Skip to content

Release Notes

Release notes for the update June, 23 2024

Update Version 4.1.202406211732

New Features

  • Added version support for micro-segmentation policies.

Creation of a new policy as well as updating existing policy will create a minor version of the policy (such as 2.1, 2.2, 2.3, ...). Policy application that generates rules and checks for traffic violations only works with the major versions of the policies while the system users can review all versions.

Added the option to promote current minor version of the policy to a major version.

Added the option to review policy history report with details about each policy version. Added the option to run a policy review for any selected historical version.

Policy versioning adds a story about change control. Changing policy selectors, services or sources might affect multiple endpoints by generating or removing firewall rules on these endpoints. The system allows policy owners to review the change before applying it to the assets either themselves, or with their peers, or with the other stakeholders that have interests in the maintaining the endpoints under management.

Policy Versions 1

Policy Versions 1

  • Firewall Rules synchronization

Added synchronization logic to re-apply segmentation policies to the assets when the new rules created on the endpoints or existing policy-generated rules deleted from the asset directly without the use of the application policies.

This update maintains a consistent state between configured segmentation policies in the application and the state of the firewall on the endpoints even if admins create of delete firewall rules directly on the endpoint.

The process happens in the background and triggers automatically after execution of List Firewall Rules scripts.

  • Policy Preview for Asset Versions

Added support to display Policy Preview screen for a selected asset version and a selected segmentation taxonomy field of this version.

This update continues the story of change control. It allows system owners to review the policy application to an old version of the asset (for example, for the currently production major version) as compared to the last version or to one of the past versions.

Also note that an asset might contain several segmentation taxonomy fields that would apply different policies based on different segmentation taxonomy. It allows demonstration of different segmentation taxonomies and their application to control the traffic for the same asset. Example is that the same asset might be classified based on the location, environment, component and application or it might be classified based on specific process phase, confidentiality level and priority impact. The update allows to run Policy Preview not only for the selected version of the asset but for the selected segmentation field.

Extensions

  • Updated the application favorite icon in the browser page tab.

It looks like the icon has white background instead of transparent background. The original icon has ico format (favicon.ico) that included multiple resolutions. We generated one from the supplied png files using some online WEB converter. Maybe the supplied png files could be combined into the aggregated ico file better than this online converter. We will keep working with the designer to generate the icon in the right format.

  • Menu ident

Changed left side application menu appearance to indent second level menu to the right to show that this is another menu level.

  • Added support for unsupported rules

Added support for ignoring firewall rules from the endpoints that are not supported by the application. We will decide during business operation whether do we want to add support for these rules or leave them undetected. The fix allows to continue micro-segmentation logic in the presence of unsupported firewall configuration. Firewall service has more functionality that is needed for micro-segmentation story so the current approach is to ignore firewall aspects that are not interesting for our current marketing.

The rule in question this week was the enabling Ping service to respond on Windows 10 computers (worked fine for Windows 11). Ping is an ICMP protocol which is outside of the scope of the first implementation (TCP and UDP are supported).

This update should fix the issue we had with Windows 10 computers on the demo tenant.

  • Asset-specific icons

Added the option to change application icon on the asset level overwriting the asset type configuration.

This update allows to emphasize certain areas of the application both containers and assets. We will surely use it for demos. Based on our past experiences, clients like it too.

  • Hardware Architecture

Added hardware architecture information to the system about screen.

  • Mass Promote

Added the option to mass promote selected assets to the major version.

This is a handy productivity enhancement tool especially after large imports but useful for the manual asset creations as well.

Bug Fixes

  • Cleaned up language translations files so they would be consistent with each other.

  • Automated language translations through the corporate Google Cloud account to maintain language translations consistent for the weekly releases.

  • Fixed the issue with importing assets to the system in case the import file does not include asset name (use host instead) or both asset name and a host (post an error during import).

  • Fixed the issue with deleting imported assets from the system without deleting the import before that

  • Fixed the issue with updating default parsers in the existing tenants

  • Fixed the issue with using default script templates for Groovy and PowerShell scripts. This fix resolves the issue that required us to re-save each PowerShell script on the demo tenant before it started to work.

  • Fixed the issue with unclassified API documentation for Import module.

  • Removed default time filter from Interfaces report.

  • Removed default time filter from Firewall Rules report.

  • Removed default time filter from Workloads report.

  • Fixed the issue with not-adjustable IPv6 column on the Interface report to make it fit to the lower resolution displays.

