Below are recent changes to Deep Security as a Service.
- Inactive agent cleanup: The new inactive agent cleanup feature can automatically remove computers that have been inactive for a specified period of time. This can be useful if your Deep Security deployment has a large number of offline computers that are not in a cloud account. For details, see Automate offline computer removal with inactive agent cleanup.
- Automatic Anti-Malware engine update: Malware is constantly evolving, so the Anti-Malware engine that Deep Security uses must be updated regularly. Previously, to update the Anti-Malware engine, you were required to upgrade the Deep Security Agent, sometimes resulting in a reboot of the computer. With this release, you can update the Anti-Malware engine separately from the Deep Security Agent. You can set this update to happen automatically, which keeps your Anti-Malware engine updated without manual intervention and without rebooting the system. For details, see Get and distribute security updates.
- Agent for Ubuntu 18.04: Deep Security Agent 11.0 Update 2 and Deep Security Agent 11.2 support Ubuntu 18.04. For details, see Supported features by platform.
- Integrity Monitoring - improvements to real-time scans: Real-time file integrity monitoring on Linux and Windows server platforms is now provided using the Application Control engine. The updated file monitoring engine captures information about who made changes to a monitored file. This feature is supported with Deep Security Agent 11.1 or later on Linux and with Deep Security Agent 11.2 or later on Windows server platforms. For details about which platforms support this feature, see Supported features by platform.
- Improved container traffic scanning: With Deep Security Agent 11.1 and earlier, the Firewall and Intrusion Prevention modules inspect traffic that passes through the host computer's network interface to containers. With Deep Security Agent 11.2 or later, those modules can also inspect traffic between containers. For information on how to enable this feature, see Set up intrusion prevention and Set up the Deep Security firewall.
- Signed installer packages: The installers for Deep Security Agent and Deep Security Notifier are digitally signed. See Check digital signatures on software packages.