Skip to main content

Winter 2020 Product Release

Winter 2020 Product Release

06.Mar.2020
We’ve delivered some major new product features in our winter release to help you manage vulnerabilities more effectively and maintain security hygiene across the full technology stack. At a glance we have five new features to highlight to customers:
seasonal-product-release

What's New:

Network security solution

  • Risk Based Vulnerability Management with Outpost24 Farsight
  • Netsec Agents on Limited beta for Windows 10 with OUTSCAN
  • Added integration with Thycotic Secret Server for Authenticated Scanning
  • Added detection for Intel Graphics Driver on Windows (CVE-2019-14615)
  • Added detection for various D-Link routers vulnerable to CVE-2019-16920
  • Added detection for MikroTik RouterOS over FTP and SNMP Banner
  • Added support for Popup Maker plugin for WordPress (CVE-2019-17574)
  • Add detection for TeamViewer CVE-2019-18988

Outpost24 Farsight

With the winter release we see the launch of Outpost24 Farsight, a next generation vulnerability risk management solution powered by Cyr3con threat intelligence. Using machine learning, you will be able to know of the important vulnerabilities before they start being actively exploited, thus giving your team the ability to anticipate forthcoming risks for your business. Farsight is unique as it analyzes and predicts the likelihood of a vulnerability being weaponized and exploited over time, delivering easy to understand and evidence-based risk ratings for organizations to prioritize network vulnerabilities beyond CVSS.

This release marks our entry into the field of VPT and will evolve over the coming months. For more information and to see Farsight in action, please contact your Outpost24 Account Manager or our Customer Support Team on the Knowledge Base.

Compliance and PCI scanning 

  • Improved PCI Report and changes on how to report Special Notes
  • Improved PCI Report to ensure Full scope is included when reporting the scan scope, added virtual hosts to scope
  • Improved PCI Report changed column headers

Application security solution

  • Role Based Access Control (RBAC) support for Scale
  • Selenium support moved from Beta to GA

Role Based Access Control (RBAC) Support for Scale

Role Based Access Control (RBAC) for Scale will improve user access controls for dynamic application security testing. Using a mix of predefined or custom roles, and resource groups created by using the ability to tag assets, configurations and test credentials, customers are now able to restrict user accounts to only those resources and functions those individuals are permitted to access.

For more information, refer to the How to guides in the Knowledge Base.

Selenium Support Moved From Beta to GA

We're moving our Selenium support from Beta to GA and as such all customers will have Selenium enabled on their accounts. Selenium is now presented as a new authentication option in the Configurations tab.

For more information, refer to the How to guides in  the Knowledge Base.

Cloud security solution

Cloudsec Inspect now includes full Azure support and CIS Azure v1.1.0 Benchmark to increase the security assessment coverage for cloud security compliance and checks for misconfigurations. This new version strengthens our multi-cloud vision, providing you with a unique single pane of glass view of risk across the three major cloud providers (AWS, Azure, GCP).

  • Upgraded to CIS Azure V1.1.0 Benchmark
  • Added timeout/deadline to Cloudsec scans
  • Added access control to Cloudsec configurations per user
  • Cloudsec Inspect now with Azure support and CIS Azure v1.1.0

MSSP

We've added the MSSP consumption model for better customer management including:

  • Added Consumption model and stats for each customer
  • Added Customer Success role and MSSP Manager role

For more information, please contact partnersales@outpost24.com

Fixes and Minor Enhancements:

Network security solution

  • Agents (Beta) ready
  • Added Java Debug output in HIAB console
  • Improved HIAB enrollments
  • Improved Joomla detection
  • Removed false positive - 1345934
  • Resolved bug related to SMTP Relay Detection
  • Improved jQuery detection and resolved false positives
  • Optimized Cacti/Cacti pattern
  • Added bugfixes for Apache Tomcat
  • Fixed scans failing due to portscan range being empty
  • Improved SSL certificate handling
  • Fixed Microsoft Windows false positive detection
  • Improved CVE-1999-0512 detection
  • Resolved bug related to verification scan showing CVE as not present
  • Fixed change MAC address in admin interface
  • Fixed HIAB tickets issue not being raised in Jira
  • Fixed Japanese translations in finding details

Application security solution

  • Automatic synchronization of scan details

Cloud security solution

  • Fixed CIS Azure 1.3 check and 5.1.1 check

REST API

GET/POST/PATCH/DELETE /comments endpoints have been officially deprecated as of today (2020-02-25). Use GET/POST/PATCH/DELETE /findings/{id}/comments to manage comments associated with findings.

Contact customer support

Looking for anything in particular?

Type your search word here