Below are recent changes to Deep Security as a Service.
December 7, 2017
- Relay management: This update makes it easier to manage your relay-enabled agents. With previous releases, customers sometimes accidentally promoted Deep Security Agents to act as relays. With this release, the "Enable Relay" button has been removed from the Computers page. You can now perform all actions related to relays from the new Administration > Relay Management page. For customers who have accidentally promoted an agent to a relay, demoting the relay back to an agent is now a much simpler process. For more information, see Distribute security and software updates with relays.
November 30, 2017
- Cloud VDI (Amazon WorkSpaces support): Amazon WorkSpaces is a fully managed, secure desktop computing service that runs on the AWS cloud. Deep Security as a Service now offers improved management capabilities for Amazon WorkSpaces. For more information, see Add Amazon WorkSpaces.
Deep Security 10.2 Agents were released for Deep Security as a Service on November 30. Deep Security 10.2 is a feature release (see Feature releases for details about support). These features are available with the new agents:
- Advanced threat detection (machine learning): Advanced threats have become the most prevalent form of attack. While there is a still a need for signature based anti-malware, there is an increased need for advanced forms of malware detection. Deep Security offers strong protection from known and unknown threats in our customers environments. Machine learning is the next step in the evolution of detecting those unknown threats. For more information, see Predictive Machine Learning and Detect emerging threats using Predictive Machine Learning
- Application control - global block by hash: Application control has been enhanced with a new "block by hash" feature that enables administrators to submit known bad hash values to Deep Security for application control blacklist enforcement. The control will now recognize a new “global rule set” that includes a list of hash values to be blocked. This rule set takes precedence over any other rules from existing shared or local rule sets, and will be enforced by every Deep Security Agent enabled with application control. This feature provides a simple way for users to block unwanted or bad software from running at a global system-wide level. The design allows the workflow to be fully automated, with APIs for creating the global rule set, adding and deleting hash values. For more information, see Allow or block software.
- Application control - trusted updater: Application control creates a software change event log whenever new executable files are detected on protected systems. Sometimes these changes are generated as part of the normal operation of trusted software. For example, when Windows self-initiates a component update, hundreds of new executable files may be installed. Application control will now auto-authorize many file changes that are created by well-known Windows processes and not create corresponding change log events for them. Removing the “noise” associated with expected software changes provides you with clearer visibility into changes that may need your attention.
- Fail open option: The Deep Security network driver for intrusion prevention and firewall controls was designed for “fail closed” behavior, which puts the Deep Security Agent into a block state when maximum threshold limits are exceeded. This design objective ensures that protected computers are not exposed if the security service is subjected to a denial of service attack. In Deep Security 10.2, you can choose to change this behavior and allow traffic in certain failure scenarios. For more information, see "Failure response" in Advanced Network Engine settings.