Version 3.09

Released 2023-10-11

Analysis

• Optimization: Calculating when Patch A provides 100% of the fixes of Patch B is now performed internally by DeepSurface and sent out as part of the feed update, resulting in a significant improvement in analysis performance
• Optimization: Reduced analysis runtime by 40% in many cases

Management Console UI

• Added filters for purpose/subpurpose to SSL Certificate manager
• Clarified credential UI: Edits of credential metadata do not require re-entering the credential itself
• Added activity spinners to pages that perform intensive queries to show work is being performed
• Updated status page statistics to reflect current filters instead of current pagination
• Added double-click-to-zoom to Paths in Risk Analysis
• Fixed issue where Authenticated Scan status did not display the host IP address
• Added a color-picker to the Tag Editor; existing tags have been given color-coding based on a default colorscheme

Reporting

• New filters: Inequalities. Filter patches required by > 200 hosts, and/or risk score > 5.0%
• New Filter: Older than n days. Exclude the latest 0-days or Patch Tuesday issues (that likely have a patch in flight) and look for older high-risk vulnerabilities you haven’t patched.
• New filter: Relative ranges. Combine date ranges with risk reduction and affected host count ranges. Works great as a scheduled report – Define a report containing vulnerabilities older than 60 days that affect more than 30 hosts, then send it out monthly!
• Tags now display next to hosts on all reports

Third-Party Integrations

• MSDE: Fixed “Unexpectedly missing machine…” log messages when hosts have no vulnerabilities
• Updated the Rapid7 vulnerability parser to better handle unexpected formatting errors from the source

Hashes

{
  "DATE": "Wed Oct 11 14:05:56 PDT 2023",
  "windows_scan": "dc696d59ff36d1ab63ea31ac1d8bd9a7e139ddf1",
  "linux_scan": "b024090d3d9a6e5c321cb3df3f64f61d9fac88f9"
}

Version 3.08

Released 2023-08-29

Major Updates

• All new Explore interface; build custom views of the risk in your environment and follow threats from an adversary all the way to your sensitive assets
• Removed Windows agent dependency on Powershell; this reduces Agent resource requirements significantly (just starting powershell.exe reserves 2GB RAM) and lessens the likliehood of EDR False Positives on the Windows Agent (as running Powershell remotely is a ‘red flag’ for many EDRs)
• User-Managed Scans: use your orchestration software (Intune, MECM, Tanium, etc.) to run an “ephemeral” scan on Windows platforms. No persistent agent required!

Accepted Risk

• Accepted Risk now provides a means to see details on each accepted item

Analysis

• Fixed a race condition in pathfinding
• Fixed an issue where Agent results could be erroneously ignored during an import

Reporting

• Upgraded XLSX export API so values are in line with PDF and console views

Telemetry

• Telemetry improvements to help with support issues

Third-Party Integrations

• Updated the Rapid7 vulnerability parser to better handle unexpected formatting errors from the source
• Added support for non-standard CPEs as seen in Tenable vulnerability data
• Suppress many MSDE informational messages to clear up console logs
• Fix an issue with parsing timestamps from MSDE output

Remediation

• UI fixes

Hashes

{
  "DATE": "Tue Aug 29 16:06:10 PDT 2023",
  "windows_scan": "fc3f49c528d66e619b15f226dc57f81dac658a1f",
  "linux_scan": "d88ed2464ea9265397cb6085d0ab3ea46347e0f7"
}

Version 3.07

Released 2023-07-10

Agents

• Laid the groundwork to start removing Powershell as a requirement for agents. Many EDRs – Microsoft’s included – fire false-positive alerts whenever any process calls out to Powershell
• Fixed a bug in Windows agent scanning where not all of the target hosts were getting the required scan jobs
• Fixed an issue in the Windows agent where we tried to use the active Windows username before we’d actually collected it
• Added a Configuration Alert when an agent contacts the appliance with what it THINKS is a valid token, but the agent is not registered to this appliance

Analysis

• Significant analysis performance increase and reduction in memory requirements during analysis. You don’t see both of those together every day!

Management Console Backend

• Bugfixes for the appliance service that receives and processes agent data
• Fixed a corner-case where a trickle of agents checking meant the work queue was never really empty, making certain data processing jobs seem to run “forever”

Management Console UI

• Fixed an issue where “Insufficient Peer Comparison Data” would appear on the dashboard instead of the Peer Comparison chart
• Host details: Unpatched vulnerabilities was using a legacy API and reporting global vulnerabilities instead of host-specific details
• Performance optimizations when data-gathering and rendering the Risk Insight -> Patches report
• Significant optimizations in the Scan Logs section. Added pagination and clearer syntax highlighting

Reporting

• Fixed issues that prevented XLSX report generation with certain data sets
• Changed internal API and Front-End behavior to show only unsuperseded patches by default; this means that the work required on many host and patches reports will be significantly smaller, since we prioritize the LATEST patch, not just the FIRST patch that fixes a particular CVE
• Updated internal API to support both direct risk and cumulative risk for patches, which allows us to express the paths differently based on the patch content

