What's new in Deep Security 10.0?

Deep Security 10.0 is updated regularly, for more information see What's new in Deep Security Agent? and What's new in Deep Security Manager?

New agent for Amazon Linux 2

Deep Security 10.0 Update 8 adds agent support for Amazon Linux 2. In order to use this platform, you also need Deep Security Manager 10.0 Update 8 or greater.

Increase security by using application control

Get visibility into applications running on your systems and detect or block unauthorized software. You have the ability to decide if new applications can be added and safely run on a given workload. Deep Security introduces a simplified application control administration with day-to-day activities minimized through one to many policies, simplified drift timeline and application execution view, and automation through APIs.

Docker deployment protection (containers)

Deep Security 10 expands beyond server workloads to protect Docker containers, leveraging proven techniques like anti-malware, IPS and application control to protect dynamic container deployments. Learn more about how we can protect your Docker hosts and containers.

Document exploit protection using connected threat defense

In the modern data center, more and more security breaches are a result of targeted attacks using techniques such as phishing and spear-phishing and are distributed through documents that are infected with malware. Deep Security 10 adds the ability to detect suspicious files entering the data center and automatically submit them to the Deep Discovery Analyzer sandbox for analysis. The results of the analysis are sent to the Trend Micro Control Manager where an action can be specified for the file and the list of suspicious objects is updated. Deep Security uses this list to remediate and clean infections within your environment. Learn more about protecting documents using connected threat defense.

Enhanced anti-malware and ransomware scanning with behavior monitoring

Threat actors are becoming more sophisticated and often use techniques to bypass traditional virus pattern matching. These advanced threats are difficult to detect and require new technology to do so. Deep Security 10 provides enhanced anti-malware and ransomeware scanning that you can apply to Windows® computers protected by a Deep Security Agent. These settings enable you to go beyond malware pattern matching and identify suspicious files that could potentially contain emerging malware that hasn’t yet been added to the anti-malware patterns (known as a zero-day attack).

The new enhanced scanning feature is enabled by default, and may have a performance impact on agent computers running applications with heavy loads. We recommend reviewing the Performance tips for anti-malware before upgrading to Deep Security Agent 10.0 or later.

Secure event forwarding to a syslog or SIEM server using Transport Layer Security (TLS)

Deep Security 10 provides the option to securely forward system and security events to an external Syslog or SIEM server from the Deep Security Manager over TLS, meeting the needs of customers who are governed by compliance standards such as HIPAA and solving both confidentiality and reliability issues. To find out how, see Forward Deep Security events to an external syslog or SIEM server.

Usability Enhancements

New user interface

Enhanced visibility across your hybrid cloud environment is provided through an updated, more intuitive user interface (UI). The cleaner and more intuitive UI helps you identify problem areas and begin to remediate them more quickly. The new interface introduces new sophisticated management features to help address the realities of distributed architectures.

Smart folders

To help organize your personal view of your protected assets, you can create saved searches that allow you to dynamically organize your workloads. You can create logical filters based on properties such as hostname, AWS tags, Azure Resource Groups, vCenter or Active Directory. Smart folders always react to dynamic changes in your cloud environment. Learn more about using smart folders.

Easier to get help

Directly from within the Deep Security Manager you can now search all of the information in our new Help Center (you are on it right now!). All of the content previously contained in the Administrator's Guide and the Installation Guide is also located there and it is all searchable from Google™ search.

Deep Security Scanner (SAP for Windows)

While anti-malware is now required by most enterprises, there is an additional requirement to safeguard mission-critical environments such as SAP. In SAP deployments, there are many opportunities for customers to upload external files, potentially exposing the SAP NetWeaver®  environment to malware that could corrupt an entire database. Deep Security 10 provides a security solution that is specifically designed for SAP NetWeaver environments to help protect this mission-critical data and ensure their business is not impacted. Learn more about protecting SAP NetWeaver environments.

Affinity settings: Advanced combined mode

Combined Mode implies a distribution of protection between a Deep Security Virtual Appliance and a Deep Security Agent (DSA). Beginning in Deep Security 10, you are able to specify an "affinity" for each of the protection modules, to specify whether the protection should be provided by the agent or the appliance, when both are available. This replaces the Coordinated Mode available in previous releases. For more information, see the Configure protection source settings for protection modules section of Choose agentless vs. combined mode protection.

Better upgrade experience

Significant engineering effort was invested into making upgrades to Deep Security 10.0 smoother than before to help you move on to Deep Security 10.0. We have completely revamped the user upgrade experience by including functionality that checks your currently installed Deep Security components and makes personalized recommendations for your upgrade path. The overall upgrade process is more robust and dependable too.

Access events with Amazon Simple Notification Service (Amazon SNS)

If you have an AWS account, you can take advantage of Amazon SNS to publish notifications about Deep Security events and deliver them to subscribers. Learn how to set this up.

Updated cloud connectors

Updated support for Oracle® Solaris 10 and 11 servers

The Deep Security Solaris Agent has been updated for Deep Security 10.0 and anti-malware scanning capabilities are now available for Solaris 10 and 11 servers.


Deep Security for SAP® has been renamed to Deep Security Scanner but no changes to pricing for this functionality have been made and previous SAP licenses will work to enable Deep Security Scanner functionality.

System requirements

All system requirements for Deep Security 10.0 are documented in System requirements.