What's New

Rules can now be created based on steps captured within SWS recorded sessions or any previously audited event. This makes it easier to manage and create Session Control rules for all customers, particularly where the rule-creator might not have access to the particular application themselves. For details, see Create a rule from the session timeline.

SWS visibility and coverage has been significantly enhanced within applications. This update improves recording, audit, and control capabilities at a more granular level than before allowing for more contextual step-recordings and additional page elements for session control.
For details, see What is Step Recording? and What is Session Control?

General performance and security improvements were added.

The API Token Helper is a new tool that aims to simplify the process of generating access tokens for the SWS APIs. The API Token Helper is available in the CyberArk Marketplace.

For details, see Automatically create a token using the API Token Helper.

Administrators can now block buttons and links within any web application using Session Control rules. This enhances the benefits and coverage Secure Web Sessions is able to provide by enabling you to create restrictions per user/group/role, beyond those built into the web application. For details, see Create Session Control rules .

Administrators now have an easier time using the rule creation form for Session Control. The new form improves the ability to create rules based on any triggered action in protected web sessions.

Administrators can now easily delete unnecessary sessions from the session recording page. Each deletion and creation of new sessions is audited in the activities area to maintain a record of actions taken.

You can now add security policies to your pre-defined SAML claims.

For details, see Create security policies for SAML claims.

Administrators can now define session control rules with an action that automatically flags the triggered event as 'suspicious' when viewed in session recordings. For details, see Create rules.

Administrators can now define a maximum threshold for email notifications to prevent accidental overload of emails. This is measured per rule and per session, ensuring that important notifications arrive, but also that multiple copies of the same notification get aggregated. For details, see Configure Session Control rule notification limit.

Session Control allows you to define specific actions within your applications and implement restrictions or notifications based on simple if/then rules. For example - restrict entries users can add to specific fields, or trigger email notification every time a specific button is used. Any text field, number field, button, or link, from any any application protected by SWS can be used as the trigger for a rule.

For details, see What is Session Control?

CyberArk has received Secure Web Sessions’s official SOC 2 Type II certification. This means that an independent auditing firm has reviewed and examined our control objectives, activities, and tested those controls to ensure that they are operating effectively. In achieving this certification, customers can be assured that data is kept secure through the implementation of standardized controls as defined in the AICPA Trust Service Principles framework.

Administrators can now full manage their SWS security policies via API's. Today's release includes updatePolicybyID, updatePolicyMemberSecurityLayers, updatePolicyDefaultSecurityLayers, and updatePolicyApplicationConfiguraiton. For details, see API commands.

End user facing pages in SWSverifying security layer, continuous authentication, OS notification, and browser extension screens have been translated into Spanish (Latin America), and Portuguese (Brazil) languages. The language code is determined by user's browser locale.

General performance and security improvements were added.

Administrators can now apply or exclude SWS security layers by specific URL's within protected applications (wildcard characters are supported).

For details, see Define security layer configurations per application policy.

Administrators can now apply and enforce SWS protections on sensitive applications in Microsoft Edge (chromium) browser. Combined with existing support for Google Chrome browser, Secure Web Sessions is now expanding coverage to additional desktop browsers with this release.

Microsoft Edge (chromium) browser is supported with SWS browser extension version 2.0.10501.

Users can now see the security layers protecting the current session via a quick click on the SWS browser extension. For details, see View active security layers for an application session.

Alert messages have been improved to add additional detail and helpful actions. Administrators configuring 3rd-party SSO applications with SWS now have an easier time fixing configuration issues. Additionally, users missing the SWS extension while attempting to access a protected application now have an improved warning message indicating that the SWS extension is required.

Three new API's are now available for use. Get a list of all sessions within a certain time frame (GetSessions), get information on a specific session, such as active security layers or username (GetSessionsByID), and get the specific steps taken within a particular session (GetSessionsById/steps). These have been added in addition to the already released GetRecordings API's in order to align with industry standards. The previous API's will continue to be supported for backwards compatibility, but new improvements will only be made to the GetSessions API's. For details, see API commands.