Third-Party Integrations

• Added support for the Wazuh vulnerability scanner –

Hashes

{
  "DATE": "Mon Jul 10 13:56:46 CDT 2023",
  "windows_scan": "da2224de1d0e49e5e0cae0961bb0f78cd46c4061",
  "linux_scan": "b567a5d9603bc04c1c3bf2eb96c7298a0c03eeb6"
}

Version 3.06

Released 2023-05-19

Analysis

• A new, highly optimized pathfinding algorithm significantly improves analysis performance

Agents

• Better handle corrupted messages from agents

Management Console Backend

• Fixed several issues stemming from use of legacy backend API endpoints alongside “new” endpoints in several views, resulting in value mismatches between Reports and drill-down menus

Management Console UI

• New! Redesigned layouts for all of the Details pages. Drill down from any Risk Insight report for a whole new look at paths, users, hosts, and more!
• Ported all of our graphical widgets to the backend. This allows for scheduled emails of PDF reports, improves UI performance, and enables easier integration with third-party dashboards
• Fixed an issue where searching for malformed text resulted in a blank screen

Reporting

• New! Added the ability to export a dashboard as a PDF and/or send it via email. Currently only supported on the “Summary” dashboard, but support for custom dashboards is coming soon
• Fixed several issues related to PDF report generation
• Migrated dashboard configuration settings from the browser’s local storage to the DeepSurface appliance; this cleared the way for automating dashboard PDF reports
• Added Recent Users column to XLSX version of Risk Insight host report

Scanning Data Gathering

• Fixed an issue where invalid MAC addresses were not being removed from hosts prior to storage in the db
• Fixed issue where host analysis data was being rejected due to unexpected values
• Added ability to fetch a list of builtin (statically linked) modules on linux systems

Setup/Administration

• Built a new debian and pip package host, mirror.deepsurface.com, for use in situations where firewalls prevent access to official repos

Third-Party Integrations

• MDE: clean up partial downloads from failed syncs
• New vulnerability scanner: Amazon Inspector. Supports both v1 and v2 of the API

Hashes

{
  "DATE": "Fri May 19 13:28:09 PDT 2023",
  "windows_scan": "89eca38b12ffd27c98ed7dfe9897f85555187eef",
  "linux_scan": "2f432aadb40a0c4b55d62de495f8acfb80333315"
}

Version 3.05

Released 2023-04-07

Feed/Sync Service

• Extract more descriptive text from our existing patch feeds

Management Console UI

• Added Accepted Risk! Select hosts or vulnerabilities and add them to a risk acceptance plan. See the in-app help for more details
• Added a optional marker in Risk Over Time widget to show when “Patch Tuesday” happened; this may help in explaining sudden spikes in risk on the 2nd Tuesday of every month

Remediation

• Fixed blank screen after adding items to Remediation “shopping cart”
• Remediation-specific configuration alerts are now redirected to the Remediation section so you can find them easier

Reporting

• Filters previously available only in Vulnerability Instances have been added to all applicable reports
• Added pagination to all reports. Page through ALL hosts/patches/vulnerabilities instead of just the top 100
• Enable filtering by multiple tags

Scanning Data Gathering

• Gather UDP listening ports and established connections while scanning hosts
• Fixed issue where Recon timed out given scans of large networks that block ICMP. Run both ICMP and TCP scans in parallel instead of getting mired in ICMP error processing
• Ignore Cisco default MAC address that Cisco assigns to SSL VPN clients
• Added a means to detect and model external connectivity. In other words, modeling of adversaries outside your network making entry through open ports to services deep inside your network, and how they can pivot to sensitive assets.

Setup/Administration

• Added file hashes to release notes for components of the DeepSurface backend that are involved in scanning. If the hashes are the same between releases, then all of the changes are internal appliance/UI related; if the hashes do not match, check the Release Notes for information regarding the Scanning Data Gathering changes between the releases

Telemetry

• Fixed DeepSurface telemetry through HTTP proxies

Third-Party Integrations

• Rapid7: Mitigated memory leaks in a third-party XML parser that caused issues parsing large XML reports
• Integrated with the Eclypsium supply chain security platform in order to model chipset, firmware and network device vulnerabilities
• Rapid7: Better handle HTTP timeouts when syncing vulnerability data
• New Crowdstrike integration: analyze and prioritize vulnerabilities reported by Crowdstrike Falcon
• MSDE: Caught and fixed a sync timeout with and without an HTTP proxy

Hashes

{
  "DATE": "Fri Apr  7 12:53:19 PDT 2023",
  "windows_scan": "4c61f0c6e6647f2c83d57de5c0c25d95d93d15f8",
  "linux_scan": "b0a277c32ed615e8ddba18c8878d2ed10ba377e5"
}

