Major New Features
AMI Infrastructure Onboarding for AWS
In addition to API Key-Based Authentication, Netskope One DSPM now supports Role-Based Authentication for onboarding AWS infrastructure accounts as an alternative method for customers who don’t wish to manage API keys. All that’s needed is to create an IAM role and provide it permission to discover the resources in your AWS account. Netskope One DSPM will use the IAM role to authenticate.
At this time, the feature is available for AMI self-hosted deployments only, and it will be coming soon for SaaS tenants.
To learn more, please visit our Setup Needed to Onboard AWS Accounts article.
S3 Auto-Discovery and Classification
Netskope One DSPM’s Auto-Discovery for AWS Accounts can now Auto-Discover S3 Data Stores in your environments. This extends the power of Netskope One DSPM to semi-structured data, allowing you to continuously monitor & apply business rules against the sensitive data stored in those S3 buckets.
You have two options for connecting your S3 Data Stores to Netskope One DSPM:
- Netskope One DSPM’s Athena/Glue crawler service, which provides both Configuration Analysis and granular bucket location detail
- Your own Athena/Glue crawler service, which does not provide Configuration Analysis or bucket location detail, but allows you to reuse any existing crawlers
If upgrading from previous versions, your Netskope One DSPM user will require additional IAM permissions for Auto-Discovery and Connecting to S3.
To learn more, please visit our Required Configurations for Scanning AWS S3 Data Stores article.
Data Store Regions
For IaaS Cloud Environments (AWS, GCP and Azure), we have enhanced our Auto-Discovery to also discover the Regions where the Data Stores are housed. This additional detail can help you understand a Data Store’s origins & purpose.
In a future release, this region data can be leveraged to create region-specific policies or help identify who should be permitted access to a particular Data Store.
Data Store Connection Experience Improvements
When connecting any Data Store, credential & permission validations are now displayed as individual steps, displayed in a new “Review” tab within the Connect Data Store modal. Each step either indicates success, or instead displays improved messages which guide the user towards remediating problems & successfully completing the Data Store connection.
User Identity and Privilege Analysis Updates
Within the Privilege Analysis screens, the display of Employee after drilling down on the Users count will now include the Name & Department as synced from an external directory.
Since Netskope One DSPM now supports syncing external directories, the ability to import Employees via CSV is no longer supported.
To learn more, please visit our Integrating with Okta Universal Directory article.
Built-in and Custom Classifier Updates
We have expanded our built-in Sensitive Data Types and improved their organization, as we continue to provide new coverage for common regulations such as HIPAA:
- New healthcare classifiers are now available under a brand-new “Healthcare Information” Category
- New classifiers have been added to the “Direct Identifiers” and “Indirect Identifiers” Categories
- Existing financial classifiers have been reorganized under a new “Financial Information” Category
We can now detect masked data for the following classifiers:
- Drivers License Number (Masked)
- Birth Date (Masked)
- Email (Masked)
Custom Sensitive Data Types can now match on Field Name and/or Field Content, with matches determined by regular expressions or lookup against a dictionary of keywords.
To learn more, please visit our Using Regular Expressions in Custom Sensitive Data Types article.
Improvements
Better Messaging When Deleting Linked Records
We have also improved on-screen messaging when editing or deleting Sensitive Data Types and Data Tags. Such messages now clearly communicate the impact of your changes against linked records such as Classification Fields and Policy Conditions. Users can preview the impacts ahead of committing changes, so you can perform your duties with confidence.
Dashboard & Reporting Updates
The Dashboard and Executive Reports now include two new Task-related widgets which show Total Open Tasks and Latest Open Tasks. These widgets provide visibility to new Tasks that might have been triggered recently.