- 11 Oct 2024
- 4 Minutes to read
- Print
- DarkLight
- PDF
Release Notes 3.1.0
- Updated on 11 Oct 2024
- 4 Minutes to read
- Print
- DarkLight
- PDF
What's new in 3.1.0?
We are pleased to announce our new version VSP 3.1.0 as of 3-September-24. These release notes highlight the new features introduced as part of this release. Click here for an introduction about VSP and its components.
In this release, we determine the trust levels of executables using our Trust Blade Engines. Click here for more information.
Trust Score - An Application Trust score is a metric used to measure the credibility and trustworthiness of application packages, executables (processes, libraries and scripts), OS drivers and Locally compiled files present on a workload server environment. At Virsec, we measure Trust in terms a multiplier of Provenance, Integrity and Authorization on a scale of 1 to 100 of the above packaged and non packaged code on workloads.
TrustSight:
Virsec’s TrustSight is a new addition from this release onwards that provides end users the ability to understand workload software components comprehensively.
The following widgets are available to enable end users glean valuable insights regarding trust (or lack thereof) in software packages, files, libraries and scripts that are found in a server workload environment
- Topology - This widget provides in essence a server workload map for an organization’s environment where Virsec is installed showing the arrangement and interaction of such workload servers. Virsec supports the ability to ingest from CMDBs via a manual connector
- System Integrity Widget - This widget provides insight into application software code and related files found in a single or group of workload servers. It also shows the trust score that is calculated based on Provenance, Integrity and Authorization of application all software files. Lastly, the widget also features a trending report of trust score over time
- Vulnerability Compensation - This widget provides information around vulnerabilities by severity levels that Virsec workload sever protection can compensate for, thus alleviating the burden on administrators to immediately perform patching rather than schedule later and thereby reduce business disruptions
- Know your Software - This widget provides valuable insights about packaged code (first and third party packages) and non-packaged code (individual files, libraries and scripts) found in server workload environments along with key attributes such as - information if the trust for those files have been established or not
Click here for more information
Closed Loop ACP:
Virsec’s Closed Loop ACP is a new feature introduced with the below features:
- This feature ensures that only the LOLBins with malicious intent are blocked. If a benign LOLBin is executed, it is added as an ACP rule. The incidents reported for such executions are automatically acknowledged to reduce the false positives. So, there is no action required by the end users as they view only the incidents that require their attention reported in the Incidents page
- VSP applies BUA (Block Unless Allowlisted) rules for all LOLBins of the platform. Attack by stolen credentials (by both remote and local users) is stopped by these BUA rules. The admins are therefore required to add ACP rules for the routinely used commands to ensure that can be executed on the workloads. If they are not added as ACP rules, their execution will be blocked
Click here for more information.
MEP Configuration Utility:
Before enabling MEP, if an EDR, or any other software that hooks with applications to extract telemetry is active on the workload, it is highly recommended to execute the newly provided audit utility. This utility generates a configuration file that needs to be copied to all the workloads to ensure that both EDR and VSP can co-exist without impacting each other’s operations.
Major Enhancement in 3.1.0
Host Enhancements:
- Going forward, only a single host per profile is supported as this allows the flexibility to allow executables to be configured differently from the corresponding executable on another workload. A migration path will be provided to migrate existing customers using a single profile for a group of hosts
- Different Monitoring Modes for Executable (Host) Protection, ACP and Memory Exploit Protection can be configured independently for each host. Note that ACP cannot be in Protect mode if Executable (Host) Protection is in Detect/Disabled Mode. Click here for more information about the feature and restrictions (Point 1-d in the tab "Version 3.1.0 and Above")
CMS Enhancements:
- oAuth2 and OIDC2 protocols are now integrated with CMS to provide additional security and ease of authentication for both new and existing customer users. Click here for more information about the types of users and login options
- The CMS UI is enhanced for local CMS users to generate API keys that are required for securely obtaining information from CMS through APIs. Click here for more information
- A common portal for customer CMS SaaS login is incorporated from this release onwards. After authentication, the user is automatically redirected to their SaaS instance
Platform ease-of use Enhancements:
- CPM can now be installed without providing any parameters. Click here for more information
- Probe installation is now automated and simplified to enable bulk installation using CPM. Click here for more information
Key Fixes in 3.1.0
- CMS errors that were previously being raised when customers attempted to update or delete SAML user groupings have now been resolved
- Production environments no longer require logging in after refresh or reload of pages from the browser
- Host entries are now deleted following the uninstall of a probe