Skip to content

2025

Release notes for the August 10, 2025 update

Update Version 4.1.202508081909

New Features

Added Credentials Vault module to store, access and share secrets.

Credentials vault is designed to share secret information, passwords, keys, tokens, TOTP codes with users in an auditable secure way.

The vault includes the following features:

  • Multi-tenancy allows to host multiple clients or departments in the single application deployment.

  • Site / subsite hierarchy allows to delegate and centralize management of various aspects of organizational structures.

  • Information organization in assets grouped into hierarchical containers structure.

  • Asset configuration with the hierarchy of asset types defining the asset properties:

    • Field types: String, Checkbox, Choice, Date, File, Number, Taxonomy, Text, Address, TOTP.

    • Behavior: Secured, hidden, required, multi-valued fields, default values, placeholders, context help.

    • Visual representation including icons and colors.

  • FIPS 140-3 approved encryption module to enforce strong encryption for data, tokens and keys.

  • Role based access to site, container and asset functions granted to users or groups with central configuration inherited from site and container hierarchy down to the assets and secret fields.

  • Multi-level multi-user request approval workflows for the critical application actions such as change of permissions or displaying values of the secret fields. Support for restricting and auto-approval workflows as well as the event logging of the approval process.

  • The option to display the value of the secret fields to users based on their permissions we well as interactive access approval. Secure handling of data decryption following role based permissions and request approval workflow while producing a detailed event log about the request.

  • The option to tag assets with terms from hierarchical taxonomy for search and policies management purposes. Mass tagging and auto-tagging support that assigns tags to the assets based on various criteria.

  • Assets management: copy, cut, paste, delete, link assets in the container hierarchy, mass management.

  • Search center to find assets by search criteria or tags from taxonomy hierarchy.

  • Assets import and discovery from the following sources: CSV, MS Active Directory, AWS, VMWare, LDAP. Applying auto-tagging rules during import process.

  • Event logging about every configuration and user activity. The options to search events using interactive events report, archive events in the compressed files, send email notifications about system events or stream events real time to Syslog (SIEM) servers.

  • WEB GUI, REST API interfaces.

  • Reporting. Filters, sorting, search, interactive or export to CSV or PDF formats.

  • Support for local users and groups as well as the users or groups from MS Active Directory, Entra ID and LDAP. Support for 3rd party user directory user or groups as members of the local groups.

  • Integration with various identity providers such as: MS Active Directory, LDAP, Entra ID, SSO (SAML), TOTP, RADIUS, HOTP (Yubikey), Duo Security, Mail MFA (SMTP, Office 365).

  • WEB browser password filler extension (Chrome and Edge), and browser add-on (Firefox).

Security

  • Updated application client side WEB framework to the latest version.

  • Updated database access component to the latest version.

  • Updated REST API handler component to the latest version.

Extensions

  • Added Windows Status Check script and an out of the box Windows Host task to check basic connectivity to Windows hosts.

  • Added out of the box tagging rules for Windows and Linux tags based on the asset types of the created assets.

  • Added an out of the box policy to open RDP port on Windows assets to the management server IP List.

Fixes

  • Reduced number of database related log messages in the default log configuration.

  • Reduced number of log messages for the internal object lock mechanism.

  • Updated application WEB framework to the latest version.

  • Removed the options to select Every Second and Every Minute from the visual schedule builder to reduce configuration mistakes.

  • Moved the option to select Random Second, Minute, Hour, Day and Month to the top of the screen on the visual schedule builder to reduce configuration mistakes.

  • Fixed the issue with removing old parent asset type fields after switching parent asset type when creating new asset type.

Release notes for the August 3, 2025 update

Update Version 4.1.202508011800

Security

  • Updated application client side WEB framework to the latest version.

  • Updated database access component to the latest version.

  • Updated Oracle RDBMS driver to the latest version.

  • Updated MySQL driver to the latest version.

  • Updated CSV processing component to the latest version.

  • Updated REST API documentation component to the latest version.

  • Updated e-mail processing component to the latest version.

  • Updated context help markdown processing component to the latest version.

Extensions

  • Added the option to move confirmation, information and warning dialogues on the screen to reveal information they cover.

  • Added search center for the users without site level permissions.

  • Added the option to lock local user account to prevent this account to access the application.

  • Added support for a quick test of endpoint availability before attempting to execute a script on the endpioint for SSH and WinRM protocols to optimize performance of the script executions on the unreachable assets.

  • Removed script icon from the script list to allow more space for the longer script names.

  • Changed terminology for Reason field on the action request screen.

  • Added the request reason to the event log message about creating or updating the action request.

Fixes

  • Fixed the issue with asset viewer accessing access profiles list for the asset.

  • Added extended logging about job creation to troubleshoot job scheduling process.

