2022q2 2.12

Version 2.12

Released 2022-04-28

Management Console UI

  • Configuration alerts are now removed for Windows domains and vulnerability scanners when the associated configuration is removed.

Reporting

  • The Risk Insights Vuln. Instances report now offers an option to organize instances by the vulnerability scanner signature. This allows users to better compare the results presented in vulnerability scanner reports with the improved insights offered by DeepSurface.

Third-Party Integrations

  • Added support for CyberArk as a new PAM. CyberArk can be configured in the credentials area and will be used as a source of credentials during agentless scans to access specific hosts.
  • Improved reliability of imports from Rapid7’s API.
2022q1 3 2.10

Version 2.10

Released 2022-03-04

Analysis

  • Improved performance of analysis job.

Reporting

  • Various usability and performance improvements to the Vulnerability Instances report.
  • Performance improvements to recently updated Explore interface.
  • More details about CVSS scores are included in the web console in several locations.
  • Improved usability of email recipients configuration for exported reports.

Setup/Administration

  • Certain security-relevant log events are now sent to the host syslog. Additional events can be sent to syslog as well through configuration changes.
  • Added support for outbound HTTP proxies. Configuration can be performed either from the command line (typically during the early stages of installation), or from the web console after installation. Outbound communications that can be configured to use a proxy include: system package updates, rule feed downloads, subordinate scanner communications, vulnerability scanner APIs, and the AWS API.

VM Images

  • Various minor improvements to the base VM images and installation scripts, including more explicit warnings and simplified options for changing the system time zone.
  • Any outstanding OS security updates are installed more quickly during initial installation.
2022q1 2.9

Version 2.9

Released 2022-01-31

Management Console Backend

  • Corrected an issue that prevented scan jobs and agent result processing from stopping upon user request.
  • Began to automatically tune PostgreSQL on the DeepSurface VM based on the memory resources configured on the VM. This should enhance query performance.

Management Console UI

  • Performance improvements to the Vuln. Instances report and other pages that rely on similar filters.
  • Added an option to Authentication Providers to allow for SAML 2.0 auto-provisioning of users. If set, new user accounts will be created upon their first successful SSO login attempt.
  • Corrected a defect where Host Scan configuration alerts were incorrectly removed by subsequent scans if the associated hosts were not included in the subsequent scans.
  • Extensive performance improvements throughout the DeepSurface web console, particularly in the Risk Insights areas.
  • Major refresh of the Explore interface, providing much better usability, particularly when editing elements of the threat model.

Product Documentation

  • Added quick access to documentation on how to fix the server clock.
  • Added a section to the manual which provides guidance on how to ensure the DeepSurface VM system clock is kept in sync using openntpd and ntpdate.

Reporting

  • When sending email reports, we now include the report title in the subject line.

Scanning Data Gathering

  • Began integrating Internal Connectivity scans into agentless scans. Separate Internal Connectivity scan jobs will still be permitted until the integration is complete.
2021q4 2.8

Version 2.8

Released 2021-12-23

General - Refactoring

  • Optimized how we parse and import data from third-party scanners

Management Console UI

  • Rename “Last Analysis” to “Last Processed” in the Agent/Agentless status boards to help clarify what the date truly represents
  • Added identity, purpose, and subpurpose fields to certificate info pop-up
  • Updated Scan Group Default Settings UI and option placement

Other

  • Expanded Microsoft patch data to include Click-to-Run updates.
  • When the DeepSurface console server’s clock is out of sync from the DeepSurface feed server’s clock, issue a prominent warning so that users have an opportunity to fix the clock and prevent a cascade of failures and unexpected behaviors.

Remediation

  • Added global settings for remediation backend
  • Backend enhancements in preparation for remediation workflow

Reporting

  • PDF exports have more descriptive file names to help keep track of their contents

Setup/Administration

  • Maximum Scan Parallelism is user-configurable, but should not be set above 40 in almost all cases
  • Previous/Next buttons no longer scroll off the screen when editing Sensitive Assets

Third-Party Integrations

  • Added support for Carbon Black Cloud as a source of vulnerability information

Windows Agent

  • Added the ability to pause autoupdates
  • Added command-line options to make it easier to enable and disable debug mode
  • Optimization: Limit the Windows Agent scan for PEM files to commonly used folders
2021q4 2.7

Version 2.7

Released 2021-11-24

Build/Packaging

  • Released a BETA virtual machine image on the Azure Marketplace.