Version 3.04

Released 2023-03-06

Analysis

• Reduced pathfinding debug messages

Installation Scripts

• Ensure use of system CA certificates at product install time

General UI Updates

• Activity->Task and Reporting->Exports interfaces clearly communicate task status and feature unified styling consistent with the rest of the application
• Button styling changes app-wide bring all interfaces inline with current design language
• Charts and visuals better scale to various containers and screen sizes

Management Console UI

• The Vulnerability Instances report has all new features imported from the ‘experimental’ instances report that once lived under Explore
• New Drag & Drop dashboard editing interface
• Added support for multiple dashboards
• New (and updated) dashboard widgets
  • Vulnerability Instances: CVSS Score Breakdown – See the breakdown of all the CVSS scores of all instances in your environment
  • Vulnerability Instances: Exploit Status Breakdown – Similar to the CVSS score breakdown, see the breakdown of all vulnerability instances’ exploit status
  • Vulnerability Instances: Prioritization – New “donut” variant shows how DeepSurface categorizes and prioritizes all the vulnerability instances by various categories
  • Priority List – now shows more information based on how wide the widget is. (edited)
  • New Priority bar chart variant shows an overview of priority items in your environment; similar to the Risk Insight report of the same type
  • Remediation Plans – shows an overview of all your draft and active remediation plans

Remediation

• Fixed blank screen after adding items to Remediation “shopping cart”
• Remediation-specific configuration alerts are now redirected to the Remediation section so you can find them easier

Reporting

• Replaced Chromium-based PDF creation. New reports are better, faster, and use less CPU/RAM

Scanning Data Gathering

• Recon uses IPs from third-party data (vulnerability scanners) as hints. This allows users to configure aggressive IP ranges (e.g., /16 CIDRs) while ensuring we’re hitting important machines within the scan time limit
• Ignore Cisco default MAC address that Cisco assigns to SSL VPN clients
• Fixed issues collecting last scan times during agentless scans
• Bugfixes to Linux agentless scanning on non-EN.US hosts

Third-Party Integrations

• Crowdstrike integration: analyze and prioritize vulnerabilities reported by Crowdstrike Falcon
• Rapid7: Fixed Out of Memory issues while parsing very large XML reports
• Rapid7: bugfixes and optimizations in API integration
• Rapid7: collect more data that uniquely identifies a host from API

Version 3.03

Released 2023-01-26

Product Documentation

• New in-app documentation and a Help Center link that displays all of the help ‘hints’ for the given section

Remediation

• Fixed error where moving certain vulnerabilities can’t be selected as Remediation tasks

Scanning Data Gathering

• Add the system uuid as collected by Rapid7 when collecting unique identifiers for a host
• Improved debugging messages allow support to better identify issues matching DeepSurface scans to scans coming from third-parties
• Improved data gathering from ssh files (authorized_keys, configuration, etc.)
• Better handle when we get ‘Permission denied’ errors when parsing ssh files

Third-Party Integrations

• Ensure proper cleanup of older Rapid7 scans to prevent re-using them
• Fixed MSDE import bug when extracting OS version
• Better handle when Rapid7 says a report they just told us about doesn’t exist
• Fixed issue parsing MacOS version out of MSDE response
• Fixed hostname extraction from certain MSDE responses

Version 3.01

Released 2022-11-22

Sensitive Assets

• Added Sensitive Asset Policies: easy to define rules that automatically apply impact scores based on simple policy definitions. Note: existing impact scores and assets remain untouched and can still be edited/viewed/updated the same way from the same place
• Asset Policies can be applied to any existing or future database, so you don’t have to edit asset impact for each new db that you add to your network

Agents

• Fixed locale decoding errors on non en-US versions of Windows

Analysis

• Fixed a rare edge case where a “from node” has a “to node” that has managed to expire during model building

Management Console Backend

• AUDIT logs are now more specific about what user operation is happening

Management Console UI

• Fixed scan group modals occasionally opening on the wrong tab when multiple tabs are being used for configuration
• Config alerts: fixed issue that caused some config alerts to display (ms-atp) as the Subject instead of the appropriate vulnerability scanner
• Updated search filters to include Tag filtering wherever applicable
• Fixed scrolling in Remediation “shopping cart”

Product Documentation

• Added documentation for self-serve installation of Azure Marketplace image
• Added section explaining the need for Administrative Access when scanning Windows hosts without agents

Remediation

• Added concurrency to remediation “jobs”: sending emails, updating JIRA via API, etc.
• Exporting tasks via Remediation Workflow now allows you to mix & match your export preferences and remembers them so you don’t have to redo them later

Scanning Data Gathering

• Fixed ‘lastlog’ parsing in older OpenSUSE releases
• Use CarbonBlack Cloud DeviceIDs to help uniquely identify Windows and Linux hosts

Telemetry

• Fixed a double-reporting issue in telemetry, where a specific exception was often immediately followed by another related exception, resulting in double counting

Third-Party Integrations

• Improved messages when we encounter connection, host resolution and other errors during vulnerability scanner data sync
• Better handling and reporting when third-party vulnerability scanner vendors have intermittent SSL certificate issues
• Modified our third-party Nessus vulnerability scan data synchronizer to reuse code written for the Tenable.io synchronizer

