Skyhigh Security Cloud 6.8.0 Release Notes (Feb 2025)

ML-driven Automatic Data Classification 

ML Auto Classifiers automatically detect and classify text and image-based files across sanctioned and shadow/web services, and identify sensitive documents like financial reports, patient records, patents, source code, and ID files across different formats. Security Operations Center (SOC) analysts can use these classifiers to discover real-time sensitive data and apply granular DLP policy controls, enhancing the organization’s data protection strategy and enabling quick and effective responses to data loss incidents. By leveraging AI and machine learning, ML Auto Classifiers improve data governance, support robust DLP policies, streamline management by eliminating manual classification, and enhance operational efficiency. They also offer scalable solutions for large data volumes, provide insights into classification confidence, and minimize false positives and negatives.

Utilize ML Auto Classifiers to categorize sensitive files (Classifications page) and review triggered matches along with their confidence levels (Policy Incidents page):

1. ML Auto Classifier Condition. Use the ML Auto Classifier rule on the Classifications page to automatically classify sensitive files.

▶ Explore Navigation Details and User Interface

Navigation Path: To access ML Auto Classifiers, go to Policy > DLP Policies > Classifications > Create Classification > Conditions > ML Auto Classifier

2. ML Auto Classifiers Component. Access the ML Auto Classifiers component on the Sanctioned DLP Policy Incident cloud card to view the triggered matches for file categories along with their confidence percentages. For details, see ML Auto Classifiers.

▶ Explore Navigation Details and User Interface

Navigation Path: To access the Sanctioned/Shadow DLP cloud card, go to  Incidents > Policy Incidents > Filter Incident Type as Sanctioned DLP or Shadow/Web DLP > Select any incidents on the table

  

User Unique Identification Number (UID) for DLP Incidents 

The User Unique Identification Number (UID) filter has been introduced for Data Loss Prevention (DLP) incidents to enhance the ability to manage and analyze security incidents within your organization. The User UID is a unique identification number assigned to each user, allowing Security Operations Center (SOC) analysts to obtain a comprehensive view of all DLP incidents linked to a specific user across Sanctioned, Shadow/Web, and Private applications. It enables SOC analysts to take quick and effective remediation action. Additionally, It enhances the organization's data protection strategy and increases operational efficiency in incident management.

You can access and review specific information related to User UID on the Policy Incidents page.

Capability of User UID on Policy Incidents:

1. Filter DLP Incidents. Apply the User UID filter on the Policy Incident cloud card to view all DLP incidents associated with a specific User UID directly on the Policy Incidents table.

▶ Explore Navigation Details and User Interface

Navigation Path: To access User UID, go to Incidents > Policy Incidents > Select any incidents on the table

2. Search for User UIDs. Use the omnibar to search for specific User UIDs. This capability allows for quick access to DLP incidents linked to particular users.
3. View User UID Column. Include a User UID column in the incident table to generate reports. For details, see  Policy Incidents Page Cloud Card.

▶ Explore User Interface
 

ML-driven Potential False Positive Detection 

ML-driven Potential False Positives automatically identify and classify likely false positive DLP incidents, enabling Security Operations Center (SOC) analysts to access detailed statistics and a comprehensive list of these incidents. This capability helps minimize false positives and refine DLP policies, enhancing operational efficiency in incident management. AI-ML Powered Automatic Incident Categorization further streamlines DLP management by using machine learning to identify recurring patterns, reducing investigation time and costs while supporting large incident volumes. It boosts confidence in false positive identification, accelerates response times, and provides insights into trends over the past 30 days.

You can review Sanctioned DLP incidents detected and categorized as potential false positives on the Policy Incidents page.

Capability of ML-driven Potential False Positives on Policy Incidents:

1. Potential False Positives Summary. You can view the total count of potential false positive incidents, along with recent trends and changes in their volume. 
2. Filter for Potential False Positives. This capability applies specifically to Sanctioned DLP Incidents. Filter the Incident Type as Sanctioned DLP, and apply the Machine Learning Status filter as Potential False Positive to display all potential false positive incidents within your organization.

▶ Explore Navigation Details and User Interface

Navigation Path: To access ML-driven Potential False Positives, go to Incidents > Policy Incidents.

3. Review and Validate Potential False Positives. The Sanctioned DLP Incident Cloud Card now features a Potential False Positive section within the Machine Learning Status component. This addition allows for efficient validation of incidents classified as potential false positives. For details, see About ML-Driven Potential False Positives.

▶ Explore User Interface
 

Additional DLP Enhancement 

Data Classification Enhancements 

Configure System Error Notifications Using Custom Templates 

You can now customize the End User Notification Settings for system errors by using a custom template. To do this, check the list of system errors in the System Error Mapping section. Select the required system error to configure the corresponding End User Notification. This enables you to display notifications to end users that include relevant system error information. For details, see Configure System Error Notifications Using Custom Templates.

▶ Explore Navigation Details and User Interface

Navigation Path: To access System Error Mapping, go to Policy > Web Policy > Feature Configuration > End User Notification Settings > System Error Mapping.

 

Additional Skyhigh Secure Web Gateway Enhancements

Disable the Skyhigh Logo in Isolated Browsers 

You can now hide the Skyhigh logo in browsers while using Full and Risky Isolated browsers. By default, the Skyhigh logo is displayed. Select the Disable Skyhigh logo near browser address bar checkbox to hide the logo. For details, see Full Isolation — Use Browser Isolation for Websites Based on Your Own Selection.

▶ Explore Navigation Details and User Interface

Navigation Path: To access Disable Skyhigh logo near the browser address bar checkbox, go to  Policy > Web Policy > Policy > Browser Isolation > Full Isolation > Browser Settings > Disable Skyhigh logo near the browser address bar. 