Management Console UI

  • Completely redesigned Reporting Dashboard. Fully customizable on a per-user basis. Add/remove/organize dashboard widgets to your liking. More coming soon!
  • Fixed pagination being off-by-one when viewing the default scan history pages
  • New configuration page: Scanning->Settings->General Settings. Collects settings that exist in the union of Agent and Agentless configuration options.
  • Greatly expanded the flexibility of tag definitions, allowing for multiple wildcards, and lists of specific hosts, in addition to the existing network range specifications. Also allow all of these filter types in exclusions to make it easier to fine tune the set of included hosts.
  • Renamed “External Vulnerability Scanner” to “Vulnerability Scanner Data” in the Activity section
  • Refreshed the design and interactivity of the Risk Over Time chart on the dashboard, making it more configurable in the display of event and time-series data.
  • Scan data for individual hosts can now be deleted through the Scanning>Status area. Primary use case is to remove hosts that are known to have been decommissioned, but have not yet expired from DeepSurface.

Other

  • Added a new tab to the Vuln. Instances XLSX export reports which includes deeper details about hosts, patches and vulnerabilities listed in the first tab to make the output more actionable in remediation.
  • Expanded Microsoft patch data to include Click-to-Run updates.
  • Significantly improved performance and responsiveness in Risk Insights and other areas of the main console web interface.
  • Updated the Vuln. Instances report with a new category that captures vulnerability information about hosts DeepSurface has not yet scanned. Reorganized categories of instances in a way that is easier to filter for remediation.
  • It is now possible to view past jobs and relevant information for 2 different background tasks. The Agentless scan job and the Import Vulnerability Scanner Data now have “job History” buttons below the main button for kicking off the task
  • The Reporting Dashboard has been completely re-built from scratch to more versatile and useful. DeepSurface will recommend a default layout for you when you first visit the dashboard, but now the contents can be completely customized by hitting the Edit gear in the top right of the dashboard. Once clicked, you can drag content around, adjust what each section shows, and even completely add and remove entire sections or widgets. This functionality will grow as more features are added to DeepSurface. This will also pave the way for exportable dashboards that can be printed or shared, as well as the ability to create multiple specialized dashboards.
  • Improved tracking of user login activity on Linux and MacOS.
  • Updated Microsoft patch labels to include “KB” in front of the knowledge base number for clarity.

Scanning Engine

  • Fall back to SIMPLE authentication over SSL when NTLM fails in an attempt to gather Active Directory content from very locked-down AD environments
  • Customer can now configure the maximum age of vulnerability scan results accepted during an import. If vulnerability scan results for a given host are greater than this age, then not considered valid and will be ignored.

Third-Party Integrations

  • Added beta integration to collect sensitive asset information from Lansweeper exports
2021q3 2.6

Version 2.6

Released 2021-10-11

Feed/Sync Service

  • Added a patch feed for MacOS
  • Added a patch feed for AWS Linux

Management Console UI

  • Some labeling in the UI has changed for consistency; what used to be an “Authenticated Scan” is now an “Agentless Scan”
  • Instead of prompting you for a username and password on the same page, these prompts are on separate pages. Our SAML/OAuth integrations require us to ask for your login first, then either redirect for SSO or prompt for a password.
  • Risk Insights -> Report: changed email multiselect to a mini-popup
  • UI updates when editing domain names and scan group schedules
  • If you have a credential named “My Credential” and you copy it, the duplicate will now be called “Copy of My Credential”
  • The IP Ranges field has been adjusted to more clearly show the relationship between included and excluded IP Ranges while creating or editing a tag
  • Added filtering to Global Setup -> Certificates
  • All connected edges are highlighted when you select a node in graph view, making it easier to locate edges when there are many overlapping edges in the view
  • Added a new, graphical summary for the top paths when viewing hosts, patches or vulnerabilities

Product Documentation

  • Updated the Agent documentation to include more command-line examples

Reporting

  • Emailed reports now include the name of the report configuration, making it easier to track down and add new people to interesting reports (or to unsubscribe from unwanted reports)

