Skyhigh Security Cloud 6.9.2 Release Notes (Nov 2025)

Enhanced Data Protection with DLP Integrator 6.9.2  

Skyhigh has implemented updates to the internal cloud scanning, and the IDM training should be conducted using the latest 6.9.2 DLP Integrator to ensure accurate detections. To download the latest DLP integrator, see Download the DLP Integrator.

Discover and Analyze Sensitive Data with DSPM Data Explorer  

Skyhigh introduces the DSPM Data Explorer, a centralized dashboard that provides comprehensive visibility into an organization's complete data security posture across Skyhigh SSE. Its core purpose is to provide security teams with a single, efficient interface for continuous monitoring, proactive risk analysis, and compliance evaluation of all data, enabling in-depth security analysis and faster response times. For more details, see About Data Explorer.

A preview of some of the key features of DSPM Data Explorer is provided in the table below:

▶ Explore Navigation Details and User Interface

Navigation Path: To access the Data Explorer page, go to Analytics > DSPM Data Explorer.

View Expected Response Action for Shadow/Web DLP Incidents   

The Policy Incidents page now displays the Expected Response for Shadow/Web DLP Incidents. This Expected Response action is configured during DLP policy creation and defines the intended action when a policy violation occurs. This helps SOC administrators identify potential discrepancies between the Expected Response and the actual Incident Response taken during policy evaluation, which is vital for troubleshooting and refining security policies for robust data protection and operational efficiency.

Enhance Data Security with Webpage Watermark 

Skyhigh now adds a watermark to the background of every webpage you browse. To enable this feature, select the Enable webpage watermarking checkbox, located under the Full Isolation / Risky Isolation pages >  Browser Settings section. The watermarks display your Username or Email ID diagonally across the background, depending on your authentication method and the client used. This feature promotes accountability, enables tracking in case of data leaks, and prevents unauthorized sharing of sensitive information. For details, see Full Isolation — Use Browser Isolation for Websites Based on Your Own Selection.

▶ Explore Navigation Details and User Interface

Navigation Path: To configure the Watermarking option in Full Isolation or Risky Web, go to  Policy > Web Policy > Policy > Browser Isolation > Full Isolation or Risky Web> Browser Settings

A sample screenshot with the applied watermark on the background of the webpage is available below for reference:

Deploy Secure App Connector V3    

A Secure App Connector is a component of Private Access (ZTNA) that acts as an interface between private applications and the Skyhigh Security Service Edge (SSE), enabling users to securely access private applications hosted within the organization’s network. Starting with Secure App Connector V3 for VMware OVA (vCenter and vSphere), Skyhigh is migrating the base operating system to the Skyhigh Linux Operating System (SLOS) to enhance stability and security.  For details, see Secure App Connector V3.

Support Secure Connectivity for Domain Services  

Skyhigh Private Access now supports defining UDP/DNS traffic as a Private Application. This enhancement allows administrators to securely route all DNS queries (port 53) from remote clients to internal Domain Controllers, enabling seamless remote access to critical Active Directory Domain Services such as Kerberos, LDAP, and SMB/CIFS.

This capability uses granular, identity-based Zero Trust policies to secure connectivity of core domain functions, thereby minimizing broad network exposure risks.

Users and Devices can securely connect to specific domain services for performing the essential operations, such as file sharing, password resets, and policy updates, without requiring full network access.

Consolidate User Identities with User Unification 

The User Unification capability consolidates user identities across the SSE platform, allowing administrators to correlate the activities of users who access both Sanctioned and Shadow services. This enables SOC administrators to monitor all user activities through a unified identity and perform comprehensive threat investigations for individual users.

The User Unification capability creates a single User UID for each user across all Skyhigh products, consolidating multiple identities. For instance, if a user downloads a file from a Sanctioned SaaS app like Box and uploads it to a Shadow app like Sendspace, their activities are tracked separately, by email in Box and by SAM account name in Sendspace. Without unification, the SOC administrator runs two separate searches. With User Unification, Skyhigh assigns each user a unique User UID, enabling all activities to be accessed via a single identifier.

To identify unique users with multiple identities, integrate Skyhigh Cloud Connector with your organization's Active Directory, LDAP, or CSV file . These unique users are then displayed on the Users page.

Key Benefits

• Unified Activity Monitoring. Gain a comprehensive view of all activities for a single user by using their unique User UID to track both Sanctioned and Shadow service usage.
• Unified Threat Protection. Detect user-related anomalies and threats by monitoring activities across both Sanctioned and Shadow services.
• Unified User Risk Score. Calculate user risk scores using combined data from Sanctioned, Shadow, and Web services.

To get started with User Unification and to know about the Skyhigh Cloud Connector configurations, see Getting Started with User Unification and Configure Cloud Connector to Consolidate User Identities.

Monitor and Evaluate Unified User Risks 

The Users page displays all unique users across Skyhigh SSE products. These unique users are retrieved from your organization’s Active Directory (AD), LDAP, or CSV files integration via the Skyhigh Cloud Connector. The Users page offers detailed insights into each user’s risk posture, activities, and potential threats, serving as a starting point for user-level threat evaluations. It provides visibility into users accessing Sanctioned and Shadow services, highlighting associated risks: User Risk, Data Risk, Sanctioned Risk, and Shadow Risk. User Risk represents a unified score that combines Data, Sanctioned, and Shadow risks, including Web DLP incidents. For details, see the Users page.

These enhancements give administrators a complete view of user behavior and exposure by correlating risk data across Sanctioned SaaS, Shadow SaaS, and Web activities.

▶ Explore Navigation Details and User Interface

Navigation Path: To access the Users page, go to  Analytics > Users.

Enhanced User Experience for Shadow Users 

The following updates to the Shadow Users page and Shadow User Cloud Card improve visibility into user activity and risk analysis:

• To align with the focus on Shadow service activities, the Users page is renamed to Shadow Users.
• The Risk column displays the Unified Risk Score for each user, calculated using data from Sanctioned SaaS, Shadow SaaS, and Web DLP incidents.

▶ Explore Navigation Details and User Interface

Navigation Path: To access the Shadow Users page, go to  Analytics > Shadow Users.

3. The Shadow User Cloud Card is enhanced to provide deeper visibility into user activity and risk posture across Sanctioned and Shadow services. These UI enhancements enable administrators to quickly assess user risk, investigate anomalies, and correlate activities across cloud applications and web traffic. The updated card now includes:

1. Mini cards for quick insights into key metrics, such as Services, Total Upload Data, High Risk Services, Unique Devices, Unmatched Uploads, and Activities.
2. User UID to filter unique users.
3. Hyperlinks to related pages, including the Users page, User Details page (for sanctioned risk score), and Web Users page, to view detailed risk and activity information for a specific user. 

For details, see About Shadow Users. 

▶ Explore User Interface

Track LLM Risks and AI Service Incidents Using Saved Views and Dashboard Cards 

Skyhigh now allows you to track LLM Risks and AI Service incidents using Skyhigh Recommended Saved Views and Default AI Dashboard Cards. You can find the recommended saved views for LLM risk attributes on the Users and Services page and Microsoft 365 Copilot and ChatGPT incident-related saved views on Policy Incidents page. These saved views are automatically displayed as dashboard cards on the Default AI Dashboard.

Configure Roles to View Cloud Usage Analytics on the Cloud Registry and Services Pages 

Users with only the Cloud Registry role cannot access usage analytics information. To access usage information of a service (such as usage reports, analytics, and activity metrics) on the Cloud Registry and Services pages, users must have the Usage Analytics role in addition to the Cloud Registry role. For details, see Create a New User.