SWS now provides visibility and auditing for user downloads and clipboard actions taken in any we session secured with Step recording. In addition, SWS session details now include events for any user actions that were blocked by Session protection.

For details on the auditor workflow, see Monitor sessions.

Manifest V3 is a name for the new upcoming browser extension API, essentially a large set of changes that will determine the next generation of the Chrome browser extensions. Beyond changes for new extensions - support for extensions with the current manifest V2 format will no longer run on Chrome as of January 2023. In this release, the Secure Web Sessions browser extension adds support for the new Manifest V3 API, while maintaining all existing functionality. (Previous versions of the SWS extension will continue to work at the previous level of support in order to provide backwards compatibility).

Customers can now apply Secure Web Sessions protections directly on-top of 3rd party identity providers (IdPs) SSO sessions, without requiring CyberArk Identity SSO. This streamlines setup, maintenance, licensing, and provides an easier user experience with less actions.

For details, see Configure SWS policy for third-party IdP apps

Two new API's are now available that enable SWS customers to GET a list of all recodings within a certain time frame (GET SWS Recordings), and also to GET the specific steps taken in a particular session (GET SWS recordings by ID). These API's allow customers to pull specific session details, and can enable integration with other security tools (such as SIEM).

For details, see API commands.

Administrators can now enforce an additional layer of protection for sensitive web applications by monitoring footsteps taken by the end user during their sensitive web session. The feature protects against unauthorized access if the authenticated user leaves their computer unattended while the sensitive web session is left open on the endpoint and exposed.

The current release supports Android (in addition to the already supported iOS).

For more details about this solution, see Continuous authentication with the CyberArk Mobile app

For details on how to enforce Continuous Authentication with the pedometer lock, see Configure Continuous Authentication with the CyberArk Mobile app.

Administrators can now enforce an additional layer of protection for sensitive web applications by monitoring footsteps taken by the end user during their sensitive web session. The feature protects against unauthorized access if the authenticated user leaves their computer unattended while the sensitive web session is left open on the endpoint and exposed.

The current release is available with CyberArk Mobile on iOS only.

For more details about this solution, see Continuous authentication with the CyberArk Mobile app

For details on how to enforce continuous authentication with the pedometer lock, see Configure Continuous Authentication with the CyberArk Mobile app

New users of the CyberArk Mobile app, who are assigned an application that is protected by Continuous Authentication, can now have their trusted mobile device joined to SWS during the first application access QR, requiring no separate onboarding steps or invitations.

SWS now supports EPM integration with EPM tenants that use the new policies management UI.

For details, see Configure Session Protection and EPM integration

Additional actions are now included in the Session Recording details when triggered during protected sessions. The new events are:

• Session locked by - Pedometer lock

• Session locked by - Idle Timeout

• Session resumed by - CyberArk Identity MFA

• Session resumed by - CyberArk Mobile App

CyberArk Identity Secure Web Sessions can now enter into Business Associate Agreements (BAA) with US based healthcare customers requiring adherence to the Health Insurance Portability and Accountability Act (HIPAA). This confirms that CyberArk meets or exceeds all regulations and US legal requirements regarding the use, disclosure, and safeguarding of individually identifiable health information – that may be recorded, captured or otherwise saved in the Secure Web Sessions service. For more information, see https://www.cyberark.com/trust/hipaa-compliance/

Secure Web Sessions now exposes REST API's, which enables management and visibility of SWS users, application policies, and activities. This allows for integration with external systems for reporting of policies and management console activities. Additional API's are on the way soon. For more information, see Automate with APIs.

Added recommendation to add CyberArk Identity custom application domains to step recording exclude list. For more information, see Configure step recording settings

Administrators and Auditors now have the ability to flag events or sessions that are of interest to them, and afterward filter their view based on these flags. This allows customers to refer back to interesting or reviewed suspicious events at a later date without needing to search again.

For more information, see Flag session recordings and steps.