Version 3.0

Released 2022-10-07

Agents

• MacOS agent now collects information about recent RDP connectivity

Management Console UI

• Updates to link icons to better show their behavior on-click
• New “funnel” widget in default dashboard shows you all the work DeepSurface does to classify vulnerabilities and remove unnecessary work even BEFORE modeling/analysis begins

Remediation

• Remediation Workflow is fully released; check our website soon for tutorials, blogs and deep-dives into how it works… or try it out for yourself
• Send Remediation tasks via email

Scanning Data Gathering

• Configurable TCP ports for Recon. Recon (is this host alive?) will fail in environments with only non-standard ports. See – and modify – the ports we use for recon in Scanning -> Settings -> General Settings
• Fixes for scanning Windows hosts with non-English locales
• Refactored Agentless scan module to use a new, faster and better-defined interface

Third-Party Integrations

• Fixed CyberArk connection caching issues
• New Third-Party Scanner integration: Nozomi Guardian
• Optimizations to greatly increase Rapid7 scanner sync speed

Version 2.16

Released 2022-09-07

Management Console UI

• Last release we improved the performance of the Config Alerts page. This release we’ve paginated the config alerts to help deal with a large amount of configuration alerts, especially early on in deployment
• Updated our UI to better explain when links are external, open in a new tab, or take you to a new place within our application
• Added the ability to de-register an agent from the main console UI
• Adjusted how/when the “save” button activates while editing your profile
• Fixed an issue where certain tasks were marked as completed but their duration timer continued to increase
• Fixed an issue where Sensitive Assets filters would sometimes omit assets from filtered hosts

Remediation

• Remediation Workflow beta is now available! We’ll be demonstrating this new feature to existing customers this month to collect feedback
• Add ability to export remediation items to Jira

Reporting

• Fixed issues with emailing reports to SMTP servers that do not require authentication

Scanning Data Gathering

• Replaced longopts (like –prompt) with short options (-p) to expand support for older Linux distros
• Updated some of our Linux scripts to handle legacy output for certain older Linux distros
• Added the ability to specify one or more alternative SSH ports to try while scanning [Customer Feature Request]
• Improved Windows version detection
• Added functionality to generate public SSH keys from discovered private keys to help flesh out our model with SSH edges

Third-Party Integrations

• Optimized data gathering for MSDE and Tenable APIs to significantly speed up sync [Customer Feature Request]
• Refactored rule evaluation during vulnerability import jobs resulting in substantial (10x+) performance improvement

Version 2.15

Released 2022-08-17

Agents

• Added mail client usage detection to the MacOS Agent
• Added browser usage detection to MacOS Agent
• Added a new, optional system where the DeepSurface appliance manages certificates for agents. This removes the burden of having to obtain both a public domain name and a trusted SSL certificate during agent deployment. This is currently managed via the MANAGE_MINION_HTTPS_CERT setting in /etc/kanchil/deepsurface.conf

Management Console UI

• Under Activity, running jobs manually now offers an option to disable automatically running the next step in the list [Customer feature request]
• Relaxed endpoint validation when setting up agents to allow for the new DeepSurface-managed “minion” HTTPS certificates
• Pressing ESC should now close all flyouts in the Reporting UI
• Reworked the credentials UI to be more flexible and better handle complicated PAM integrations [Customer feature request]
• Configuration Alerts page optimizations [Customer enhancement request]
• Vulnerability Instances Report: Moved the filters above the chart to help indicate that the chart changes with changes in the filters

Reporting

• Fixed an issue where risk labels in the web UI and exported data would differ
• SMTP configuration for email reports now allows you to disable the TLS requirement. NOTE: TLS is strongly encouraged; disabling TLS should only be done for testing or for use in secure environments [Customer feature request]

Version 2.13

Released 2022-06-03

Agents

• We’ve changed the way we deploy Windows agents, both to make it easier to get the latest agent as well as to prepare for deploying agents without a trusted SSL certificate
• Added a macOS agent. Download/installation is similar to the Windows agent and in the same place: Scanning -> Agents
• Fixed Windows agent logging extra newlines
• Fixed Windows agent issue where multiple MSSQL instances on a single host could result in a hang

Analysis

• Optimized db queries have made viewing/editing edges in the Explore interface much faster

Management Console UI

• Added a spinner during bulk updates of sensitive assets so you don’t navigate away in the middle of the update

Reporting

• New Report: Users at Risk. Check in Risk Insight for a new report that shows the accounts in your environment sorted by risk. PDF and XLSX exports included

Scanning Data Gathering

• Connectivity testing is part of the agent/agentless scan process and no longer a separate step.
• Agentless scanning can now use ECDSA SSH keys

Version 2.12

Released 2022-04-28

Management Console UI

• Configuration alerts are now removed for Windows domains and vulnerability scanners when the associated configuration is removed.

