Configuration alerts are now removed for Windows domains and vulnerability scanners when the associated configuration is removed.
Reporting
The Risk Insights Vuln. Instances report now offers an option to organize instances by the vulnerability scanner signature. This allows users to better compare the results presented in vulnerability scanner reports with the improved insights offered by DeepSurface.
Third-Party Integrations
Added support for CyberArk as a new PAM. CyberArk can be configured in the credentials area and will be used as a source of credentials during agentless scans to access specific hosts.
Improved reliability of imports from Rapid7’s API.
2022q1 3 2.10
Version 2.10
Released 2022-03-04
Analysis
Improved performance of analysis job.
Reporting
Various usability and performance improvements to the Vulnerability Instances report.
Performance improvements to recently updated Explore interface.
More details about CVSS scores are included in the web console in several locations.
Improved usability of email recipients configuration for exported reports.
Setup/Administration
Certain security-relevant log events are now sent to the host syslog. Additional events can be sent to syslog as well through configuration changes.
Added support for outbound HTTP proxies. Configuration can be performed either from the command line (typically during the early stages of installation), or from the web console after installation. Outbound communications that can be configured to use a proxy include: system package updates, rule feed downloads, subordinate scanner communications, vulnerability scanner APIs, and the AWS API.
VM Images
Various minor improvements to the base VM images and installation scripts, including more explicit warnings and simplified options for changing the system time zone.
Any outstanding OS security updates are installed more quickly during initial installation.
2022q1 2.9
Version 2.9
Released 2022-01-31
Management Console Backend
Corrected an issue that prevented scan jobs and agent result processing from stopping upon user request.
Began to automatically tune PostgreSQL on the DeepSurface VM based on the memory resources configured on the VM. This should enhance query performance.
Management Console UI
Performance improvements to the Vuln. Instances report and other pages that rely on similar filters.
Added an option to Authentication Providers to allow for SAML 2.0 auto-provisioning of users. If set, new user accounts will be created upon their first successful SSO login attempt.
Corrected a defect where Host Scan configuration alerts were incorrectly removed by subsequent scans if the associated hosts were not included in the subsequent scans.
Extensive performance improvements throughout the DeepSurface web console, particularly in the Risk Insights areas.
Major refresh of the Explore interface, providing much better usability, particularly when editing elements of the threat model.
Product Documentation
Added quick access to documentation on how to fix the server clock.
Added a section to the manual which provides guidance on how to ensure the DeepSurface VM system clock is kept in sync using openntpd and ntpdate.
Reporting
When sending email reports, we now include the report title in the subject line.
Scanning Data Gathering
Began integrating Internal Connectivity scans into agentless scans. Separate Internal Connectivity scan jobs will still be permitted until the integration is complete.
2021q4 2.8
Version 2.8
Released 2021-12-23
General - Refactoring
Optimized how we parse and import data from third-party scanners
Management Console UI
Rename “Last Analysis” to “Last Processed” in the Agent/Agentless status boards to help clarify what the date truly represents
Added identity, purpose, and subpurpose fields to certificate info pop-up
Updated Scan Group Default Settings UI and option placement
Other
Expanded Microsoft patch data to include Click-to-Run updates.
When the DeepSurface console server’s clock is out of sync from the DeepSurface feed server’s clock, issue a prominent warning so that users have an opportunity to fix the clock and prevent a cascade of failures and unexpected behaviors.
Remediation
Added global settings for remediation backend
Backend enhancements in preparation for remediation workflow
Reporting
PDF exports have more descriptive file names to help keep track of their contents
Setup/Administration
Maximum Scan Parallelism is user-configurable, but should not be set above 40 in almost all cases
Previous/Next buttons no longer scroll off the screen when editing Sensitive Assets
Third-Party Integrations
Added support for Carbon Black Cloud as a source of vulnerability information
Windows Agent
Added the ability to pause autoupdates
Added command-line options to make it easier to enable and disable debug mode
Optimization: Limit the Windows Agent scan for PEM files to commonly used folders
2021q4 2.7
Version 2.7
Released 2021-11-24
Build/Packaging
Released a BETA virtual machine image on the Azure Marketplace.