  • Fixed the issue with leaving the jobs in the queue after failing to schedule them for the job pool execution.

  • Fixed the issue with increase in number of jobs and firewall rules on the asset with slow jobs execution when applying microsegmentation policies.

  • Optimized application performance of the data collection from the asset endpoints by splitting long data update transaction that locks the database table to many short transactions reducing the load on the database tables during data collection.

  • Optimized the frequency of policy applications to limit the trigger to the detected rules only.

  • Fixed the issue with using API to access asset in a sub-site using the parent or root site URL.

  • Fixed the asset search returning assets from the subsites.

  • Fixed the issue with deleting assets with associated source firewall rules.

  • Fixed the issue with sorting site network reports by asset.

  • Fixed the issue with unnecessary dependency of the job information in site level network reports.

  • Fixed the issue with using peer node scripts instead of the local ones when executing out of the box scripts through the peer node.

  • Fixed the issue with the notification message about copying REST API token to the clipboard.

  • Fixed the issue with compressing rotated archived system log files in the default file logger configuration.

  • Fixed the issue with clearing the locks in asset tenants during application startup.

  • Fixed the issue with displaying selected peer node on the peer link editing screen for an asset.

  • Fixed the issue with displaying unsorted peer nodes on the peer node selection screen.

Release notes for the July 27, 2025 update

Update Version 4.1.202507251511

New Features

Added Job Execution Pool to improve script execution performance.

Job execution pool allows to control memory and CPU use on the application host with many jobs run on various asset endpoints including those that are currently unreachable. The pool queues jobs run on the same asset for sequential execution through the same reused connection to the endpoint. The pool uses fixed number of threads to run jobs on different assets at the same time queueing assets when necessary. The pool eliminates Delayed jobs and inter-node asset locks.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated REST API data processing component to the latest version.

  • Updated application test framework to the latest version.

  • Updated icons provider GUI component to the latest version.

  • Updated GUI charts component to the latest version.

  • Updated GUI table pagination component to the latest version.

  • Updated database access component to the latest version.

  • Updated internal scripting language component to the latest version.

Extensions

  • Added confirmation message when closing or exiting Retention Policy configuration screen that contains unsaved changes.

  • Added information level logging to the logic adding firewall rule with details about the asset, policy, service request and the rule.

  • Changed terminology for Workflow Form, Workflow Selector and Approver categories.

  • Changed terminology for Site category including Sub-sites, Site Role and Site hierarchy.

  • Reorganized Management menu to bring Site Roles, MFA Rules and Sites management closer to the top level.

Fixes

  • Fixed the issue with using peer nodes without enabled job runner for script execution.

  • Fixed the issue with the Container Role on the asset permission screen is changed only when the selection for container roles is changed when selecting asset viewer and supervisor roles.

Release notes for the July 20, 2025 update

Update Version 4.1.202507181918

New Features

Added the option to archive historical application data.

The option allows to manage database and file system space as well as data expiration compliance requirements by purging the data accumulated over time from the application storage. The option currently supports historical Event Logs and Jobs records.

Before purging historical data from the database, data archiving process first extracts data to the compressed exported reports in CSV or PDF format to the file system storage. The process also deletes historical archives from the file system when they expire based on the Retention Policy.

Retention policy governs the times the historical data remain in the database and the historical archives remain on the file system as well as the format of the export. The application allows to schedule archival process for periodic execution or to run the process interactively.

Added break glass recovery for tenant administrators.

The option allows a base tenant managers to grant themselves administrator permissions to the managed tenant to recover lost access to the content tenant.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated database access component to the latest version.

  • Updated logging component to the latest version.

  • Updated application bill of material verification component to the latest version.

  • Updated network streaming component to the latest version.

Extensions

  • • Added the option to schedule backup process for periodic execution.

  • Added top level Integration menu to manage integrations with external services.

  • Added support to include job results into exported report.

  • Added password length requirements with minimum of 12 characters when resetting administrator password using break glass procedure.

  • Added schedule transcription to the import and task management screens.

  • Added context help to the backup management screen.

Fixes

  • Fixed the issue with the auditor accessing Management / Policy and Management / Space Permissions screens.

  • Fixed the issue with enabling save buttons on the forms with the scheduler when clearing the scheduler value.

  • Fixed the issue with backup and restore actions visibility for the auditors.

Release notes for the July 13, 2025 update

Update Version 4.1.202507111740

New Features

Added the option to import assets from Microsoft Entra ID Service.

Entra ID import option allows to load assets into the asset database from Microsoft Entra ID (former Azure AD) Service while applying intelligent tagging rules to classify the imported assets and to apply microsegmentation policies.

The import function simplifies system adoption by reusing existing network infrastructure and collected data to start system activities.