Reporting

• The Risk Insights Vuln. Instances report now offers an option to organize instances by the vulnerability scanner signature. This allows users to better compare the results presented in vulnerability scanner reports with the improved insights offered by DeepSurface.

Third-Party Integrations

• Added support for CyberArk as a new PAM. CyberArk can be configured in the credentials area and will be used as a source of credentials during agentless scans to access specific hosts.
• Improved reliability of imports from Rapid7’s API.

Version 2.10

Released 2022-03-04

Analysis

• Improved performance of analysis job.

Reporting

• Various usability and performance improvements to the Vulnerability Instances report.
• Performance improvements to recently updated Explore interface.
• More details about CVSS scores are included in the web console in several locations.
• Improved usability of email recipients configuration for exported reports.

Setup/Administration

• Certain security-relevant log events are now sent to the host syslog. Additional events can be sent to syslog as well through configuration changes.
• Added support for outbound HTTP proxies. Configuration can be performed either from the command line (typically during the early stages of installation), or from the web console after installation. Outbound communications that can be configured to use a proxy include: system package updates, rule feed downloads, subordinate scanner communications, vulnerability scanner APIs, and the AWS API.

VM Images

• Various minor improvements to the base VM images and installation scripts, including more explicit warnings and simplified options for changing the system time zone.
• Any outstanding OS security updates are installed more quickly during initial installation.

Version 2.9

Released 2022-01-31

Management Console Backend

• Corrected an issue that prevented scan jobs and agent result processing from stopping upon user request.
• Began to automatically tune PostgreSQL on the DeepSurface VM based on the memory resources configured on the VM. This should enhance query performance.

Management Console UI

• Performance improvements to the Vuln. Instances report and other pages that rely on similar filters.
• Added an option to Authentication Providers to allow for SAML 2.0 auto-provisioning of users. If set, new user accounts will be created upon their first successful SSO login attempt.
• Corrected a defect where Host Scan configuration alerts were incorrectly removed by subsequent scans if the associated hosts were not included in the subsequent scans.
• Extensive performance improvements throughout the DeepSurface web console, particularly in the Risk Insights areas.
• Major refresh of the Explore interface, providing much better usability, particularly when editing elements of the threat model.

Product Documentation

• Added quick access to documentation on how to fix the server clock.
• Added a section to the manual which provides guidance on how to ensure the DeepSurface VM system clock is kept in sync using openntpd and ntpdate.

Reporting

• When sending email reports, we now include the report title in the subject line.

Scanning Data Gathering

• Began integrating Internal Connectivity scans into agentless scans. Separate Internal Connectivity scan jobs will still be permitted until the integration is complete.

Version 2.8

Released 2021-12-23

General - Refactoring

• Optimized how we parse and import data from third-party scanners

Management Console UI

• Rename “Last Analysis” to “Last Processed” in the Agent/Agentless status boards to help clarify what the date truly represents
• Added identity, purpose, and subpurpose fields to certificate info pop-up
• Updated Scan Group Default Settings UI and option placement

Other

• Expanded Microsoft patch data to include Click-to-Run updates.
• When the DeepSurface console server’s clock is out of sync from the DeepSurface feed server’s clock, issue a prominent warning so that users have an opportunity to fix the clock and prevent a cascade of failures and unexpected behaviors.

Remediation

• Added global settings for remediation backend
• Backend enhancements in preparation for remediation workflow

Reporting

• PDF exports have more descriptive file names to help keep track of their contents

Setup/Administration

• Maximum Scan Parallelism is user-configurable, but should not be set above 40 in almost all cases
• Previous/Next buttons no longer scroll off the screen when editing Sensitive Assets

Third-Party Integrations

• Added support for Carbon Black Cloud as a source of vulnerability information

Windows Agent

• Added the ability to pause autoupdates
• Added command-line options to make it easier to enable and disable debug mode
• Optimization: Limit the Windows Agent scan for PEM files to commonly used folders

Version 2.7

Released 2021-11-24

Build/Packaging

• Released a BETA virtual machine image on the Azure Marketplace.

Management Console UI

• Completely redesigned Reporting Dashboard. Fully customizable on a per-user basis. Add/remove/organize dashboard widgets to your liking. More coming soon!
• Fixed pagination being off-by-one when viewing the default scan history pages
• New configuration page: Scanning->Settings->General Settings. Collects settings that exist in the union of Agent and Agentless configuration options.
• Greatly expanded the flexibility of tag definitions, allowing for multiple wildcards, and lists of specific hosts, in addition to the existing network range specifications. Also allow all of these filter types in exclusions to make it easier to fine tune the set of included hosts.
• Renamed “External Vulnerability Scanner” to “Vulnerability Scanner Data” in the Activity section
• Refreshed the design and interactivity of the Risk Over Time chart on the dashboard, making it more configurable in the display of event and time-series data.
• Scan data for individual hosts can now be deleted through the Scanning>Status area. Primary use case is to remove hosts that are known to have been decommissioned, but have not yet expired from DeepSurface.