Our team is constantly reviewing and taking feedback to improve Secure Web Sessions. This release includes the following minor improvements:

• Ability to sort recorded sessions by number of steps

• Timeframe and filters remain visible while scrolling through activities

• When viewing session details, the username now appears before the start-time in the header

Each week we aim to release new improvements and bug fixes during our set maintenance window (3:30 EST - 6:00 EST (8:30 UTC - 11:00 UTC). When new features are announced, they will be included here.

This weeks release includes bug fixes and minor improvements.

Administrators can now configure and enforce additional protections on their user's web-applications. This release provides the ability to enforce protection against unauthorized application access, allowing organizations to re-authenticate users under special circumstances when using high-risk applications. Continuous Authentication offers protections via integration with CyberArk Identity multi-factor authentication (MFA) or via CyberArk Mobile QR code.

For more information about Continuous Authentication, see What is Continuous Authentication?

For information about configuring Continuous Authentication, see Configure Continuous Authentication with MFA.

We have improved the auditor experience for viewing specific session recordings. Higher resolution screenshots, mouse and keyboard directional commands for moving between steps, and better navigation to find and go-to specific steps, all help improve the experience and effectiveness for the SWS Auditor.

Each week we aim to release new improvements and bug fixes during our set maintenance window (3:30 EST - 6:00 EST (8:30 UTC - 11:00 UTC). When new features are announced, they will be included here.

This weeks release includes bug fixes and minor improvements.

SWS administrators can view a history of activities that have been performed in the Secure Web Sessions management portal. For more information, see Monitor activities.

Browser restrictions were optimized with the addition of preventing access to the right-click context menu, as well as multiple improvements.

Each week we aim to release new improvements and bug fixes during our set maintenance window (3:30 EST - 6:00 EST (8:30 UTC - 11:00 UTC). When new features are announced, they will be included here.

This weeks release includes bug fixes and minor improvements.

Administrators can now configure and enforce additional protections on their users web-applications. This release provides the ability to enforce restrictions on clipboard / drag&drop as well as restrictions on performing downloads from protected applications. As with SWS Step Recording layer - these protections are only implemented on the protected application tabs for the user leaving clipboard / drag&drop or downloads still fully functional for users in other non-protected applications. Lastly, the user will see an OS notification whenever a user action is prevented by SWS protections letting them know that the block was intended by their Administrator. For more information, see Session protection with SWS browser extension

Integration with CyberArk EPM via SWS Session Protection is now available for client level protections. Customers can now integrate SWS and CyberArk's Endpoint Privilege Manager (EPM). With this integration we are providing a set of chrome browser protection policies which can be imported into EPM and enabled on your client devices. These protection policies also include the ability for the SWS extension and EPM agent to communicate and thereby validate EPM protection during the SWS Security Layer Validation stage of a user login to a protected web-application from CyberArk Identity SSO. For more information, see Session protection with CyberArk EPM integration.

This release of the SWS extension provides the ability to export logs via the SWS extension for better supportability and troubleshooting of both SWS extension browser level actions as well as SWS-EPM integration actions. For more information, see Deploy the browser extension.

Improvements were made to the performance of search suggestions and filter functionality in the SWS portal.

Each week we aim to release new improvements and bug fixes during our set maintenance window (3:30 EST - 6:00 EST (8:30 UTC - 11:00 UTC). When new features are announced, they will be included here.

This weeks release includes bug fixes and minor improvements.

Secure Web Sessions can record and monitor screenshots of all actions taken by specific end users within protected web applications. The solution uses a browser extension, installed on the user's endpoint, to monitor and segregate web apps that are accessed through CyberArk Identity Single Sign-On (SSO).

Secure Web Sessions captures only SWS enabled applications, and ignores other tabs opened in the users browser window. End users are notified when a session begins recording, and when it ends. Secure Web Sessions captures all end user actions using a “stepper” approach. Specific actions, like mouse-clicks and “enter” or “tab” keystrokes, trigger a screenshot of the end users’ browser along with relevant metadata.

Screenshots are captured and encrypted at the endpoint by the Secure Web Sessions extension and are then only accessible by authorized Secure Web Sessions administrators and auditors with a customer-controlled encryption key. Encrypted recordings are streamed up to CyberArk SaaS for search and retrieval access by auditor or administrator.