Management Console UI
Completely redesigned Reporting Dashboard. Fully customizable on a per-user basis. Add/remove/organize dashboard widgets to your liking. More coming soon!
Fixed pagination being off-by-one when viewing the default scan history pages
New configuration page: Scanning->Settings->General Settings. Collects settings that exist in the union of Agent and Agentless configuration options.
Greatly expanded the flexibility of tag definitions, allowing for multiple wildcards, and lists of specific hosts, in addition to the existing network range specifications. Also allow all of these filter types in exclusions to make it easier to fine tune the set of included hosts.
Renamed “External Vulnerability Scanner” to “Vulnerability Scanner Data” in the Activity section
Refreshed the design and interactivity of the Risk Over Time chart on the dashboard, making it more configurable in the display of event and time-series data.
Scan data for individual hosts can now be deleted through the Scanning>Status area. Primary use case is to remove hosts that are known to have been decommissioned, but have not yet expired from DeepSurface.
Other
Added a new tab to the Vuln. Instances XLSX export reports which includes deeper details about hosts, patches and vulnerabilities listed in the first tab to make the output more actionable in remediation.
Expanded Microsoft patch data to include Click-to-Run updates.
Significantly improved performance and responsiveness in Risk Insights and other areas of the main console web interface.
Updated the Vuln. Instances report with a new category that captures vulnerability information about hosts DeepSurface has not yet scanned. Reorganized categories of instances in a way that is easier to filter for remediation.
It is now possible to view past jobs and relevant information for 2 different background tasks. The Agentless scan job and the Import Vulnerability Scanner Data now have “job History” buttons below the main button for kicking off the task
The Reporting Dashboard has been completely re-built from scratch to more versatile and useful. DeepSurface will recommend a default layout for you when you first visit the dashboard, but now the contents can be completely customized by hitting the Edit gear in the top right of the dashboard. Once clicked, you can drag content around, adjust what each section shows, and even completely add and remove entire sections or widgets. This functionality will grow as more features are added to DeepSurface. This will also pave the way for exportable dashboards that can be printed or shared, as well as the ability to create multiple specialized dashboards.
Improved tracking of user login activity on Linux and MacOS.
Updated Microsoft patch labels to include “KB” in front of the knowledge base number for clarity.
Scanning Engine
Fall back to SIMPLE authentication over SSL when NTLM fails in an attempt to gather Active Directory content from very locked-down AD environments
Customer can now configure the maximum age of vulnerability scan results accepted during an import. If vulnerability scan results for a given host are greater than this age, then not considered valid and will be ignored.
Third-Party Integrations
Added beta integration to collect sensitive asset information from Lansweeper exports
2021q3 2.6
Version 2.6
Released 2021-10-11
Feed/Sync Service
Added a patch feed for MacOS
Added a patch feed for AWS Linux
Management Console UI
Some labeling in the UI has changed for consistency; what used to be an “Authenticated Scan” is now an “Agentless Scan”
Instead of prompting you for a username and password on the same page, these prompts are on separate pages. Our SAML/OAuth integrations require us to ask for your login first, then either redirect for SSO or prompt for a password.
Risk Insights -> Report: changed email multiselect to a mini-popup
UI updates when editing domain names and scan group schedules
If you have a credential named “My Credential” and you copy it, the duplicate will now be called “Copy of My Credential”
The IP Ranges field has been adjusted to more clearly show the relationship between included and excluded IP Ranges while creating or editing a tag
Added filtering to Global Setup -> Certificates
All connected edges are highlighted when you select a node in graph view, making it easier to locate edges when there are many overlapping edges in the view
Added a new, graphical summary for the top paths when viewing hosts, patches or vulnerabilities
Product Documentation
Updated the Agent documentation to include more command-line examples
Reporting
Emailed reports now include the name of the report configuration, making it easier to track down and add new people to interesting reports (or to unsubscribe from unwanted reports)
Scanning Engine
Added support for agentless scanning of AWS Linux hosts
Added support for agentless scanning of macOS hosts
Modified Windows Agent to run all scanning scripts in a consistent way across all protocols (SMB, SMB/WMI and WinRM)
Setup/Administration
SMB/WMI is now the default protocol for Agentless Scanning. The SMB protocol is still available, but will be deprecated in a future release.