Other

• Added a new tab to the Vuln. Instances XLSX export reports which includes deeper details about hosts, patches and vulnerabilities listed in the first tab to make the output more actionable in remediation.
• Expanded Microsoft patch data to include Click-to-Run updates.
• Significantly improved performance and responsiveness in Risk Insights and other areas of the main console web interface.
• Updated the Vuln. Instances report with a new category that captures vulnerability information about hosts DeepSurface has not yet scanned. Reorganized categories of instances in a way that is easier to filter for remediation.
• It is now possible to view past jobs and relevant information for 2 different background tasks. The Agentless scan job and the Import Vulnerability Scanner Data now have “job History” buttons below the main button for kicking off the task
• The Reporting Dashboard has been completely re-built from scratch to more versatile and useful. DeepSurface will recommend a default layout for you when you first visit the dashboard, but now the contents can be completely customized by hitting the Edit gear in the top right of the dashboard. Once clicked, you can drag content around, adjust what each section shows, and even completely add and remove entire sections or widgets. This functionality will grow as more features are added to DeepSurface. This will also pave the way for exportable dashboards that can be printed or shared, as well as the ability to create multiple specialized dashboards.
• Improved tracking of user login activity on Linux and MacOS.
• Updated Microsoft patch labels to include “KB” in front of the knowledge base number for clarity.

Scanning Engine

• Fall back to SIMPLE authentication over SSL when NTLM fails in an attempt to gather Active Directory content from very locked-down AD environments
• Customer can now configure the maximum age of vulnerability scan results accepted during an import. If vulnerability scan results for a given host are greater than this age, then not considered valid and will be ignored.

Third-Party Integrations

• Added beta integration to collect sensitive asset information from Lansweeper exports

Version 2.6

Released 2021-10-11

Feed/Sync Service

• Added a patch feed for MacOS
• Added a patch feed for AWS Linux

Management Console UI

• Some labeling in the UI has changed for consistency; what used to be an “Authenticated Scan” is now an “Agentless Scan”
• Instead of prompting you for a username and password on the same page, these prompts are on separate pages. Our SAML/OAuth integrations require us to ask for your login first, then either redirect for SSO or prompt for a password.
• Risk Insights -> Report: changed email multiselect to a mini-popup
• UI updates when editing domain names and scan group schedules
• If you have a credential named “My Credential” and you copy it, the duplicate will now be called “Copy of My Credential”
• The IP Ranges field has been adjusted to more clearly show the relationship between included and excluded IP Ranges while creating or editing a tag
• Added filtering to Global Setup -> Certificates
• All connected edges are highlighted when you select a node in graph view, making it easier to locate edges when there are many overlapping edges in the view
• Added a new, graphical summary for the top paths when viewing hosts, patches or vulnerabilities

Product Documentation

• Updated the Agent documentation to include more command-line examples

Reporting

• Emailed reports now include the name of the report configuration, making it easier to track down and add new people to interesting reports (or to unsubscribe from unwanted reports)

Scanning Engine

• Added support for agentless scanning of AWS Linux hosts
• Added support for agentless scanning of macOS hosts
• Modified Windows Agent to run all scanning scripts in a consistent way across all protocols (SMB, SMB/WMI and WinRM)

Setup/Administration

• SMB/WMI is now the default protocol for Agentless Scanning. The SMB protocol is still available, but will be deprecated in a future release.
• Have Qualys, but you’re curious about our Microsoft Defender for Endpoint integration? We’ve added contextual help for configuring and managing vulnerability scanners.
• The all-new onboarding wizard supports both agent and agentless configurations. Also, the new wizard lets you configure DeepSurface using a simple checklist or detailed, contextual documentation

Third-Party Integrations

• Add Okta 2FA support
• Added SAML support for web console user authentication

Windows Agent

• Agent scan logs are now sent to and displayed on the DeepSurface console.

Version 2.5

Released 2021-09-03

Other

• Added contextual help to filters in Risk Insights -> Vulnerability Instances
• API Core Reports: Hosts, Patches, Vulnerabilities, Instances. All the information we use to generate all of the core reports is now available via API

Reporting

• Usability: made it easier to select/deselect email recipients in Report creation sections

Scanning Engine

• Improved Delinea integration to allow for more flexibility on where various authentication attributes are sourced.

Setup/Administration

• Rebuilt Agent configuration/deployment pages. More information, easy to read summaries, and copy/pastable command-lines
• Refactored the Scan Groups configuration area to have a more intuitive interface.
• Added duration specifiers wherever you need to enter times; specify 12 minutes, 12 hours or even 12 days without having to resort to time math
• Added a top-level scanning dashboard with status and summaries for agents as well as hosts scanned via authenticated scans

Version 2.4

Released 2021-07-31

Reporting

• The core Risk Insights reports can now be exported in .xlsx spreadsheet format, which is configurable from the web console.
• The core Risk Insights reports can now be exported in .pdf format, which is configurable from the web console.
• A new Reporting>Exports section was added to the web console, giving users the ability to generate various types of reports to be exported in .pdf and .xlsx format. The reports can be configured to run on a periodic basis and optionally emailed to designated recipients.

