Skyhigh Security Cloud 6.9.0 Release Notes (Aug 2025)

Exclude Terms using NOT Logical Operator on Policy Incidents and Policy Summary 

You can now utilize the NOT operator in the Omnibar to exclude specific terms from your search results on the Policy Incidents and Policy Summary page. Preceding a word with NOT omits any results that include the specific term, allowing for a more precise search on relevant information. Additionally, you can create a report (PDF, CSV, XLS) for filtered results that utilize the NOT operator. This enhancement enables SOC to identify critical incidents that require immediate attention and resolution, thereby improving the efficiency of SOC operations. For details, see Apply NOT operator in the Omnibar.

▶ Explore Navigation Details and User Interface

Navigation Path: To access the NOT operator on the omnibar, go to Incidents > Policy Incidents.

Create Custom Email Templates using HTML 

You can import HTML content into your email templates to create more engaging and effective notifications. Additionally, you can further customize your template by incorporating available variables. To do this, go to the Variables tab, click the copy icon to copy the variables, and paste them into your HTML code. This capability enables you to create visually appealing and interactive email designs, leading to better recipient engagement and action. For details, see Create a Custom Email Template.

▶ Explore Navigation Details and User Interface

Navigation Path: To access the Import HTML option, go to Policy > Policy Settings > Email Templates > Create/Edit Email Template.

Enhanced User Experience for Email Templates 

The Email Template page now features an Actions column, providing access to two new features: 

• Preview. You can now review the email content before sending it to the recipients. This option is available for both pre-configured and custom email template types.
• Delete. You can now delete the custom email template directly from the Email Templates page. This option is available only for the custom email template type. For details, see About Email Templates.  

▶ Explore Navigation Details and User Interface

Navigation Path: To access the Action column, go to Policy > Policy Settings > Email Templates.

• Create/Edit Email Template. This page features a more organized and structured layout for enhanced user interaction. This intuitive design, incorporating better visual elements, simplifies the creation and editing of email templates, resulting in a more efficient email communication management experience. For details, see Create a Custom Email Template and Edit an Email Template.

▶ Explore Navigation Details and User Interface

Navigation Path: To access the Create/Edit Email Template page, go to Policy > Policy Settings > Email Templates.

Utilize Non-English Language Models for ML Auto Classifiers  

The ML Auto Classifier now supports five non-English languages for the Skyhigh predefined classifier, Financial Reports, and Financial Statements. This enhancement extends machine-learning capabilities to accurately identify and classify financial and trade documents in French, German, Spanish, Japanese, and Korean.

Organizations can effectively manage and protect sensitive financial and trade-related data across global operations with this multilingual capability. It also ensures that financial reports and statements in these languages are properly classified, supporting security compliance. For details, see Create a Classification using ML Auto Classifier.

▶ Explore Navigation Details and User Interface

Navigation Path: To access ML Auto Classifiers, go to Policy > DLP Policies > Classifications > Create Classification > Conditions > ML Auto Classifier.

Extend ML-Driven False Positive Detection for Shadow/Web DLP Incidents 

You can search for Shadow/Web DLP incidents that are potential false positives easily and quickly on the Policy Incidents page. This enables you to identify and review incidents that may not be actual policy violations, allowing you to take necessary actions such as marking them as false positives or tuning your policy configurations to reduce false positives in the future.  

It also enables Security Operations Center (SOC) analysts to access detailed statistics and a comprehensive list of these potentially false-positive incidents. This capability helps minimize false positives and refine DLP policies, enhancing operational efficiency in incident management.

Capability of ML-driven Potential False Positives on Policy Incidents:

1. Potential False Positives Summary. You can view the total count of potential false-positive incidents, along with recent trends and changes in their volume. 
2. Filter for Potential False Positives. Filter the Incident Type as Shadow/Web DLP, and apply the Machine Learning Status filter as Potential False Positive to display all potential false-positive incidents within your organization.

▶ Explore Navigation Details and User Interface

Navigation Path: To access ML-driven Potential False Positives, go to Incidents > Policy Incidents.

3. Review and Validate Potential False Positives. The Shadow/Web DLP Incident Cloud Card now features a Potential False Positive section within the Machine Learning Status component. This addition allows for efficient validation of incidents classified as potential false positives. For details, see ML-driven Potential False Positive Detection.

▶ Explore User Interface
 

Skyhigh SSE Products

Enhanced User Alerts via Agentless Notification 

Skyhigh now offers a Browser Control rule set to manage web capabilities that can be applied to websites. These enhancements improve both the end-user experience and data security. The Browser Control rule set includes the Agentless Notifications rule. This capability alerts end users when actions are blocked, provides immediate feedback on restricted actions, and allows continued interaction with other areas of the webpage. For details, see Agentless Notification.

