What's new?

Below are recent changes to Deep Security as a Service.

June 15, 2017

Identity provider integration using SAML 2.0

When Deep Security is deployed and configured to work with your identity provider, there is no longer a need to manage administrative users directly in Deep Security. In addition, you can leverage features of your IdP, such as password strength and change enforcement, one-time password (OTP), and two-factor or multi-factor authentication (2FA/MFA) when signing in to Deep Security using SAML. Supported identity providers include Active Directory Federation Services (ADFS), Okta, PingOne, and Shibboleth. For more information, see How SAML single sign-on works.

Single deployment script for Windows and Linux

Deep Security Manager now provides a single curl deployment script for both Windows and Linux agents and enables you to select a proxy setting and add it to the deployment script.

Deep Security Manager now only allows agent deployment connections using TLS 1.2. For more information, see Deep Security Manager uses TLS 1.2. As a result, you will need to update your version of curl or use another method to deploy these agents:

  • CentOS 5 or 6
  • Cloud Linux 6
  • Debian Linux 7
  • Oracle Linux 5 or 6
  • Red Hat Enterprise Linux 5 or 6
  • SUSE Linux 11
  • Solaris

If you are using PowerShell to deploy the following agents, you will need to use PowerShell 4.0 to support TLS 1.2:

  • Windows 7
  • Windows 2008 R2

These platforms are not supported with TLS 1.2:

  • Windows 2003
  • Windows 2008

June 1, 2017

Timeout value for scheduled malware scans

Scheduled malware scans can now include a timeout value. You can see the new option by going to Administration > Scheduled Tasks and adding or editing a "Scan Computers for Malware" scheduled task. The timeout option is available for daily, weekly, monthly, and once-only scans. When a scheduled malware scan is running and the timeout limit has been reached, any tasks that are currently running or pending will be canceled.

HostOwnerID property for events forwarded to Amazon SNS

Security events forwarded through Amazon Simple Notification Service for Amazon Elastic Compute Cloud (EC2) instances that are connected using an AWS cloud connector will now include a HostOwnerID property indicating the AWS account owner ID for the instance. This property can be used in advanced forwarding configurations to route events to topics based on the owner account ID. See JSON SNS configuration for information on advanced SNS forwarding configuration and the conditions and properties that are available.

May 18, 2017


The newsfeed feature allows you to stay up-to-date on product related topics such as new release availability, service changes, emerging threats and tips on how to optimize your Deep Security as a Service deployment. The newsfeed appears in the top right corner, near the Help icon.

New in Deep Security 10.0

Below are major changes in Deep Security 10.0. For more detail, see the Release Notes.

Better upgrade experience

Significant engineering effort was invested into making upgrades to Deep Security 10.0 smoother than before to help you move on to Deep Security 10.0. We have completely revamped the user upgrade experience by including functionality that checks your currently installed Deep Security components and makes personalized recommendations for your upgrade path. The overall upgrade process is more robust and dependable too.

System requirements

All system requirements for Deep Security 10.0 are documented in System requirements.

Increase security by using application control

Get visibility into applications running on your systems and detect or block unauthorized software. You have the ability to decide if new applications can be added and safely run on a given workload. Deep Security introduces a simplified application control administration with day-to-day activities minimized through one to many policies, simplified drift timeline and application execution view, and automation through APIs.

Docker deployment protection (containers)

Deep Security 10.0 expands beyond server workloads to protect Docker containers, leveraging proven techniques like anti-malware, IPS and application control to protect dynamic container deployments. Learn more about how we can protect your Docker hosts and containers.

Enhanced anti-malware and ransomware scanning with behavior monitoring

Threat actors are becoming more sophisticated and often use techniques to bypass traditional virus pattern matching. These advanced threats are difficult to detect and require new technology to do so. Deep Security 10.0 provides security settings that you can apply to Windows® computers protected by a Deep Security Agent. These settings enable you to go beyond malware pattern matching and identify suspicious files that could potentially contain emerging malware that hasn’t yet been added to the anti-malware patterns (known as a zero-day attack).

Secure event forwarding to a syslog or SIEM server using Transport Layer Security (TLS)

Deep Security 10.0 can securely forward system and security events to an external Syslog or SIEM server from the Deep Security Manager over TLS, meeting the needs of customers who are governed by compliance standards such as HIPAA and solving both confidentiality and reliability issues. To find out how, see Forward Deep Security events to an external syslog or SIEM server .

Usability Enhancements

New user interface

Enhanced visibility across your hybrid cloud environment is provided through an updated, more intuitive user interface (UI). The cleaner and more intuitive UI helps you identify problem areas and begin to remediate them more quickly. The new interface introduces new sophisticated management features to help address the realities of distributed architectures.

Smart folders

To help organize your personal view of your protected assets, you can create saved searches that allow you to dynamically organize your workloads. You can create logical filters based on properties such as hostname, AWS tags, Azure Resource Groups, vCenter or Active Directory. Smart folders always react to dynamic changes in your cloud environment. Learn more about using smart folders.

Easier to get help

Directly from within the Deep Security Manager you can now search all of the information in our new Help Center (you are on it right now!). All of the content previously contained in the Administrator's Guide and the Installation Guide is also located there and it is all searchable from Google™ search.

Updated cloud connectors

Updated support for Oracle® Solaris 10 and 11 servers

The Deep Security Agent for Solaris has been updated for Deep Security 10.0. Anti-malware scanning capabilities are now available for Solaris 10 and 11 servers.

Access events with Amazon Simple Notification Service (Amazon SNS)

If you have an AWS account, you can take advantage of Amazon SNS to publish notifications about Deep Security events and deliver them to subscribers. Learn how to set this up.

Affinity settings: Advanced combined mode

Combined Mode implies a distribution of protection between a Deep Security Virtual Appliance (DSVA) and a Deep Security Agent (DSA). Beginning in Deep Security 10, you are able to specify an "affinity" for each of the protection modules, to specify whether the protection should be provided by the DSA or the DSVA, when both are available. This replaces the Coordinated Mode available in previous releases. For more information, see the Configure protection source settings for protection modules section of Choose agentless vs. combined mode protection.

Deep Security Scanner (SAP for Windows)

While anti-malware is now required by most enterprises, there is an additional requirement to safeguard mission-critical environments such as SAP. In SAP deployments, there are many opportunities for customers to upload external files, potentially exposing the SAP NetWeaver®  environment to malware that could corrupt an entire database. Deep Security 10.0 provides a security solution that is specifically designed for SAP NetWeaver environments to help protect this mission-critical data and ensure their business is not impacted. Learn more about protecting SAP NetWeaver environments.


Deep Security for SAP® has been renamed to Deep Security Scanner but no changes to pricing for this functionality have been made and previous SAP licenses will work to enable Deep Security Scanner functionality.