Scanning Engine

• Added support for Delinea Secret Server PAM. During agentless scanning, DeepSurface will retrieve credentials from Secret Server for use during the scan.
• DeepSurface now represents individual host access to domain computer/machine accounts based on a better understanding of implicit permissions of the Local System and virtual service accounts.

Setup/Administration

• Many different setup pages related to scanning were reorganized into a single, more coherent top-level “Scanning” area and incorporated into the new three-level menu scheme.
• DeepSurface can now send email via SMTP (over TLS). This allows for the emailing of generated report exports. This will be used for additional kinds of notifications in the future as well.
• Email addresses can now be associated with web console user accounts. These addresses are used by the reporting system.
• The previous Global Settings and Project Settings areas have been refactored in to a single Setup section under a new three-level menu system. This should make it much easier to find various settings due to the more logical groupings.

Windows Agent

• Scans run manually from the command line (typically for testing purposes) will now execute as Local System as scheduled scans typically do, avoiding some potential privilege limitations.

Version 2.3

Released 2021-06-29

Third-Party Integrations

• DeepSurface is now available on the AWS Marketplace! We have two versions: Bring Your Own License (BYOL) and Metered. With BYOL, you simply plug in your license key and you’re running the DeepSurface console in the cloud! The Metered solution offers you the ability to run DeepSurface without a license, and get billed for usage through AWS
• Support Microsoft Defender for Endpoints. We now support using Microsoft Defender for Endpoints (formerly Microsoft ATP) as a vulnerability scanner.
• Support for using Microsoft LAPS as a Privileged Access Manager (PAM). This is the first of several PAMs on our roadmap
• Add Trust on First Use (TOFU) for third-party scanners. Some scanners allow you to specify a private SSL cert. In these instances, you can opt to trust the certificate the first time you encounter it.

API

• DeepSurface API Beta. Create access keys and query/import/export sensitive assets. This is the first step towards providing full API access to all of our data.

Management Console UI

• Configuration alerts now include timestamps
• Better configuration failure messages for domain controller misconfigurations

Scanning Data Gathering

• Better handle duplicate IPs. Many people use the same IP ranges on home networks. We’ve changed how we add these to our threat model to ensure the machines that look like they’re on the same subnet truly are, and that duplicate IPs are suitably unique-ified

Version 2.2

Released 2021-05-27

Management Console Backend

• New feature: Tags. Hosts can be grouped together based on any arbitrary grouping convention such as location, type, owner.

Management Console UI

• Create groups of hosts and tag them. Create groups based on IP ranges, host name convention, or pick and choose individual hosts. Examples might include “Workstations,” “Buenos Aires,” “Jed’s Responsibility”
• Filter all reports by tags. Now it’s easy to get reports limited to just the systems that interest you. See all the patches required in the Marketing department, for example
• Take a look at the all new Risk Insights UI. We collect a tremendous amount of data and have been working hard to find better ways to present it in a way that is both clear and actionable. The new UI offers a simple, clear view of the vulnerabilities in your network. The new, embedded help text and graphics when viewing the model help you identify escalation paths faster than before
• Enhanced our config alerts when dealing with Domain Controllers we can’t connect to

Product Documentation

• Did you know we have a documentation portal? We’ve updated it with links to all our documentation, release notes and license information: https://docs.deepsurface.com/public/

Version 2.1

Released 2021-04-28

Management Console UI

• User experience: The Web interface redesign has further implemented a new user experience meant to enable more intuitive and efficient DeepSurface operations and better responsiveness.

Analysis

• Performance improvement: Analysis performance is improved through a major enhancement to the risk calculation algorithm.
• Windows risks are now analyzed more efficiently, offering better overall performance.

Windows Agent

• Windows: Stored MSCACHE password hashes are now discovered and modeled, reflecting privilege escalation risks to the domain users in question

Version 2.0

Released 2021-03-30

Third-Party Integrations

• Qualys VMDR: Support added. Customers can now import VMDR vulnerability scan results via API and manual file uploads. AWS: SSH key pairs are now discovered and correlated with users’ authorized keys in EC2 instances.

Analysis

• A bug was fixed that prevented the creation of vulnerabilities with underscores or spaces in their names. Spaces are no longer accepted and underscores are allowed.

Management Console UI

• The Web interface has been redesigned to enable more efficient navigation and administration. Functions are now accessed via a collapsible navigation menu on the left and context specific tabs across the top. Many Functions that were previously found in Administer have been relocated:
  • “Activity” is now where you manage Background Tasks and view Configuration Alerts
  • “Scanning” is now where you configure and manage all things scans related (scan groups, network connectivity, scan logs, cloud scanning, and agents)
  • “Global Setup” is where the previous Global Settings resides
  • “Project Setup” is where the previous Project Settings reside. This includes configuring scan credentials, sensitive assets, and vulnerability scanners.
• Analytical cross-referencing has been simplified, enabling you to more easily investigate vulnerabilities and their impact on organizational risk. Patch reports show a list of hosts missing the patch and per-host impact. Clicking the host links in the widget will run the Vulnerability Instances report for deeper investigation of the host and patch, including remediation advice.
• License usage and availability are now documented in About.