OCR Support in Microsoft Teams Chats/Channels 

Skyhigh CASB for Microsoft Teams allows security admins to define DLP policies to monitor and remove the sensitive content in images shared in chats/channels by copying and pasting them. For details, see Microsoft Teams Secure Collaboration Use Cases.

▶ Explore Navigation Details

Navigation Path: To identify and remove sensitive content in the pasted images, go to Policy > DLP Policies > Classifications.

Microsoft Intune Company Portal App Support via Reverse Proxy 

Integrate the Intune Company Portal app with Skyhigh CASB to securely access the organization's resources on personal or company-owned devices like smartphones, tablets, and laptops. By enforcing policies that control how data is accessed, shared, and protected across devices and applications, you can prevent sensitive or confidential data exfiltration, ensuring secure and compliant usage of organizational resources. For details, see Microsoft Intune Company Portal App Support via Reverse Proxy.

▶ Explore Navigation Details

Navigation Path: To enroll your device with the Intune Company Portal app via a reverse proxy, go to Policy > Access Control > Access Policies.

Salesforce Winter 2025 Support 

Skyhigh CASB now supports the latest Salesforce Winter 2025 version. For details, see Supported Versions of Structured Apps.

ServiceNow Xanadu Q4 2024 Support 

Skyhigh CASB now supports ServiceNow Xanadu Q4 2024. For details, see Supported Versions of Structured Apps.

Filter AI Services by Risk Type 

Use the Artificial Intelligence (AI) Risk Type filter to sort AI services by High, Medium, and Low risk in the Skyhigh Cloud Registry. Sorting AI services by risk type allows you to take necessary actions to strengthen the defense against associated potential risks. SOCs can review and prioritize the AI services and outline remediations quickly, thereby enhancing the ability to secure their most sensitive data from high-risk AI services. For details, see Filtering AI Services by Risk Type.

▶ Explore Navigation Details and User Interface

Navigation Path: To filter AI services by risk type, go to  Governance > Cloud Registry > Filters > Artificial Intelligence Risk Type.

Skyhigh CASB for SAP S/4HANA 

Skyhigh CASB for SAP S/4HANA allows Security Operations Center (SOC) admins to secure and monitor user activities in cloud data and User Authorization Management. Skyhigh aims to secure the registration of SAP S/4HANA business users through certificate-based identifiers for activity monitoring and anomaly detection. For details, see About Skyhigh CASB for SAP S/4HANA.

▶ Explore Navigation Details and User Interface

Navigation Path: To integrate Skyhigh CASB with SAP S/4HANA, go to Settings > Service Management.

Skyhigh CASB for Google Chat 

Skyhigh CASB for Google Chat provides comprehensive security, enabling IT teams to monitor and protect sensitive content in chat conversations within your organization. Integrate Skyhigh CASB with Google Chat to monitor risky user activities and apply DLP controls to sensitive file uploads or attachments posted in Google Chat. For details, see About Skyhigh CASB for Google Chat.

▶ Explore Navigation Details and User Interface

Navigation Path: To integrate Skyhigh CASB with Google Chat, go to Settings > Service Management.

Additional Security Measures for Delta APIs 

Skyhigh CASB Delta API Integration for SharePoint Online and OneDrive now supports the following DLP Policy rules for near real-time DLP on sensitive content uploaded to SharePoint Online and OneDrive services:

• SharePoint Classification
• Microsoft Azure Information Protection
• Seclore Digital Rights Management (DRM)
• Manual and Bulk Remediation

With the new Delta APIs, Skyhigh provides:

• Uninterrupted near-real-time DLP
• Improved DLP policy execution
• Increased control over high-volume API operations

For details, see Skyhigh CASB Delta APIs Early Access Release Notes.

Custom and Sharable Dashboard 

Dashboards summarize the Shadow and Sanctioned cloud services' data configured in your organization using cards. Now, you can create your dashboards, share them with others in your organization, mark them as favorites for easy access. Additionally, set anyone of the dashboards as a home dashboard that appears when you log into the product each time. To customize a dashboard, you can add new cards of various types and rearrange the existing cards.

The default set of dashboards such as My Dashboard, Private Access Dashboard, IaaS Dashboard, Office 365 Dashboard, Web Dashboard, and Isolated Web Dashboards are displayed based on your license.

Using custom and sharable dashboards, you can:

• Share any dashboard of your choice within your organization.
• Create dashboards from your preferred Saved Views.
• Access dashboards easily using the icon.

For details, see Custom and Sharable Dashboard.

▶ Explore Navigation Details and User Interface

Navigation Path: To access Custom and Sharable Dashboards, go to Dashboards, and then click.

Collect Logs in Real Time 

The Log Stream collects near real-time Security Service Edge web access data within your network or feeds directly into your reporting and analytics tools. You can save the logs to a local directory or send them to your third-party SIEM systems (Security Information and Event Management) through a Syslog server. You can use these files to investigate or analyze with Skyhigh SSE. For details, see Collect Logs in Real Time.

The Log Stream can:

• Identify issues as they occur, which helps address problems without delay. 
• Simultaneously download data originating from different log types such as Secure Web Gateway (SWG), Remote Browser Isolation (RBI), Private Access, and Cloud Firewall. This eliminates running multiple instances to collect data from different log types. A single Enterprise Cloud Connector accommodates downloading multiple log types simultaneously.

▶ Explore Navigation Details and User Interface

Navigation Path: To collect logs in real time, go to Settings > Infrastructure > Cloud Connector > SIEM Integration (Inline) > Log Stream.