Scanning Engine

  • Added support for agentless scanning of AWS Linux hosts
  • Added support for agentless scanning of macOS hosts
  • Modified Windows Agent to run all scanning scripts in a consistent way across all protocols (SMB, SMB/WMI and WinRM)

Setup/Administration

  • SMB/WMI is now the default protocol for Agentless Scanning. The SMB protocol is still available, but will be deprecated in a future release.
  • Have Qualys, but you’re curious about our Microsoft Defender for Endpoint integration? We’ve added contextual help for configuring and managing vulnerability scanners.
  • The all-new onboarding wizard supports both agent and agentless configurations. Also, the new wizard lets you configure DeepSurface using a simple checklist or detailed, contextual documentation

Third-Party Integrations

  • Add Okta 2FA support
  • Added SAML support for web console user authentication

Windows Agent

  • Agent scan logs are now sent to and displayed on the DeepSurface console.
2021q3 2.5

Version 2.5

Released 2021-09-03

Other

  • Added contextual help to filters in Risk Insights -> Vulnerability Instances
  • API Core Reports: Hosts, Patches, Vulnerabilities, Instances. All the information we use to generate all of the core reports is now available via API

Reporting

  • Usability: made it easier to select/deselect email recipients in Report creation sections

Scanning Engine

  • Improved Delinea integration to allow for more flexibility on where various authentication attributes are sourced.

Setup/Administration

  • Rebuilt Agent configuration/deployment pages. More information, easy to read summaries, and copy/pastable command-lines
  • Refactored the Scan Groups configuration area to have a more intuitive interface.
  • Added duration specifiers wherever you need to enter times; specify 12 minutes, 12 hours or even 12 days without having to resort to time math
  • Added a top-level scanning dashboard with status and summaries for agents as well as hosts scanned via authenticated scans
2021q3 2.4

Version 2.4

Released 2021-07-31

Reporting

  • The core Risk Insights reports can now be exported in .xlsx spreadsheet format, which is configurable from the web console.
  • The core Risk Insights reports can now be exported in .pdf format, which is configurable from the web console.
  • A new Reporting>Exports section was added to the web console, giving users the ability to generate various types of reports to be exported in .pdf and .xlsx format. The reports can be configured to run on a periodic basis and optionally emailed to designated recipients.

Scanning Engine

  • Added support for Delinea Secret Server PAM. During agentless scanning, DeepSurface will retrieve credentials from Secret Server for use during the scan.
  • DeepSurface now represents individual host access to domain computer/machine accounts based on a better understanding of implicit permissions of the Local System and virtual service accounts.

Setup/Administration

  • Many different setup pages related to scanning were reorganized into a single, more coherent top-level “Scanning” area and incorporated into the new three-level menu scheme.
  • DeepSurface can now send email via SMTP (over TLS). This allows for the emailing of generated report exports. This will be used for additional kinds of notifications in the future as well.
  • Email addresses can now be associated with web console user accounts. These addresses are used by the reporting system.
  • The previous Global Settings and Project Settings areas have been refactored in to a single Setup section under a new three-level menu system. This should make it much easier to find various settings due to the more logical groupings.

Windows Agent

  • Scans run manually from the command line (typically for testing purposes) will now execute as Local System as scheduled scans typically do, avoiding some potential privilege limitations.
2021q3 2.3

Version 2.3

Released 2021-06-29

Third-Party Integrations

  • DeepSurface is now available on the AWS Marketplace! We have two versions: Bring Your Own License (BYOL) and Metered. With BYOL, you simply plug in your license key and you’re running the DeepSurface console in the cloud! The Metered solution offers you the ability to run DeepSurface without a license, and get billed for usage through AWS
  • Support Microsoft Defender for Endpoints. We now support using Microsoft Defender for Endpoints (formerly Microsoft ATP) as a vulnerability scanner.
  • Support for using Microsoft LAPS as a Privileged Access Manager (PAM). This is the first of several PAMs on our roadmap
  • Add Trust on First Use (TOFU) for third-party scanners. Some scanners allow you to specify a private SSL cert. In these instances, you can opt to trust the certificate the first time you encounter it.

