Deep Security 20 release strategy and life cycle policy

Deep Security 20 is a long-term support (LTS) release. Its release management and life cycle changes are designed to be easier for our customers and partners:

  • Deep Security 20 updates include both new features and fixes to deliver new features faster.
  • Feature Releases (FR) are no longer released to reduce the number of software upgrades and simplify the support policy.

The manager supports older agent versions, but you should still upgrade agents when possible. New agent releases provide more security features and protection, higher quality, performance improvements, and updates to stay in sync with OS releases. Regular software upgrades also ensure that, if an agent fix is required, you can simply update once — not install multiple updates along a supported upgrade path. Each agent has an end-of-life date. For details, see Deep Security Agent LTS life cycle date and Deep Security Agent FR life cycle dates.

Supported upgrade paths

Deep Security supports upgrades from the last 2 major releases for all Deep Security components, as long as the release that you're upgrading from is still within its support period. See the support periods for LTS releases or for FR releases to make sure the version you're upgrading from is supported.

You can upgrade to Deep Security 20 from these versions until they reach their end-of-support dates:

  • Deep Security 11 (LTS)
  • Deep Security 12 (LTS)
  • Deep Security 12 (FR)

You can also update any currently supported Deep Security 20 release to a more recent update release of it. Rolling back to a previous release is not supported.

Deep Security 20 update schedule

Like previous LTS releases, Deep Security 20 updates will be released monthly. If needed (such as due to critical fixes or vulnerabilities), more frequent releases will be provided.

Each component can be released independently. Agents for different platforms (Windows, Linux, Unix) can also be released separately. An update may include one or more components and platforms. In general, the global release process is completed within one week after the release date, at which time the update becomes available in the Download Center.

If you require a fix for a currently supported software release, then Trend Micro will release an update that can be directly applied during the support period. For example, if you had Deep Security 20 Update 2 and have an issue, then when the latest update is released (for example Deep Security 20 Update 10), you could update directly from Update 2 to Update 10 so that you can quickly resolve the issue.

LTS release support duration and upgrade best practices

A key best practice for software updates is to have a well-defined, regularly scheduled, and, ideally, automated process to update all components regularly.

The following table summarizes when updates are released, the support duration of that component, and considerations when designing your upgrade strategy.

Because there are multiple years of Deep Security 20 LTS updates, the support periods for Deep Security 20 are based on the year the update was released. For example, all Deep Security 20 LTS updates released in 2020 have standard support until December 31, 2023 and extended support until December 31, 2024. All Deep Security 20 LTS updates released in 2021 have standard support until December 31, 2024 and extended support until December 31, 2025.

Component When are updates released? Support Upgrade considerations
Deep Security Manager LTS updates are released monthly Standard support until 3 years after the year of release.
Extended support until 4 years after the year of release.
Plan to upgrade regularly so that you are always using a supported release, and can upgrade to the latest software with a single upgrade.
Deep Security Agent LTS updates are released monthly Standard support until 3 years after the year of release.
Extended support until 4 years after the year of release.
LTS agents support upgrades from the last 2 major releases (for example, Deep Security Agent 11.0 to Deep Security Agent 20 LTS) that are still within their support period. Plan to upgrade regularly so that you are always using a supported release and are able to upgrade to the latest software with a single upgrade.
Deep Security Agent (platforms where an older release of the agent is the 'latest' agent for that platform) LTS updates are released monthly Platform-specific If platform support is only provided by an older release of Deep Security Agent (for example, Windows 2000 uses a 9.6 agent and Red Hat Enterprise Linux 5 uses a 10.0 agent), use the latest agent for that platform and upgrade as updates are released. For details on which agent versions are supported for each platform, see Agent platform compatibility.
Deep Security Relay LTS updates are released monthly Same as agent Deep Security Relay is simply a Deep Security Agent that has relay functionality enabled. The upgrade recommendations and support policies for agents also apply to relays.

AWS Marketplace software releases

The in-product banner upgrades for AWS Marketplace (also known as '1-click upgrades'), as well as the AWS Marketplace AMI and CloudFormation Templates will be updated with the Deep Security 20 GA software release and every Deep Security 20 Update.

The list of AMIs that you see in the AWS Management Console is controlled by AWS. The current behavior at time of writing (July 2020) is that AWS displays any AMIs that have been released since your marketplace subscription to Deep Security was initiated.

Support services

These items are supported during the life cycle of Deep Security 20. Extended support is provided to all customers at no additional cost.

Support item LTS - standard support LTS - extended support LTS - limited support Delivery mechanism
New features1 LTS update
Small enhancements (no change to core functionality)1 LTS update
Linux kernel updates On request Linux Kernel Support Package (LKP)
General bug fixes1 LTS update
Critical bug fixes (system crash or hang, or loss of major functionality) LTS update or hotfix
Critical and high vulnerability fixes LTS update or hotfix
Medium and low vulnerability fixes LTS update
Anti-Malware pattern updates iAU (Active Update)
Intrusion Prevention, Integrity Monitoring, and Log Inspection rule updates iAU (Active Update)
Support for agents and Deep Security Manager on new versions of supported operating systems LTS update

Footnotes:

1

Agent platforms that are not supported are not included. See Agent platform compatibility.

Agent platform support policy

We recognize that sometimes you must commit to an OS for many years. The agent platform support policy is designed to provide predictable support for the platform's lifespan.

  • Many platforms are supported. See Agent platform compatibility.

  • Platforms will be supported until at least the OS vendor's end-of-extended-support date. Trend Micro might extend support beyond this date. However once an OS vendor no longer supports its platform, there is a risk that some technical issues might not be fixable without the support of the OS vendor. If this happens, Trend Micro will notify you immediately, but it could result in loss of functionality.

  • Trend Micro will notify you in advance if we will end support for a platform.

  • After General Availability (GA) of software, we will not shorten its support life cycle, except possibly if the OS vendor stops supporting the platform.

  • Consider how long the agent version will be supported. For example, agent 11.0, 12.0, and so on (LTS releases) have 3 years of standard support and 4 years of extended support. If you will use an OS for longer than that, then you must plan to regularly upgrade the agent so that you are always using an agent version that is currently supported.

  • A new version of the agent is usually released for all supported platforms. However, to support older platforms, sometimes a deployment must include a previous release of the agent, and therefore its end-of-support dates are adjusted accordingly.

    For example, the newest agent for Windows 2000 is Deep Security Agent 9.6, so Deep Security Manager 11.0 supports it, even though the rest of the deployment uses Deep Security Agent 11.0. Therefore in this context, the older agent uses the EOL dates for Deep Security 11.0, not Deep Security 9.6.

To get the latest performance and security updates from your OS vendor, Trend Micro strongly encourages you to upgrade to the latest OS version for which an agent is available.