Have Qualys, but you’re curious about our Microsoft Defender for Endpoint integration? We’ve added contextual help for configuring and managing vulnerability scanners.
The all-new onboarding wizard supports both agent and agentless configurations. Also, the new wizard lets you configure DeepSurface using a simple checklist or detailed, contextual documentation
Third-Party Integrations
Add Okta 2FA support
Added SAML support for web console user authentication
Windows Agent
Agent scan logs are now sent to and displayed on the DeepSurface console.
2021q3 2.5
Version 2.5
Released 2021-09-03
Other
Added contextual help to filters in Risk Insights -> Vulnerability Instances
API Core Reports: Hosts, Patches, Vulnerabilities, Instances. All the information we use to generate all of the core reports is now available via API
Reporting
Usability: made it easier to select/deselect email recipients in Report creation sections
Scanning Engine
Improved Delinea integration to allow for more flexibility on where various authentication attributes are sourced.
Setup/Administration
Rebuilt Agent configuration/deployment pages. More information, easy to read summaries, and copy/pastable command-lines
Refactored the Scan Groups configuration area to have a more intuitive interface.
Added duration specifiers wherever you need to enter times; specify 12 minutes, 12 hours or even 12 days without having to resort to time math
Added a top-level scanning dashboard with status and summaries for agents as well as hosts scanned via authenticated scans
2021q3 2.4
Version 2.4
Released 2021-07-31
Reporting
The core Risk Insights reports can now be exported in .xlsx spreadsheet format, which is configurable from the web console.
The core Risk Insights reports can now be exported in .pdf format, which is configurable from the web console.
A new Reporting>Exports section was added to the web console, giving users the ability to generate various types of reports to be exported in .pdf and .xlsx format. The reports can be configured to run on a periodic basis and optionally emailed to designated recipients.
Scanning Engine
Added support for Delinea Secret Server PAM. During agentless scanning, DeepSurface will retrieve credentials from Secret Server for use during the scan.
DeepSurface now represents individual host access to domain computer/machine accounts based on a better understanding of implicit permissions of the Local System and virtual service accounts.
Setup/Administration
Many different setup pages related to scanning were reorganized into a single, more coherent top-level “Scanning” area and incorporated into the new three-level menu scheme.
DeepSurface can now send email via SMTP (over TLS). This allows for the emailing of generated report exports. This will be used for additional kinds of notifications in the future as well.
Email addresses can now be associated with web console user accounts. These addresses are used by the reporting system.
The previous Global Settings and Project Settings areas have been refactored in to a single Setup section under a new three-level menu system. This should make it much easier to find various settings due to the more logical groupings.
Windows Agent
Scans run manually from the command line (typically for testing purposes) will now execute as Local System as scheduled scans typically do, avoiding some potential privilege limitations.
2021q3 2.3
Version 2.3
Released 2021-06-29
Third-Party Integrations
DeepSurface is now available on the AWS Marketplace! We have two versions: Bring Your Own License (BYOL) and Metered. With BYOL, you simply plug in your license key and you’re running the DeepSurface console in the cloud! The Metered solution offers you the ability to run DeepSurface without a license, and get billed for usage through AWS
Support Microsoft Defender for Endpoints. We now support using Microsoft Defender for Endpoints (formerly Microsoft ATP) as a vulnerability scanner.
Support for using Microsoft LAPS as a Privileged Access Manager (PAM). This is the first of several PAMs on our roadmap
Add Trust on First Use (TOFU) for third-party scanners. Some scanners allow you to specify a private SSL cert. In these instances, you can opt to trust the certificate the first time you encounter it.