API

  • DeepSurface API Beta. Create access keys and query/import/export sensitive assets. This is the first step towards providing full API access to all of our data.

Management Console UI

  • Configuration alerts now include timestamps
  • Better configuration failure messages for domain controller misconfigurations

Scanning Data Gathering

  • Better handle duplicate IPs. Many people use the same IP ranges on home networks. We’ve changed how we add these to our threat model to ensure the machines that look like they’re on the same subnet truly are, and that duplicate IPs are suitably unique-ified
2021q2 2.2

Version 2.2

Released 2021-05-27

Management Console Backend

  • New feature: Tags. Hosts can be grouped together based on any arbitrary grouping convention such as location, type, owner.

Management Console UI

  • Create groups of hosts and tag them. Create groups based on IP ranges, host name convention, or pick and choose individual hosts. Examples might include “Workstations,” “Buenos Aires,” “Jed’s Responsibility”
  • Filter all reports by tags. Now it’s easy to get reports limited to just the systems that interest you. See all the patches required in the Marketing department, for example
  • Take a look at the all new Risk Insights UI. We collect a tremendous amount of data and have been working hard to find better ways to present it in a way that is both clear and actionable. The new UI offers a simple, clear view of the vulnerabilities in your network. The new, embedded help text and graphics when viewing the model help you identify escalation paths faster than before
  • Enhanced our config alerts when dealing with Domain Controllers we can’t connect to

Product Documentation

  • Did you know we have a documentation portal? We’ve updated it with links to all our documentation, release notes and license information: https://docs.deepsurface.com/public/
2021q2 2.1

Version 2.1

Released 2021-04-28

Management Console UI

  • User experience: The Web interface redesign has further implemented a new user experience meant to enable more intuitive and efficient DeepSurface operations and better responsiveness.

Analysis

  • Performance improvement: Analysis performance is improved through a major enhancement to the risk calculation algorithm.
  • Windows risks are now analyzed more efficiently, offering better overall performance.

Windows Agent

  • Windows: Stored MSCACHE password hashes are now discovered and modeled, reflecting privilege escalation risks to the domain users in question
2021q1 2.0

Version 2.0

Released 2021-03-30

Third-Party Integrations

  • Qualys VMDR: Support added. Customers can now import VMDR vulnerability scan results via API and manual file uploads. AWS: SSH key pairs are now discovered and correlated with users’ authorized keys in EC2 instances.

Analysis

  • A bug was fixed that prevented the creation of vulnerabilities with underscores or spaces in their names. Spaces are no longer accepted and underscores are allowed.

Management Console UI

  • The Web interface has been redesigned to enable more efficient navigation and administration. Functions are now accessed via a collapsible navigation menu on the left and context specific tabs across the top. Many Functions that were previously found in Administer have been relocated:
    • “Activity” is now where you manage Background Tasks and view Configuration Alerts
    • “Scanning” is now where you configure and manage all things scans related (scan groups, network connectivity, scan logs, cloud scanning, and agents)
    • “Global Setup” is where the previous Global Settings resides
    • “Project Setup” is where the previous Project Settings reside. This includes configuring scan credentials, sensitive assets, and vulnerability scanners.
  • Analytical cross-referencing has been simplified, enabling you to more easily investigate vulnerabilities and their impact on organizational risk. Patch reports show a list of hosts missing the patch and per-host impact. Clicking the host links in the widget will run the Vulnerability Instances report for deeper investigation of the host and patch, including remediation advice.
  • License usage and availability are now documented in About.
2021q1 1.5

Version 1.5

Released 2021-03-02

Windows Agent

  • Remote and disconnected Windows hosts can now be scanned via a locally installed agent, enabling reliable data collection from previously unreachable or intermittently available assets. Supported platforms include:
    • Windows 7
    • Windows 10
    • Windows Server 2008
    • Windows Server 2012R2
    • Windows Server 2016
    • Windows Server 2019

Scanning Data Gathering

  • Linux host scanning was enhanced to include Active Directory domain memberships. When scanned Linux hosts are domain members, user access rights inherited from AD on the host will be modelled.
  • SSH keypairs are now cataloged, enabling the modelling of OpenSSH key-based access grants throughout the scanned environment
  • More precise vulnerability risk is assigned based on loaded kernel modules, since some vulnerabilities only apply to certain loaded modules
  • Performance enhancements have been made to efficiently analyze unusually large Active Directory group membership record sets