Release notes for the update June, 16 2024

Update Version 4.1.202406162121

New Features

Added initial support for asset database

  • Manage and browse space hierarchy of nested sub-spaces. Sub-space inherits and extends a configuration of its parent space and maintains unique asset database.

  • Browse containers and assets based on users permissions.

  • Create, edit, view and delete as well as copy, paste and link containers and assets.

  • Mass import assets into the space database from CSV spreadsheets.

  • Manage and query asset versions including draft (minor) and production (major) versions.

  • Manage containers and assets custom fields derived from the asset types as well as properties such as name, description and icon.

  • Manage space, container, asset and field permissions including access inheritance following the space and container hierarchy. Manage global space level access to space operations and access to assets.

  • Manage asset types defining asset fields with pre-built asset types for Windows and Linux hosts with different access strategies. Support asset fields includes Checkbox, Choice, Date, File, Number, String, Taxonomy, Text and IP Address.

  • Manage taxonomies as hierarchies of terms with synonyms used to tag assets and build policies. Graphically display taxonomy structure.

  • Query and export system event log

Added initial support for remote endpoint management

  • Support for direct PowerShell (Windows), SSH (Unix) and Groovy (local server) job execution strategies. Support for text and object model results for PowerShell scripts to parse by different parser strategies.

  • Support for RegEx (through unstructured text analytical handler), XSLT parsers processing results returned by the scripts run at the endpoints.

  • Manage script library with customizable PowerShell and Shell scripts as well as with batches executing several scripts through the same connection.

  • Manage parser library with customizable parsers.

  • Manage task execution policies defining when the script is executed on the endpoint including event based triggers as well as a scheduling mechanizm. Inherit task execution policies from the asser types to the individual assets with the option to override the policy on the asset level.

  • Query and export job execution queue with the raw job results returned from the script execution on the endpoint.

Added initial support for user authentication

  • Integration with Microsoft Active Directory as a user directory for authentication and authorization purposes including nested groups membership.

  • Integration with LDAP Servers as a user directory for authentication and authorization purposes including nested groups membership.

  • Integration with Entra ID as a user directory for authentication and authorization purposes including groups membership.

  • Manage space level local user directories. Manage local users and groups including external directories users and groups membership in local groups.

  • Integration with external Identity Providers using SAML protocol for the authentication and authorization purposes optionally utilizing group membership transferred using SAML protocol.

  • Integration with TOTP MFA (such as Google or Microsoft Authenticator).

  • Integration with HOTP MFA using Yubico services.

  • Integration with Duo Security Services as MFA provider.

  • Integration with 3rd party MFA devices over Radius protocol.

  • Integration with the MFA code provided through email.

  • Manage MFA requirements for various groups of users.

  • Manage API Tokens providing access to the application API.

  • Analyse users using the application and manage users MFA preferences.

Added initial support for network micro-segmentation

  • Manage services including ports, port range or process comprising the service

  • Manage micro-segmentation policies defining access to the services on the assets for the selected sources through taxonomy tagging of the asset database.

  • Manage micro-segmentation policies publishing status including disabled, monitoring and published.

  • Manage and query policy versions including draft (minor) and production (major) versions.

  • Manage out of the box micro-segmentation management scripts and parsers for Windows Defender Firewall and Linux IPTables.

  • Query network information collected from the endpoints including: asset status, network interfaces, workloads, connections, and firewall rules. Graphically display asset workloads as well as connections detected on the endpoint.

  • Manage policy enforcement status on the asset endpoint.

  • Manage requests for the temporary access to the asset services in addition to the applied policies.

  • Query connections violation data from the assets in the monitoring state to evaluate the effect of policy enforcement.

Added initial support for the application deployment

  • Support for software deployments on Windows and Linux platforms.

  • Support for internal database deployed during the software installation.

  • Support for external RDBMS: Oracle, MS SQL Server, MySQL and PostgreSQL.

  • Manage multiple tenants with each tenant handled by unique URL and managing its data in the tenant-based backend database.

  • Manage mail server configuration including SMTP and IMAP protocols with Basic and oAuth authentication mechanisms. Manage out of the box email templates.

  • Manage deployment-level SSL certificate to terminate HTTPS traffic.

  • API support for external scripts and software to access each function provided by the application based on the permissions assigned to the access token. Support for API browser with the options to test API functions.

  • Manage software updates including main WEB application and 3rd party components for framework and WEB container.