enforce centralized DLP policies consistently across cloud and on‑premises web traffic.
• Ensure secure, encrypted connectivity between proxies and the DLP service for safe content inspection.

This enhancement simplifies integration with existing proxy infrastructure, delivers consistent DLP enforcement across environments, and strengthens data protection through centralized visibility and control over sensitive information in motion. For details, see Enable ICAP-based DLP for Unified Data Protection.

▶ Explore Navigation Details and User Interface

Navigation Path: To access AND and OR Operator, go to Policy > Web Policy > Policy > Global Bypass under the Web Rule tree> Add Custom Rule > Via Rule Builder.

Strengthen AI Security with Agentic AI Attribute 

Skyhigh Cloud Registry now offers support for the Agentic AI attribute, which detects and tracks services that utilize Agentic AI, enhancing visibility into risk assessment and improving overall AI security posture. By flagging Agentic AI in cloud services, organizations can identify the services capable of autonomous actions, implement appropriate security controls, and strengthen governance over AI-related risks. For details, see About Agentic AI Risk Attribute.

Agentic AI refers to AI services that autonomously plan, decide, and act to achieve defined goals without direct instruction. Unlike traditional AI, which responds only to explicit prompts, agentic systems can use tools, access services, and carry out multi-step actions with minimal human involvement. If Agentic AIs are not identified within the services, organizations may struggle to pinpoint the root causes of AI-driven activities and incidents.

Key benefits of identifying Agentic AI in your cloud services:

• Classify the service as higher risk
• Apply enhanced monitoring and controls
• Make informed allow/block decisions
• Improve audit and compliance alignment
• Reduce exposure from autonomous actions

▶ Explore Navigation Details and User Interface

Navigation Path: To view all services that utilize Agentic AI, go to Governance > Cloud Registry > Filters tab > select Agentic AI from the Risk Attributes menu.

Integrate Skyhigh CASB with OpenAI ChatGPT Enterprise 

Integrating Skyhigh CASB with OpenAI ChatGPT allows SOC admins to monitor and control user interactions, preventing data leaks and ensuring compliance with data privacy regulations, particularly in enterprise environments. This integration allows organizations to monitor risky user activities, maintain control over sensitive data, and safely utilize ChatGPT. For details, see About Skyhigh CASB for ChatGPT Enterprise.

▶ Explore Navigation Details and User Interface

Navigation Path: To integrate Skyhigh CASB with ChatGPT, go to Settings > Service Management.

Monitor User Activities, Threats, and Anomalies Using User UID 

The User Unique Identification (UID) number is a unique identifier assigned to each user within an organization. The Activities, Threats, and Anomalies pages now include a User UID column in their respective tables. The User UID consolidates all activities, threats, and anomalies under a single identifier across Sanctioned, Shadow/Web, and Private applications. This enhancement facilitates efficient tracking and analysis of user activities within the organization. 

You can filter all activities related to a specific User UID using the Omnibar search and the Activities, Threats, and Anomalies Cloud Card. For details, see the Activities, Threats, and Anomalies pages.

▶ Explore Navigation Details and User Interface

Navigation Path: To view all the activities associated with the User UIDs, go to Incidents > User Activity > Activities. 

To view all the threats associated with the User UIDs, go to Incidents > Threats.

To view all the anomalies associated with the User UIDs, go to Incidents > Anomalies > Anomalies.

Support for Salesforce Spring 2026 

Skyhigh CASB now supports the latest Salesforce Spring 2026 version. For details, see Supported Versions of Structured Apps.

Identify Data Exfiltration Anomalies for a Unified User 

Skyhigh CASB now supports a new Data Exfiltration Anomaly category for unified users. Data exfiltration anomalies refer to activities involving the unauthorized or unusual transfer of data from an organization to external destinations. This includes instances such as downloading data from sanctioned services and uploading it to shadow services. Additionally, it detects abnormal activities within the organization, such as mass downloads from sanctioned services or access to data that contradicts a user's role, particularly when sensitive or classified files are involved.

Key Benefits

• Dynamic Detection. Moves beyond static thresholds by identifying sudden spikes in activity, role-inconsistent access, cross-domain transfers, and low-and-slow patterns that may indicate an intent to circumvent security controls. Proactive detection of data loss, clearer investigation context, and faster, risk-aligned response across cloud, web, and user activity.
• Increased Detection Accuracy. By focusing on behavioral patterns rather than fixed criteria, the detection capabilities significantly enhance signal quality, helping you pinpoint genuine threats while minimizing false positives. Unified UEBA intelligently compares a user's current activity against their historical behavior and that of their peers, ensuring a comprehensive understanding of normal operations.

This sophisticated approach allows your security team to respond proactively to potential data exfiltration attempts, ensuring the integrity of your sensitive information. For details, see About Data Exfiltration Anomalies.

▶ Explore Navigation Details and User Interface

Navigation Path: To view data exfiltration anomalies, go to  Incidents > Anomalies > Anomalies >  Filters tab > select the Data Exfiltration Anomaly checkbox from the Anomaly Type filter.

Additional Enhancements to Unified User Risk Tab 

The Unified User Risk tab is enhanced to provide more detailed metrics on user activity and improved insights into risk attributes.

The User Risk tab has enhanced with the following capabilities: 

• Clear visibility into the scores for each risk attribute that contributes to the overall risk category score. 
• Risk scoring is applied at the category level, with distinct scores for Sanctioned and Shadow categories. This structure enables organized and actionable risk analysis.
• More precise and narrowly focused results. When a risk category is selected, the results show only the attributes that contributed to the risk score, rather than all available attributes.
• Improved accuracy of user risk scores, resulting in fewer false positives. 

These enhancements boost the unified user risk experience by providing a clearer view for analysts and executive-ready visualizations of risk, facilitating faster investigations and more effective communication of risk-related information. For details, see the User Details page.

▶ Explore Navigation Details and User Interface

Navigation Path: To view the enhanced User Risk tab, go to Analytics > User > select any user from the table > on the User Details page, select Risk tab.