Added break glass recovery option

The Break Glass option allows to retrieve sensitive data from the tenant backup files even when the server is not running, tenant database or WEB GUI is not accessible, or the original deployment is not available.

For this option to work, tenant administrators need to schedule periodic backup and save tenant break glass key to use in in cases of emergency to access important sensitive data to keep their business running.

Security

  • Updated application WEB container to the latest version.

  • Updated application client side WEB framework to the latest version.

  • Updated database access component to the latest version.

  • Updated application test framework to the latest version.

  • Updated data processing utility component to the latest version.

Extensions

  • Added full breadcrumb path to the parent container on the asset creation screen.

  • Added the option to sort by Violation column in the connection reports.

  • Added the option for space administrators and space taxonomy managers to add new terms to the currently selected list from the term selection dialogue.

  • Added case-insensitive search support for services on the network service list screen and when selecting services on the policy screen.

  • Added case-insensitive search support for policies on the policies list screen.

  • Added support for case-insensitive search for assets when selecting assets for base, member assets as well as containers for new asset parents.

  • Added support for case-insensitive asset search using search center.

  • Added the option to obtain tenant break glass key that could be used to recover sensitive data or to perform un-managed operations.

  • Added the option to reset password of the deployment administrator in the emergency break glass scenario.

Fixes

  • Fixed the issue with the blanket error message on the browser developer console when displaying Network Flow Chart.

  • Fixed the issue with sorting policies by name on the policies list screen.

  • Fixed the issue with enabling loopback connections when enforcing policies on Linux devices with iptables firewall.

Release notes for the July 6, 2025 update

Update Version 4.1.202507032033

New Features

Added multi-interface assets support on the network flow chart.

The option simplifies asset-centric view of the network by displaying fewer nodes with multiple network interfaces on the network flow chart.

The feature includes the following improvements:

  • Added the option to display asset with several network interfaces in the IP level connectionsflow chart merging the graphical nodes related to different interfaces of the same asset to the same node.

  • Added the option to display several IP addresses to the text popup for the chart node.

  • Added name resolution for the connection nodes inbound to and outbound from the secondary interfaces.

  • Added support for the search of nodes related to multiple interfaces of the same asset.

Added support for script execution on legacy Windows devices.

The option allows to build and to execute scripts on the Windows devices with WS-Management version below 2.3 including Windows 7 and Windows Server 2008 R2.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated database access component to the latest version.

  • Updated MariaDB driver to the latest version.

  • Updated application Bill of Materials management component to the latest version.

Extensions

  • Added click-able link on the policy name to edit the editable policy on the policy list screen.

  • Unified REST API naming conventions across all functions exposed by the application server.

  • Signed Windows install and update scripts with new code signing certificate.

Fixes

  • Fixed the issue with the blanket error on the browser log console when adding or editing Mail MFA configuration.

  • Fixed the misspelling issue in the API token context help.

  • Fixed the issue with aggregating batch script results in the job log report when aborting the batch.

  • Fixed the issue with displaying page breadcrumbs in full width of the screen.

Release notes for the June 29, 2025 update

Update Version 4.1.202506271557

New Features

Added microsegmentation support for IBM AIX platform.

The support allows to manage services hosted by IBM AIX 7.2 servers in the network microsegmentation policies using native IPsec firewall feature.

The platform support is enabled through the initially hidden IBM AIX Host asset type with pre-configured fields for connection purposes and pre-configured tasks for network monitoring and policy enforcements.

Security

  • Updated application client side WEB framework to the latest version.

  • Updated database access framework to the latest version.

  • Updated database pool component to the latest version.

  • Updated MS SQL Server driver to the last version.

  • Updated application testing framework to the latest version.

Extensions

  • Added pagination, filter by name, type and destination, export to PDF or CSV formats options to the Parsers library to allow management of large number of parsers.

  • Added specific job results error message about failure to retrieve MSA or LAPS passwords from the Active Directory to simplify connection troubleshooting.

  • Added AIX and Solaris component servers to the out of the box LECA Segmentation taxonomy.

  • Unified REST API for script and parser libraries, and for asset types and assets task management.

  • Unified REST API for space and asset permissions management.

Fixes

  • Fixed the issue with breaking the application update on Linux servers when update runs as root for the deployments made by other users.

  • Fixed the issue with the linux update script artifacts when the setup script is updated.

  • Fixed the issue with out of the box taxonomy to not include empty synonyms.

  • Fixed the issue with 0 synonym repeated for both ICMP and all terms in the out of the box taxonomy.

  • Fixed the spelling mistake for traffic directions issue with out of the box taxonomy.

  • Added permit synonym to the firewall action allow in the out of the box taxonomy.

  • Fixed the issue with the context help about API Token description.

