What's new?

Deep Security 10.2 feature release

Below are major changes in Deep Security 10.2, which is a feature release (see Feature releases for details about feature release support). For a list of new features that were included in previous releases, choose a different Deep Security version from the version selector at the top of the page.

Advanced threat detection (machine learning)

Advanced threats have become the most prevalent form of attack. While there is a still a need for signature based anti-malware, there is an increased need for advanced forms of malware detection. Deep Security offers strong protection from known and unknown threats in our customers environments. Machine learning is the next step in the evolution of detecting those unknown threats. For more information, see Predictive Machine Learning and Detect emerging threats using Predictive Machine Learning

This feature is supported with Deep Security Agent 10.2 or Deep Security Virtual Appliance 10.2 (or later).

Application control - global block by hash

Application control has been enhanced with a new "block by hash" feature that enables administrators to submit known bad hash values to Deep Security for application control blacklist enforcement. The control will now recognize a new “global rule set” that includes a list of hash values to be blocked. This rule set takes precedence over any other rules from existing shared or local rule sets, and will be enforced by every Deep Security Agent enabled with application control. This feature provides a simple way for users to block unwanted or bad software from running at a global system-wide level. The design allows the workflow to be fully automated, with APIs for creating the global rule set, adding and deleting hash values. For more information, see Allow or block software.

This feature is supported with Deep Security Agent 10.2 or later.

Application control - trusted updater

Application control creates a software change event log whenever new executable files are detected on protected systems. Sometimes these changes are generated as part of the normal operation of trusted software. For example, when Windows self-initiates a component update, hundreds of new executable files may be installed. Application control will now auto-authorize many file changes that are created by well-known Windows processes and not create corresponding change log events for them. Removing the “noise” associated with expected software changes provides you with clearer visibility into changes that may need your attention.

This feature is supported with Deep Security Agent 10.2 or later.

Application control - security event aggregation

Application control now includes event aggregation logic that will reduce the volume of logs when the same event occurs repeatedly. This removal of redundant entries makes it easier to see important application events.

This feature is supported with Deep Security Agent 10.2 or later.

Fail open option

The Deep Security network driver for intrusion prevention and firewall controls was designed for “fail closed” behavior, which puts the Deep Security Agent into a block state when maximum threshold limits are exceeded. This design objective ensures that protected computers are not exposed if the security service is subjected to a denial of service attack. In Deep Security 10.2, you can choose to change this behavior and allow traffic in certain failure scenarios. For more information, see "Failure response" in Network engine settings.

This feature is supported with Deep Security Agent 10.2 or later.

Tipping Point Equivalent Rule ID Mapping

Many customers are benefiting from both Tipping Point network security and Deep Security host security. To make it easier for you to know which Deep Security intrusion prevention rule maps to an equivalent Tipping Point rule, the Intrusion Prevention Rules table can now display a “Tipping Point ID” column that will show the equivalent Tipping Point rule if it exists. For more information, see Configure intrusion prevention rules.

This feature is supported with Deep Security Agent 9.6 or Deep Security Virtual Appliance 9.6 (or later).

New support for Microsoft Windows Server 2016

Deep Security Manager is now supported on Windows Server 2016. (Deep Security Agent was already supported on Microsoft Windows Server 2016.)

This feature is supported with Deep Security Agent 9.6 or Deep Security Virtual Appliance 9.6 (or later).

New support for Microsoft SQL 2016

Deep Security now supports the use of Microsoft SQL 2016 for its database. It also supports Microsoft SQL Server 2016 Express in certain limited deployments. For details, see Microsoft SQL Server Express considerations.

This feature is supported with Deep Security Agent 9.6 or Deep Security Virtual Appliance 9.6 (or later).