API
DeepSurface API Beta. Create access keys and query/import/export sensitive assets. This is the first step towards providing full API access to all of our data.
Management Console UI
Configuration alerts now include timestamps
Better configuration failure messages for domain controller misconfigurations
Scanning Data Gathering
Better handle duplicate IPs. Many people use the same IP ranges on home networks. We’ve changed how we add these to our threat model to ensure the machines that look like they’re on the same subnet truly are, and that duplicate IPs are suitably unique-ified
2021q2 2.2
Version 2.2
Released 2021-05-27
Management Console Backend
New feature: Tags. Hosts can be grouped together based on any arbitrary grouping convention such as location, type, owner.
Management Console UI
Create groups of hosts and tag them. Create groups based on IP ranges, host name convention, or pick and choose individual hosts. Examples might include “Workstations,” “Buenos Aires,” “Jed’s Responsibility”
Filter all reports by tags. Now it’s easy to get reports limited to just the systems that interest you. See all the patches required in the Marketing department, for example
Take a look at the all new Risk Insights UI. We collect a tremendous amount of data and have been working hard to find better ways to present it in a way that is both clear and actionable. The new UI offers a simple, clear view of the vulnerabilities in your network. The new, embedded help text and graphics when viewing the model help you identify escalation paths faster than before
Enhanced our config alerts when dealing with Domain Controllers we can’t connect to
Product Documentation
Did you know we have a documentation portal? We’ve updated it with links to all our documentation, release notes and license information: https://docs.deepsurface.com/public/
2021q2 2.1
Version 2.1
Released 2021-04-28
Management Console UI
User experience: The Web interface redesign has further implemented a new user experience meant to enable more intuitive and efficient DeepSurface operations and better responsiveness.
Analysis
Performance improvement: Analysis performance is improved through a major enhancement to the risk calculation algorithm.
Windows risks are now analyzed more efficiently, offering better overall performance.
Windows Agent
Windows: Stored MSCACHE password hashes are now discovered and modeled, reflecting privilege escalation risks to the domain users in question
2021q1 2.0
Version 2.0
Released 2021-03-30
Third-Party Integrations
Qualys VMDR: Support added. Customers can now import VMDR vulnerability scan results via API and manual file uploads.
AWS: SSH key pairs are now discovered and correlated with users’ authorized keys in EC2 instances.
Analysis
A bug was fixed that prevented the creation of vulnerabilities with underscores or spaces in their names. Spaces are no longer accepted and underscores are allowed.
Management Console UI
The Web interface has been redesigned to enable more efficient navigation and administration. Functions are now accessed via a collapsible navigation menu on the left and context specific tabs across the top. Many Functions that were previously found in Administer have been relocated:
“Activity” is now where you manage Background Tasks and view Configuration Alerts
“Scanning” is now where you configure and manage all things scans related (scan groups, network connectivity, scan logs, cloud scanning, and agents)
“Global Setup” is where the previous Global Settings resides
“Project Setup” is where the previous Project Settings reside. This includes configuring scan credentials, sensitive assets, and vulnerability scanners.
Analytical cross-referencing has been simplified, enabling you to more easily investigate vulnerabilities and their impact on organizational risk. Patch reports show a list of hosts missing the patch and per-host impact. Clicking the host links in the widget will run the Vulnerability Instances report for deeper investigation of the host and patch, including remediation advice.
License usage and availability are now documented in About.
2021q1 1.5
Version 1.5
Released 2021-03-02
Windows Agent
Remote and disconnected Windows hosts can now be scanned via a locally installed agent, enabling reliable data collection from previously unreachable or intermittently available assets. Supported platforms include:
Windows 7
Windows 10
Windows Server 2008
Windows Server 2012R2
Windows Server 2016
Windows Server 2019
Scanning Data Gathering
Linux host scanning was enhanced to include Active Directory domain memberships. When scanned Linux hosts are domain members, user access rights inherited from AD on the host will be modelled.
