Below are recent changes to Deep Security as a Service.
- Inactive agent cleanup: The new inactive agent cleanup feature can automatically remove computers that have been inactive for a specified period of time. This can be useful if your Deep Security deployment has a large number of offline computers that are not in a cloud account. For details, see Automate offline computer removal with inactive agent cleanup.
- New RESTful API: Deep Security now provides a new RESTful API that enables you to automate the provisioning and maintenance of security via Deep Security. Go to the Deep Security Automation Center to download the SDKs in the language of your choice and learn how to use the API.
The focus of the new API, which is continuously updated with new features and improvements, is on improving the functionality that exists in the SOAP API. When you start new automation projects, you should use the new API to benefit from continued support and maintenance in the long term.
The REST and SOAP APIs that were provided previously have not changed. They are still provided and function as usual. Support also has not changed for the older APIs. For details, see Use the Deep Security API to automate tasks.
- Agent for Windows 10 RS4: Deep Security Agent 11.1 supports Windows 10 RS4. For details, see Supported features by platform.
- Agent for Debian 9: Deep Security Agent 11.1 supports Debian 9. For details, see Supported features by platform.
- Application control hash-based rules: With Deep Security Agent 11.0, application control rules are based on a software file's SHA-256 hash value, and not by file name and/or path. This enhancement greatly improves the coverage of each rule and reduces the operational overhead of creating and managing multiple rules for files with the same hash value. For example, if a file with a particular hash executes repeatedly on a machine but with a different file name each time, a single hash-based allow or block rule controls its execution. Previously, rules also evaluated the file name and file path, so a new rule would be needed each time the software was executed. For details, see What does application control detect as a software change? Or, if you are using the Deep Security API to create shared rulesets, see Use the API to create shared and global rulesets .
- Application control simplification: The application control user interface has been simplified by removing the redundant decision log view. For information on how to reverse an application control decision, see View and change application control rulesets.
- Application control - software changes filter exclusions: The Actions page shows all software change events and the list can get very long, especially on servers running many applications. Previous releases allowed you to filter the list using the "contains" operator, which is useful when looking for a particular event. This release adds a new "does not contain" filtering option that enables you to filter out all software changes occurring in a particular directory or created by a particular process. You can use this option to focus on remaining software change events so you can look for anomalies or areas of interest. See Set up application control.
- Integrity monitoring - improvements to real-time scans: Real-time file integrity monitoring is now provided using the application control engine and allows real-time detection of file changes on Linux agents. Previously, Linux integrity scans were scheduled only. The updated file monitoring engine also captures information about who made changes to a monitored file. This feature is supported with Deep Security Agent 11.0 or later. For details about which platforms support this feature, see Supported features by platform.
- Support for mature agent platforms: A core value of Deep Security is the breadth of platform support and deployment flexibility we provide our customers. As a result of customer feedback, we have re-introduced support for some older platforms. For a complete list of Deep Security Agent platforms and versions supported with Deep Security, see Deep Security Manager - Agent compatibility by platform.
We do encourage customers to upgrade agents regularly. New agent releases provide additional security features and protection, higher quality, performance improvements, and updates to stay in sync with releases from each platform vendor. Due to the technical challenges of supporting mature OS platforms beyond the OS vendor extended end of support date, it may not be possible to support all features on mature platforms. Please see Supported features by platform for details on which features are supported on each platform.
- New support for Amazon Linux 2: There is a new Deep Security 11.0 Agent for Amazon Linux 2.