  • Fixed the issue with rudimentary Create Type option on the tenant update screen causing issues when selecting wrong update type.

  • Fixed the issue with creating asset import from CSV file.

  • Fixed the issue with preserving delay property for interactive tasks.

  • Fixed the issue with negative values in the task delay property.

Release notes for the June 22, 2025 update

Update Version 4.1.202506202141

Security

  • Updated application client side WEB framework to the latest version.

  • Updated application server side WEB framework to the latest version.

  • Updated structured data processing component to the latest version.

  • Updated logging and log streaming component to the latest version.

  • Updated REST API documentation component to the latest version.

  • Updated context help rendering component to the latest version.

Extensions

  • Added asset level Network Interfaces report accessible from the asset view screen.

  • Added IBM AIX script and parser to monitor network interfaces.

  • Added IBM AIX script and parser to monitor endpoint workloads.

  • Added IBM AIX script and parser to monitor active connections on the endpoint.

  • Added IBM AIX script and parser to monitor network connections on the endpoint using firewall logs.

  • Added IBM AIX scripts to enable and to disable firewall connections logging.

  • Added IBM AIX script and parser to monitor Fireall Rules on the endpoint

  • Added IBM AIX script to add firewall rule to the endpoint.

  • Added IBM AIX script to delete firewall rule from the endpoint.

  • Added the option to parse alternative ports specification for outbound firewall rules.

  • Added support for displaying the generated firewall rule key in the Firewall Rules report.

Fixes

  • Fixed the issue with reading IPv6 addresses what parsing network interfaces.

  • Fixed the issue with detecting connection violations under current policy set for monitoring or published policies for the assets not enforced for microsegmentation.

  • Fixed the issue with the Asset Workloads chart displaying interfaces with no attached workloads.

  • Fixed the issue in REST API name to access asset firewal rules list.

  • Fixed the issue with displaying policy name for the policies that have no descriptions on the asset firewall rules report.

  • Fixed the issue with using gMSA or LAPS accounts when they specified for the Active Directory configuration with the space in the LDAP configuration name.

Release notes for the June 15, 2025 update

Update Version 4.1.202506131931

New Features

Added support for the group Managed Service Accounts (gMSA) when executing scripts on Windows devices.

The group Managed Service Account (gMSA) is a managed domain account that provides automatic password management and the ability to delegate the management to other administrators or services. This minimizes the administrative overhead of a service account by allowing Windows to handle password management for these accounts.

Support for gMSA accounts in Windows Domain environment simplifies management of Windows devices by using fewer domain accounts without the need to manage service account credentials. With gMSA account use no password in microsegmentation asset delegating password management the to Windows Domain.

Added support for LAPS accounts when when executing scripts on Windows devices.

The Local Administrator Password Solution (LAPS) provides management of local account passwords of domain joined computers. This minimizes the administrative overhead of a service account by allowing Windows to handle password management for these accounts.

Support for LAPS accounts in Windows Domain environment simplifies management of Windows devices by avoiding management of the service account credentials. With LAPS account use no password in microsegmentation asset delegating password management to the Windows Domain.

Security

  • Updated application client side WEB framework to the last version.

  • Updated application WEB container to the last version.

  • Updated database access component to the last version.

  • Updated PostgreSQL driver to the last version.

  • Updated REST API documentation component to the last version.

  • Updated WEB application build environment with foundation framework packages to the last version.

  • Updated application test framework to the last version.

Extensions

  • Added IBM AIX script and parser to detect OS information and network status.

Fixes

  • Fixed the issue with detecting explicit parameters during script execution.

Release notes for the June 8, 2025 update

Update Version 4.1.202506061256

New Features

Added Kerberos authentication support to the script execution on remote Windows computers.

As alternative to NTLM authentication in Windows networks, Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.

Configuration to enable Kerberos authentication for the group of assets requires additional fields created on the Windows Host based asset type. These additional fields could stay hidden in the asset type thus inherited by all assets of this type or they could be overwritten for an individual asset.

  • Authentication is a Choice field with Basic, NTLM and Kerberos options.

  • KDC is a String field for the Key Distribution Center which is usually a Domain Controller.

  • Realm is the String field for Kerberos realm.

Server, User and Password come from the regular asset configuration. It is recommended to run Kerberos authenticated communications over SSL secure WinRMs transport protocol.

Security

  • Updated application client side WEB framework to the last version

Extensions

  • Added a navigation link to the tenant name in the tenant list screen.

  • Added context help to the labels on the Backup screen.

  • Added authentication type to the Windows script job output that might include Basic, NTLM or Kerberos.

  • Added WEB Framework version information to the About screen.

Fixes

  • Fixed the issue with the order of the system information entries on the about screen to show the license expiration date in the last row.