GravityZone (Cloud-based) Release Notes for June 2019 Update
Last revised: 2019-07-17
Minimum BEST version: 220.127.116.11
Minimum Security Server Multi-Platform version: 18.104.22.16893
Endpoint Risk Management
This update brings Endpoint Risk Management, a brand-new feature designed for effectively identifying, assessing and remediating endpoint weaknesses. GravityZone exposes this new feature in the following areas:
- Risk Management policy section, including a risk scan scheduler.
- Risk Scan task available from the Network page.
- New Risk Management Dashboard, providing several panels with risk information, one-click resolve action per endpoint and recommendations for exposure mitigation.
Powered by machine learning, this new proactive technology stops zero-day attacks carried out through evasive exploits. Advanced Anti-Exploit catches the latest exploits in real-time and mitigates memory corruption vulnerabilities that can evade existing solutions.
This security layer is pre-configured with the recommended security settings and you can customize it from the Antimalware > Advanced Anti-Exploit policy section.
You can view Advanced Anti-Exploit events in the Security Audit, Blocked Application, Endpoint Module Status reports.
This security layer addresses Windows-based systems.
Implemented a new Load Balancing mechanism between endpoints, protected through BEST with Central Scan and Security Servers. You can now choose to distribute the load evenly between the assigned Security Servers.
- Added full support for incidents detection and response actions, root cause analysis and MITRE events on Linux OS endpoints.
- Enriched the Search section with several predefined queries, covering the most useful investigation scenarios.
- Improved security event visualization from the Incidents page:
- New panel in the graph area displaying the actions and their states for the selected event node in a single view.
- New Further Investigation section in the node details area, outlining the additional analysis through Sandbox, Virus Total and Google.
- Expanded the list of supported file types that can be automatically submitted to Sandbox Analyzer.
- Added content pre-filtering capabilities for submitting files to the Sandbox Analyzer. This functionality is configurable in a new policy section.
- Added error messages for failed detonations in the submission card section on the Sandbox Analyzer page.
- A major increase of the scanning speed in VDI environments due to the new scan cache sharing protocol between Security Servers. To benefit of this feature, enable port 6379 to allow traffic between Security Servers.
- Two new statuses for Security Server load: Near overloaded and Near underloaded.
- New custom exclusion types by file hash, certificate thumbprint, threat name, and command line.
- Ability to define custom exclusions by using wildcards:
- Asterisk (*) for one or more characters.
- Question mark (?) for a single character.
- New option to add folder exclusions for ATC/IDS. With this release, existing folder exclusions remain configured for on-access and on-demand scanning. To add ATC/IDS as well, you need to select the corresponding checkbox in the Modules column.
You can now use a secured connection between Security Servers and the protected NAS servers, provided they use SSL over ICAP.
Optimized the Control Center workspace with the new display modes of the menu: expanded, collapsed (icon view) and hidden.
Replaced the antimalware signatures with a new method to identify known and unknown malware, called Security Content.
Analysis results from a manual submission could not be retrieved if the proxy was in place.
In Control Center, weekly recurrence for antimalware updates was resetting upon return, if set only on Sunday. This was only a display issue, the setting being sent correctly to the security agent.
Removed the ghost folders that appeared on some Partner accounts.
Security Server Load Balancing - Equal distribution mode had limited functionality. The scan load was not distributed equally between Security Servers.
- The new custom exclusion types are not available for custom scanning tasks from the Network page.
- The following exclusion types for ATC/IDS are available only for Windows desktop operating systems:
- Process with wildcards
- File hash
- Detection name
- Detection name with wildcards
- Certificate thumbprint exclusions are not available for ATC/IDS.