Deep Security 10.2 has reached end of support. Use the version selector (above) to see more recent versions of the Help Center.
What's new?
Deep Security 10.2 feature release
Below are major changes in Deep Security 10.2, which is a feature release (see Feature releases for details about feature release support).
Advanced threat detection (machine learning)
Advanced threats have become the most prevalent form of attack. While there is a still a need for signature based anti-malware, there is an increased need for advanced forms of malware detection. Deep Security offers strong protection from known and unknown threats in our customers environments. Machine learning is the next step in the evolution of detecting those unknown threats. For more information, see Predictive Machine Learning and Detect emerging threats using Predictive Machine Learning
This feature is supported with Deep Security Agent 10.2 or Deep Security Virtual Appliance 10.2 (or later).
Application control - global block by hash
Application control has been enhanced with a new "block by hash" feature that enables administrators to submit known bad hash values to Deep Security for application control block list enforcement. The control will now recognize a new “global rule set” that includes a list of hash values to be blocked. This rule set takes precedence over any other rules from existing shared or local rule sets, and will be enforced by every Deep Security Agent enabled with application control. This feature provides a simple way for users to block unwanted or bad software from running at a global system-wide level. The design allows the workflow to be fully automated, with APIs for creating the global rule set, adding and deleting hash values. For more information, see Allow or block software.
This feature is supported with Deep Security Agent 10.2 or later.
Application control - trusted updater
Application control creates a software change event log whenever new executable files are detected on protected systems. Sometimes these changes are generated as part of the normal operation of trusted software. For example, when Windows self-initiates a component update, hundreds of new executable files may be installed. Application control will now auto-authorize many file changes that are created by well-known Windows processes and not create corresponding change log events for them. Removing the “noise” associated with expected software changes provides you with clearer visibility into changes that may need your attention.
This feature is supported with Deep Security Agent 10.2 or later.
Application control - security event aggregation
Application control now includes event aggregation logic that will reduce the volume of logs when the same event occurs repeatedly. This removal of redundant entries makes it easier to see important application events.
This feature is supported with Deep Security Agent 10.2 or later.
Fail open option
The Deep Security network driver for intrusion prevention and firewall controls was designed for “fail closed” behavior, which puts the Deep Security Agent into a block state when maximum threshold limits are exceeded. This design objective ensures that protected computers are not exposed if the security service is subjected to a denial of service attack. In Deep Security 10.2, you can choose to change this behavior and allow traffic in certain failure scenarios. For more information, see "Failure response" in Network engine settings.
This feature is supported with Deep Security Agent 10.2 or later.
Tipping Point Equivalent Rule ID Mapping
Many customers are benefiting from both Tipping Point network security and Deep Security host security. To make it easier for you to know which Deep Security intrusion prevention rule maps to an equivalent Tipping Point rule, the Intrusion Prevention Rules table can now display a “Tipping Point ID” column that will show the equivalent Tipping Point rule if it exists. For more information, see Configure intrusion prevention rules.
This feature is supported with Deep Security Agent 9.6 or Deep Security Virtual Appliance 9.6 (or later).
New support for Microsoft Windows Server 2016
Deep Security Manager is now supported on Windows Server 2016. (Deep Security Agent was already supported on Microsoft Windows Server 2016.)
This feature is supported with Deep Security Agent 9.6 or Deep Security Virtual Appliance 9.6 (or later).
New support for Microsoft SQL 2016
Deep Security now supports the use of Microsoft SQL 2016 for its database. It also supports Microsoft SQL Server 2016 Express in certain limited deployments. For details, see Microsoft SQL Server Express considerations.
This feature is supported with Deep Security Agent 9.6 or Deep Security Virtual Appliance 9.6 (or later).
Support for Amazon RDS PostgreSQL Multi-AZ deployments
Customers who use Deep Security AMI from AWS Marketplace or implement software installations to AWS may use RDS PostgreSQL as the Deep Security Manager database. Amazon RDS provides high availability and failover support for database instances using Multi-AZ deployments. For more information, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html
This feature is supported with Deep Security Agent 9.6 or Deep Security Virtual Appliance 9.6 (or later).
PostgreSQL multi-tenant support
The initial introduction of PostgreSQL support in Deep Security 10.1 was limited to single-tenant deployments. Deep Security 10.2 now supports multi-tenant deployments with PostgreSQL. For more information, see
This feature is supported with Deep Security Agent 9.6 or Deep Security Virtual Appliance 9.6 (or later).