Management Console UI

  • General usability and clarity were improved
  • Contextual help was added throughout
  • User inputs are better validated to prevent erroneous configuration
  • Default dialog actions were changed from Cancel to Save to prevent Enter key from clearing entries

Setup/Administration

  • One-time installation codes are now verified immediately, and installation is halted if verification fails. Previously, installations would fail during package update if an invalid code was entered.
  • OVA images default to fully allocate assigned disk space. Previous versions dynamically grew up to the maximum allocation, causing failures in some implementations that were unable to dynamically grow the disk.
2021q1 1.4

Version 1.4

Released 2021-02-02

Third-Party Integrations

  • Cloud scanning: added support for AWS EC2 scanning, enabling the discovery and modeling of instance access rights (i.e., which users can access which VMs)

Scanning Data Gathering

  • Linux scanning: loaded kernel modules are now detected, enabling module-specific vulnerability analysis, modeling, and reporting
  • Scan credentials: added a user-configurable label to differentiate between identical credentials
  • Scan groups
    • Multiple scan schedules are now available
    • Scan Groups page now shows full scan schedule details (previously only showed daily, weekly, monthly, or manual)

Setup/Administration

  • Sensitive Assets
    • Bulk asset impact editing was added (previously, impact values could only be assigned to one asset at a time)
    • Host keyword filtering was added to aid in the identification and marking of specific high value assets
    • Added pagination so more than 100 assets are viewable
  • Installation Wizard
    • Required configuration steps are now more obvious in the Web UI
    • Completed steps are more quickly and accurately recognized
    • Wizard dialog no longer reappears during manual configuration until a step is chosen from the wizard status footer

Reporting

  • Vulnerability Instances now identifies “overridden” vulnerability scanner results that were superseded by better results from DeepSurface scans

Scanning Data Gathering

  • Domain Controller discovery is more reliable, leading to more complete and accurate Active Directory scans

Installation Scripts

  • Network configuration is more stable and usable
    • OVA no longer specifies a network card so the implementer can choose the best NIC for the environment
    • Error condition handling is improved
    • MAC addresses are no longer truncated
2021q1 1.3

Version 1.3

Released 2021-01-07

Scanning Data Gathering

  • Configuration Alerts: MS SQL scan failure alerts are now properly raised. Previously, authorization failures received during scans were not reported, preventing customers from easily identifying impeded scans.

Analysis

  • Phishing risk: Phishing risks have been made less prominent in the reports by marking them as non-correctable issues. The overall risk of these issues remains the same, but they no longer skew the priorities of the primary reports.

Third-Party Integrations

  • Rapid7’s InsightVM: Support added. Customers can now import vulnerability scan results via API or XML file.
  • Tenable: Added configuration alerts when Tenable product scan errors are imported with scan results. This enables customers to more quickly identify when complete vulnerability data is missing for specific hosts, and how to resolve the Tenable error condition.

Reporting

  • Vulnerability Instances: The category legend can now be collapsed to better view the icicle chart.

Management Console Backend

  • Background Tasks: Risk Analysis and Prioritization performance and speed are markedly improved.

Bugfixes

  • vCenter OVA import: Virtual appliance OVF conformance check failure resolved. Previously, vCenter would fail to import the DeepSurface OVA.
2020q4 1.2

Version 1.2

Released 2020-12-31

  • Improved Windows scanning – agentless authenticated data collection is possible from more Windows systems than the most popular vulnerability scanners
  • Vulnerability Instances enhancements – added contextual help, table export, and bug fixes
  • Strategize enhancements – Added two new Peer Comparison widgets showing stats comparing your risk score and performance over time against similarly sized peers
2020q4 1.1

Version 1.1

Released 2020-10-31

  • Vulnerability Instances – a new report was added to Analyze which helps security engineers and IT staff do deeper cross-referencing between issues reported by their vulnerability scanner and how DeepSurface has modeled it
  • Several performance improvements, including better UI responsiveness and more scalable pathfinding algorithms
  • A variety of bug fixes
2020q3 1.0

Version 1.0

Released 2020-09-01

  • Initial release