SSH keypairs are now cataloged, enabling the modelling of OpenSSH key-based access grants throughout the scanned environment
More precise vulnerability risk is assigned based on loaded kernel modules, since some vulnerabilities only apply to certain loaded modules
Performance enhancements have been made to efficiently analyze unusually large Active Directory group membership record sets
Management Console UI
General usability and clarity were improved
Contextual help was added throughout
User inputs are better validated to prevent erroneous configuration
Default dialog actions were changed from Cancel to Save to prevent Enter key from clearing entries
Setup/Administration
One-time installation codes are now verified immediately, and installation is halted if verification fails. Previously, installations would fail during package update if an invalid code was entered.
OVA images default to fully allocate assigned disk space. Previous versions dynamically grew up to the maximum allocation, causing failures in some implementations that were unable to dynamically grow the disk.
2021q1 1.4
Version 1.4
Released 2021-02-02
Third-Party Integrations
Cloud scanning: added support for AWS EC2 scanning, enabling the discovery and modeling of instance access rights (i.e., which users can access which VMs)
Scanning Data Gathering
Linux scanning: loaded kernel modules are now detected, enabling module-specific vulnerability analysis, modeling, and reporting
Scan credentials: added a user-configurable label to differentiate between identical credentials
Scan groups
Multiple scan schedules are now available
Scan Groups page now shows full scan schedule details (previously only showed daily, weekly, monthly, or manual)
Setup/Administration
Sensitive Assets
Bulk asset impact editing was added (previously, impact values could only be assigned to one asset at a time)
Host keyword filtering was added to aid in the identification and marking of specific high value assets
Added pagination so more than 100 assets are viewable
Installation Wizard
Required configuration steps are now more obvious in the Web UI
Completed steps are more quickly and accurately recognized
Wizard dialog no longer reappears during manual configuration until a step is chosen from the wizard status footer
Reporting
Vulnerability Instances now identifies “overridden” vulnerability scanner results that were superseded by better results from DeepSurface scans
Scanning Data Gathering
Domain Controller discovery is more reliable, leading to more complete and accurate Active Directory scans
Installation Scripts
Network configuration is more stable and usable
OVA no longer specifies a network card so the implementer can choose the best NIC for the environment
Error condition handling is improved
MAC addresses are no longer truncated
2021q1 1.3
Version 1.3
Released 2021-01-07
Scanning Data Gathering
Configuration Alerts: MS SQL scan failure alerts are now properly raised. Previously, authorization failures received during scans were not reported, preventing customers from easily identifying impeded scans.
Analysis
Phishing risk: Phishing risks have been made less prominent in the reports by marking them as non-correctable issues. The overall risk of these issues remains the same, but they no longer skew the priorities of the primary reports.
Third-Party Integrations
Rapid7’s InsightVM: Support added. Customers can now import vulnerability scan results via API or XML file.
Tenable: Added configuration alerts when Tenable product scan errors are imported with scan results. This enables customers to more quickly identify when complete vulnerability data is missing for specific hosts, and how to resolve the Tenable error condition.
Reporting
Vulnerability Instances: The category legend can now be collapsed to better view the icicle chart.
Management Console Backend
Background Tasks: Risk Analysis and Prioritization performance and speed are markedly improved.
Bugfixes
vCenter OVA import: Virtual appliance OVF conformance check failure resolved. Previously, vCenter would fail to import the DeepSurface OVA.
2020q4 1.2
Version 1.2
Released 2020-12-31
Improved Windows scanning – agentless authenticated data collection is possible from more Windows systems than the most popular vulnerability scanners
Strategize enhancements – Added two new Peer Comparison widgets showing stats comparing your risk score and performance over time against similarly sized peers
2020q4 1.1
Version 1.1
Released 2020-10-31
Vulnerability Instances – a new report was added to Analyze which helps security engineers and IT staff do deeper cross-referencing between issues reported by their vulnerability scanner and how DeepSurface has modeled it
Several performance improvements, including better UI responsiveness and more scalable pathfinding algorithms