New Features Introduced in January 2025
Table of Contents
Expand all | Collapse all
-
- New Features Introduced in December 2024
- New Features Introduced in November 2024
- New Features Introduced in October 2024
- New Features Introduced in August 2024
- New Features Introduced in July 2024
- New Features Introduced in June 2024
- New Features Introduced in May 2024
- New Features Introduced in April 2024
- New Features Introduced in March 2024
- New Features Introduced in January 2024
-
- New Features Introduced in November 2023
- New Features Introduced in October 2023
- New Features Introduced in September 2023
- New Features Introduced in August 2023
- New Features Introduced in July 2023
- New Features Introduced in June 2023
- New Features Introduced in May 2023
- New Features Introduced in April 2023
- New Features Introduced in March 2023
- New Features Introduced in January 2023
-
- New Features Introduced in December 2021
- New Features Introduced in October 2021
- New Features Introduced in September 2021
- New Features Introduced in August 2021
- New Features Introduced in July 2021
- New Features Introduced in June 2021
- New Features Introduced in May 2021
- New Features Introduced in March 2021
- New Features Introduced in January 2021
New Features Introduced in January 2025
Learn about the new features that became available in SaaS Security in
January 2025.
The following topics provide a snapshot of new features introduced for SaaS Security in January 2025. Refer to the Administrator’s Guide for more information on
how to use Data Security, SaaS Security Inline, SaaS Security Posture Management, and
Behavior Threats.
Create Access Control Policies for Third-Party Plugins
Although third-party plugins enable users to extend the capabilities of a marketplace
app, they can be a security risk to your organization. To detect when users install
third-party plugins that you do not want in your environment, you can now create Plugin Access Control policies. In
Plugin Access Control policies, you specify the plugins that you do not want in your
environment. SSPM will then scan the marketplace apps at regular intervals to
determine if users installed the plugins. Depending on the marketplace app, SSPM
might be able to automatically revoke plugin access. If not, SSPM can notify you in
the following ways.
- SSPM can create a task in an issue tracking system.
- SSPM can send an email notification to the user who created the policy.
- SSPM can, by using an incoming webhook, send notifications to a channel in Slack or Microsoft Teams.
After SSPM notifies you that it detected a plugin that you specified in the policy,
you can take action to remove the plugin from your environment.
Legacy UEBA Migration to Behavior Threats
The Legacy UEBA Integration with Behavior Threats feature enhances your User and
Entity Behavior Analytics (UEBA) capabilities by combining machine learning-based
behavior threats with optimized rule-based policy rules. This integration addresses
limitations in traditional rule-based systems, providing a more adaptive and
accurate security solution. You can improve threat detection, reduce false
positives, and identify complex behavioral anomalies and unknown threats. The system
adapts to new threat patterns automatically, reducing the need for manual updates.
You gain a consolidated view of all security incidents, streamlining threat
management. This feature is valuable when you need to strengthen your security
posture against sophisticated cyberthreats, enhance operational efficiency, and
customize threat detection policy rules. By implementing this solution, you can
ensure your security infrastructure evolves with the changing threat landscape while
offering scalability and flexibility. The feature is useful for detecting insider
threats, account compromises, and emerging attack vectors. It allows your security
teams to focus on strategic tasks rather than constant rule updates. With this
integration, you can improve your overall security effectiveness, adapt to new
threats more quickly, and gain deeper insights into user and entity behaviors across
your organization.
Behavior Threats Incident Insights
Behavior Threats Incident Details enhances your ability to investigate and respond to
security threats effectively. This feature provides detailed information about
detected anomalies and security incidents, including application names, granular
activities, precise timestamps, and asset data. You can view a chronological
sequence of user activities, understand risk score calculations, and access visual
representations of activity patterns. By using Behavior Threats Incident Details,
you can conduct thorough investigations, reduce response times, and minimize the
risk of undetected security breaches. The feature allows you to filter incidents
efficiently, export detailed reports for compliance purposes, and integrate incident
information with other systems through an API. You will find this feature useful
when analyzing user behavior, identifying potential insider threats, and maintaining
a strong security posture across your organization. Behavior Threats Incident
Details lets your security administrators make informed decisions quickly, implement
targeted remediation strategies, and optimize administrative resources in managing
security incidents. You can also view a detailed breakdown of user risk scores,
helping you understand the factors contributing to a user's risk level. The feature
includes advanced filtering options for efficient incident management and provides
visual tree views of risk score contributions. By using Behavior Threats Incident
Details, you can significantly improve your security team's efficiency in detecting,
analyzing, and responding to potential threats, ultimately strengthening your
organization's overall security posture.
LLM Powered User Risk Summary in Behavior Threats
Behavior Threats supports LLM powered user risk summary of the top 0.1% of risky
users. This summary provides detailed insights into unusual activities, data access
patterns, and potential security concerns even when incidents are not generated,
enabling security administrators like you to understand and assess user risk more
effectively. LLM-powered user risk summary is an innovative approach for evaluating
high-risk users by analyzing their activity patterns and machine learning model
results. This summary offers an overview of user risk factors, surpassing the
limitations of current incident descriptions that often focus on single aspects.
It's valuable for explaining high risk scores for users without recorded incidents.
This approach has shown promising results in production, offering additional
insights compared to traditional incident descriptions.