Below are recent changes to Deep Security as a Service.
July 20, 2017
New features available with Deep Security Agent 10.1
Deep Security 10.1 Agents were released for Deep Security as a Service on July 14. These features are available with the new agents:
- Deep Security 10.1 continues to build on the feature set introduced in Deep Security 10.0. Enhancements include container information for anti-malware events.
- Application control, which was introduced in Deep Security 10.0, is now supported on Windows and additional Linux platforms. For details, see Supported features by platform.
- Agent upgrades no longer cause a brief server network disconnect. This allows non-disruptive upgrades on production networks.
July 13, 2017
Improved Azure cloud connector
The cloud connector for Azure now supports Azure Virtual Machine Scale Sets by automatically deploying and activating agents as virtual machines are created and removed.
June 29, 2017
Improved upgrade from the Azure classic connector to ARM connector
Upgrading from the Azure classic connector to the Azure Resource Manager connector no longer requires Global Admin permissions. See Add a Microsoft Azure account to Deep Security.
The Account Details page now loads more quickly.
Addition to the REST API
The REST API now includes support for configuring alert types. See How to use the Deep Security REST API.
The "Deny" and "Log Only" options have been removed from the Anti-Evasion custom logging options for new rules. Also, the "Include Packet Data" option has been removed from the event logging options for new firewall rules. However, if you are already using those options in existing rules, they will remain unchanged.
June 15, 2017
Identity provider integration using SAML 2.0
When Deep Security is deployed and configured to work with your identity provider, there is no longer a need to manage administrative users directly in Deep Security. In addition, you can leverage features of your IdP, such as password strength and change enforcement, one-time password (OTP), and two-factor or multi-factor authentication (2FA/MFA) when signing in to Deep Security using SAML. Supported identity providers include Active Directory Federation Services (ADFS), Okta, PingOne, and Shibboleth. For more information, see How SAML single sign-on works.
Single deployment script for Windows and Linux
Deep Security Manager now provides a single curl deployment script for both Windows and Linux agents and enables you to select a proxy setting and add it to the deployment script.
Deep Security Manager now only allows agent deployment connections using TLS 1.2. For more information, see Deep Security Manager uses TLS 1.2. As a result, you will need to update your version of curl or use another method to deploy these agents:
- CentOS 5 or 6
- Cloud Linux 6
- Debian Linux 7
- Oracle Linux 5 or 6
- Red Hat Enterprise Linux 5 or 6
- SUSE Linux 11
If you are using PowerShell to deploy the following agents, you will need to use PowerShell 4.0 to support TLS 1.2:
- Windows 7
- Windows 2008 R2
These platforms are not supported with TLS 1.2:
- Windows 2003
- Windows 2008