Version 1.5

Released 2021-03-02

Windows Agent

• Remote and disconnected Windows hosts can now be scanned via a locally installed agent, enabling reliable data collection from previously unreachable or intermittently available assets. Supported platforms include:
  • Windows 7
  • Windows 10
  • Windows Server 2008
  • Windows Server 2012R2
  • Windows Server 2016
  • Windows Server 2019

Scanning Data Gathering

• Linux host scanning was enhanced to include Active Directory domain memberships. When scanned Linux hosts are domain members, user access rights inherited from AD on the host will be modelled.
• SSH keypairs are now cataloged, enabling the modelling of OpenSSH key-based access grants throughout the scanned environment
• More precise vulnerability risk is assigned based on loaded kernel modules, since some vulnerabilities only apply to certain loaded modules
• Performance enhancements have been made to efficiently analyze unusually large Active Directory group membership record sets

Management Console UI

• General usability and clarity were improved
• Contextual help was added throughout
• User inputs are better validated to prevent erroneous configuration
• Default dialog actions were changed from Cancel to Save to prevent Enter key from clearing entries

Setup/Administration

• One-time installation codes are now verified immediately, and installation is halted if verification fails. Previously, installations would fail during package update if an invalid code was entered.
• OVA images default to fully allocate assigned disk space. Previous versions dynamically grew up to the maximum allocation, causing failures in some implementations that were unable to dynamically grow the disk.

Version 1.4

Released 2021-02-02

Third-Party Integrations

• Cloud scanning: added support for AWS EC2 scanning, enabling the discovery and modeling of instance access rights (i.e., which users can access which VMs)

Scanning Data Gathering

• Linux scanning: loaded kernel modules are now detected, enabling module-specific vulnerability analysis, modeling, and reporting
• Scan credentials: added a user-configurable label to differentiate between identical credentials
• Scan groups
  • Multiple scan schedules are now available
  • Scan Groups page now shows full scan schedule details (previously only showed daily, weekly, monthly, or manual)

Setup/Administration

• Sensitive Assets
  • Bulk asset impact editing was added (previously, impact values could only be assigned to one asset at a time)
  • Host keyword filtering was added to aid in the identification and marking of specific high value assets
  • Added pagination so more than 100 assets are viewable
• Installation Wizard
  • Required configuration steps are now more obvious in the Web UI
  • Completed steps are more quickly and accurately recognized
  • Wizard dialog no longer reappears during manual configuration until a step is chosen from the wizard status footer

Reporting

• Vulnerability Instances now identifies “overridden” vulnerability scanner results that were superseded by better results from DeepSurface scans

Scanning Data Gathering

• Domain Controller discovery is more reliable, leading to more complete and accurate Active Directory scans

Installation Scripts

• Network configuration is more stable and usable
  • OVA no longer specifies a network card so the implementer can choose the best NIC for the environment
  • Error condition handling is improved
  • MAC addresses are no longer truncated

Version 1.3

Released 2021-01-07

Scanning Data Gathering

• Configuration Alerts: MS SQL scan failure alerts are now properly raised. Previously, authorization failures received during scans were not reported, preventing customers from easily identifying impeded scans.

Analysis

• Phishing risk: Phishing risks have been made less prominent in the reports by marking them as non-correctable issues. The overall risk of these issues remains the same, but they no longer skew the priorities of the primary reports.

Third-Party Integrations

• Rapid7’s InsightVM: Support added. Customers can now import vulnerability scan results via API or XML file.
• Tenable: Added configuration alerts when Tenable product scan errors are imported with scan results. This enables customers to more quickly identify when complete vulnerability data is missing for specific hosts, and how to resolve the Tenable error condition.

Reporting

• Vulnerability Instances: The category legend can now be collapsed to better view the icicle chart.

Management Console Backend

• Background Tasks: Risk Analysis and Prioritization performance and speed are markedly improved.

Bugfixes

• vCenter OVA import: Virtual appliance OVF conformance check failure resolved. Previously, vCenter would fail to import the DeepSurface OVA.

Version 1.2

Released 2020-12-31

• Improved Windows scanning – agentless authenticated data collection is possible from more Windows systems than the most popular vulnerability scanners
• Vulnerability Instances enhancements – added contextual help, table export, and bug fixes
• Strategize enhancements – Added two new Peer Comparison widgets showing stats comparing your risk score and performance over time against similarly sized peers

Version 1.1

Released 2020-10-31

• Vulnerability Instances – a new report was added to Analyze which helps security engineers and IT staff do deeper cross-referencing between issues reported by their vulnerability scanner and how DeepSurface has modeled it
• Several performance improvements, including better UI responsiveness and more scalable pathfinding algorithms
• A variety of bug fixes

Version 1.0

Released 2020-09-01

• Initial release