▶ Explore Navigation Details and User Interface

Navigation Path: To access the Agentless Notification page, go to Policy > Web Policy >  Policy > New Ruleset  > Select Library Rulesets > Browser Control > Agentless Notification.

Enhanced Web Security with Error Handler 

Skyhigh now supports the Error Handler in SWG Cloud. The Error Handler improves error management for the Secure Web Gateway during virus scanning and web traffic processing. This feature offers greater control and resilience in handling web traffic errors, enabling consistent and customizable responses tailored to your environment. For details, see Work with Error Handler.

The Default Error Handler rule set:

• Operates exclusively within the error cycle, not the standard request, response, or embedded cycles, and its rule sets do not display trigger conditions.
• Includes a Catch All rule set that automatically applies when no other error rule is triggered.
• Provides configurable actions such as Continue, Block, or use of the Skyhigh Default Error Handler.
• Allows customization of the error message content within the Error Handler capability.

▶ Explore Navigation Details and User Interface

Navigation Path: To access the Default Error Handler page, go to Policy > Web Policy > Error Handler > Default Error Handler.

Enhanced Data Visibility with Time Zone Support 

Skyhigh now offers Time Zone support on its web pages. This capability is available across web-related products, including SWG Cloud, Private Access, and Cloud Firewall. The Date Picker now includes a menu that allows you to select between UTC and your local time zone. Time Zone provides the flexibility to view data in either UTC or your local time zone. Viewing data in your local time zone would significantly enhance usability. For details, see Web Traffic Page.

▶ Explore Navigation Details and User Interface

Navigation Path: To view the Time Zone, go to Analytics > Web > Web Traffic. 

Block Screen Capture for Enhanced Security 

The Block webpage printing feature now extends its capabilities to include blocking screen capture. This functionality is available when either full browser isolation or risky web protection is active, and is supported exclusively on Windows 2022, Windows 2025, and Windows 10 operating systems.

To block screen capture of webpages (F10 on Windows), enable the checkbox. When a screen capture of a webpage is successfully blocked, you are notified with a message stating: Webpage Printing has been blocked by policy. For details, see Full Isolation — Use Browser Isolation for Websites Based on Your Customized Selection. 

▶ Explore Navigation Details and User Interface

Navigation Path: To access the Block webpage printing option, go to  Policy > Web Policy > Policy > Browser Isolation > Full Isolation > Browser Settings > Block webpage printing

Enhanced Private Application Discovery   

Application Discovery helps discover, identify, and map private applications within an organization's network to control user accessibility. This enhanced capability allows administrators to directly add discovered applications to the Private Access Configuration (PAC), eliminating the need for manual export and import steps.

In the Application Discovery tab, the Discovered Applications section displays all applications detected within PAC. From here, administrators can easily add selected applications to the Private Apps list using the Review to publish action. For details, see Enhanced Private Application Discovery.

▶ Explore Navigation Details and User Interface

Navigation Path: To access the Application Discovery tab, go to Settings > Infrastructure > Private Access Configuration.

Deploy Secure App Connector V3  

A Secure App Connector is a component of Private Access (ZTNA) that acts as an interface between the private applications and the Skyhigh Security Service Edge (SSE), allowing users secure access to your organization’s private applications. Starting with Secure App Connector V3 for VMware OVA (vCenter, vSphere), Skyhigh is migrating the base operating system to Skyhigh Linux Operating System (SLOS), ensuring enhanced stability and security. For details, see Secure App Connector V3.

Schedule Report Using ICT, KST, and JST Time Zones 

The Schedule Report page is enhanced with the three new local time zones, ICT (Indochina), KST (Korea), and JST (Japan), in addition to the existing 35+ time zones. While scheduling reports, you can choose either Coordinated Universal Time (UTC) or your local time zone from the At menu. This feature aligns timestamps with the selected time zone, facilitating quicker response to threats and simplifying global coordination. For details, see Supported Local Time Zones for Scheduling Report.

▶ Explore Navigation Details and User Interface

Navigation Path: To access the Schedule Report page, go to Actions > Schedule > Schedule Report.

Track Target Entities with the Event Target ID 

The Activities page now includes an Event Target ID column for OneDrive and SharePoint activities. This column displays the entity on which the action is performed, depending on the activity type. For example, if a file is shared with a user, the Event Target ID column shows the recipient's name, not the name of the user who shared the file, which is displayed in the User Name column. Similarly, if the action involves a group, the column displays a link to the group.

For details, see About Activities.

You can view the Event Target ID on:

1. The Activities page
2. Activities Cloud Card

▶ Explore Navigation Details and User Interface

Navigation Path: To view the Event Target ID column, go to Incidents > User Activity > Activities.