Deep Security release strategy and life cycle policy

Deep Security has two release types:

  • Long-term support (LTS) releases: LTS releases of Deep Security are made available on an annual basis and include new functionality, enhancements for existing functionality, and bug fixes. LTS releases include long-term support, as described in LTS release support duration and upgrade recommendations, below. Once an LTS release is made generally available, updates to LTS releases are restricted to only fixes and small enhancements. Examples of LTS releases: Deep Security 10.0, Deep Security 11.0, Deep Security 12.0.
  • Feature releases (FR): Feature releases provide early access to new functionality and are released continuously throughout the year. This means that with feature releases, you can immediately benefit from new functionality without having to wait for the next LTS release of Deep Security. Feature release functionality is cumulative and is ultimately rolled into the next LTS release. FRs are released much more frequently than LTS releases and have a shorter support period, as described in Feature release support duration and upgrade recommendations, below.

LTS releases are suitable for customers who desire greater control over the introduction of new features into their environment and who benefit from a longer support period.

Feature releases are suitable for customers who want access to features as they become available and have the ability to upgrade Deep Security on a regular basis to accommodate the shorter support period that comes with feature releases.

No matter which release type you choose, we encourage you to upgrade agents regularly. New agent releases provide additional security features and protection, higher quality, performance improvements, and updates to stay in sync with releases from each platform vendor.

LTS release support duration and upgrade recommendations

Component Best practice for upgrades Support
Deep Security Manager Upgrade at least yearly. LTS managers support upgrades from the last two major releases (for example Deep Security Manager 10.0 to Deep Security Manager 12 LTS). Standard support until 3 years after GA (General Availability).
Extended support until 4 years after GA.
Deep Security Agent Upgrade at least every 2 years. LTS agents support upgrades from the last two major releases (for example Deep Security Agent 10.0 to Deep Security Agent 12 LTS). Plan to upgrade regularly to ensure that you remain on a supported release and are able to upgrade to the latest software with a single upgrade. Standard support until 3 years after GA.
Extended support until 4 years after GA.
Deep Security Agent (platforms where an older release of the agent is the 'latest' agent for that platform) If platform support is only provided by an older release of Deep Security Agent (for example, Windows 2000 uses a 9.6 agent and Red Hat Enterprise Linux 5 uses a 10.0 agent), use the latest agent for that platform and upgrade as updates are released. For details on which agent versions are supported for each platform, see Deep Security Agent platforms. Platform-specific
Deep Security Relay Deep Security Relay is simply a Deep Security Agent that has relay functionality enabled. The upgrade recommendations and support policies for agents also apply to relays. Same as agent
Deep Security Virtual Appliance See "Appliance support duration and upgrade recommendations" in Upgrade the appliance.  

See Deep Security LTS life cycle dates for specific dates.

Feature release support duration and upgrade recommendations

All updates will be provided via regularly scheduled feature releases. You can obtain feature releases from the feature releases tab on the Deep Security Software page.

Component Best practice for upgrades Support
Deep Security Manager Upgrade at least yearly. 18 months*
Deep Security Agent Upgrade at least yearly. Upgrades are supported for 18 months after a feature release. Plan to upgrade regularly to ensure that you remain on a supported release and are able to upgrade to the latest software with a single upgrade. 18 months*
Deep Security Relay Deep Security Relay is simply a Deep Security Agent that has relay functionality enabled. The upgrade recommendations and support policies for agents also apply to relays. Same as agent
Deep Security Virtual Appliance See "Appliance support duration and upgrade recommendations" in Upgrade the appliance.  

* The Deep Security team will make all reasonable attempts to not change the minimum Deep Security Manager version required to use a new agent; however, some new agents may require a manager upgrade.

Customers raising a support case on an FR that is more than 18 months old will be required to upgrade to an FR that is within the support period before support can be provided.

For more information, see Changes to Deep Security feature releases in 2019. For specific dates, see Deep Security FR life cycle dates.

If you are using Deep Security 11.x features releases (11.1, 11.2, and 11.3), you can upgrade to either Deep Security 12 LTS or FR.

Support services

The following table indicates which support items are available during the life cycle of Deep Security LTS and FR releases.

Support item LTS - standard support LTS - extended support (2) FR(1) Delivery mechanism
New features    
  • New FR
Small enhancements (no change to core functionality)  
  • LTS update
  • New FR
Linux kernel updates On request
  • Linux Kernel Support Package (LKP)
General bug fixes  
  • LTS update
  • New FR
Critical bug fixes (system crash or hang, or loss of major functionality)
  • LTS update or hotfix
  • New FR
Critical and high vulnerability fixes
  • LTS update or hotfix
  • New FR
Medium and low vulnerability fixes  
  • LTS update
  • New FR
Anti-Malware pattern updates
  • iAU (Active Update)
Intrusion prevention system, integrity monitoring, and log inspection rules updates
  • iAU (Active Update)
Support for Agents and Deep Security Manager on new versions of supported operating systems  
  • LTS update
  • New FR

(1) starting with Deep Security 12 Feature Releases. The support statement for existing DS 10.x and DS 11.x feature releases are unchanged. Please refer to the DS 10.x and DS 11.x documentation for the support policy statement for those releases.

(2) Extended support is provided to all customers at no additional charge.

Agent platform support policy

Deep Security Agent software is released several times a year as described above. Agent platforms (operating systems) are supported according to the policy below. We recognize that in some cases you must commit to platforms for many years. This policy is designed to provide predictability when you deploy Deep Security in these environments:

  • The agent is supported on a large range of platforms, as shown in the Agent platform support table.
  • The support duration of any individual release of agent software is described in the tables above. For example, you'll receive 3 years of standard support and 4 years of extended support for LTS releases of the agent (10.0, 11.0, and so on), measured from the product's GA date. In cases where you plan to use an OS platform for an extended period of time, you must also plan to upgrade the agent software on a regular basis to stay within the support life cycle for any specific Deep Security software release. In cases where an older agent is recommended for a given platform, this agent will be considered a part of the overall solution and takes on the support dates for the release in which it is contained. See the bullet below for details.
  • Platforms continue to be supported until at least the OS vendor's end-of-extended-support date. Where interest dictates, Trend Micro extends support significantly beyond this date.
  • To ensure that you have the latest performance and security updates from your OS vendor, Trend Micro strongly encourages you to move to the latest version of the OS for which an agent is available.
  • We strive to release a new version of the Deep Security Agent for all supported platforms. However, in some cases we recommend the use of a previous release of the agent to provide coverage for older platforms. For example, with Deep Security 11.0, the latest agent for Windows 2000 is Deep Security Agent 9.6. This 9.6 agent becomes part of the overall 11.0 Deep Security solution and takes on the support dates for the release in which it is contained.
  • You’ll always receive advance warning if we end support for a platform, and we’ll never shorten the support life cycle of a software release post-General Availability (GA).*

* Once a platform is no longer supported by the OS vendor, there is a risk that a technical issue arises that cannot be fixed without the support of the OS vendor. If this situation occurs, Trend Micro will communicate the limitation to you immediately. Note that this situation may result in loss of functionality. We will do our best to deal with any technical issues if they arise.